Senior Engineer - Offensive Security [Fixed-Term Contract] (Sydney)
$ cat job-description.txt
About the role Rabobank’s Technology Engineering Security Team is on the front line of cyber defence - designing & implementing controls that protect our systems & data. This collaborative team covers Security Architecture, Vulnerability Management, Security Testing and Red Teaming. The team is now looking for a Security Engineer - Offensive Security in Sydney on a 12-month fixed term contract.
As a Security Engineer - Offensive Security, you will be responsible for delivering high‑impact offensive security testing across applications, infrastructure, cloud environments and emerging technologies within Rabobank Australia & New Zealand (RANZ).
Responsibilities - Partner with business leaders & technology stakeholders to identify systems & services that meet defined criteria for offensive security testing, establishing & managing a prioritised testing pipeline
- Execute offensive security testing pipeline across applications, infrastructure & cloud platforms (on‑prem & Azure)
- Deliver hands‑on penetration testing & vulnerability assessments, validating exploitability & real business impact
- Support squads by triaging findings from code scanning, helping teams understand what matters & why
- Partner with DevSecOps engineering teams to support shift‑left security by informing, tuning & validating automated security testing & CI/CD controls based on real‑world offensive findings
- Champion effective remediation by collaborating with engineering, security architecture, secure design & vulnerability management teams to prioritise findings, provide actionable guidance, validate fixes & influence secure‑by‑design practices
- Oversee & coordinate testing activity across the Rabobank ANZ region, including external penetration testing schedules
- Produce clear, high‑impact security reports tailored to both technical & non‑technical stakeholders
- Contribute to secure‑by‑design outcomes by feeding findings back into architecture, design & vulnerability management processes
- Influence the ongoing maturity of the offensive security capability through knowledge sharing, research & continuous improvement
Qualifications - A minimum of 10 years IT experience
- Strong hands‑on experience conducting penetration testing & offensive security assessments in complex environments
- Demonstrated experience writing transparent, concise & impactful reports that translate technical findings into understandable risks & remediation steps for technical & non‑technical audiences
- Solid understanding of offensive security frameworks & methodologies (e.g., OWASP Testing Guide, OSSTMM, PTES, NIST, MITRE ATT&CK)
- Strong technical communication & collaboration skills, with the ability to work effectively across domains (including SOC, architecture, & vulnerability management) to drive meaningful improvements & remediation outcomes
- Proven ability to identify & exploit vulnerabilities across diverse technologies while collaborating with defensive teams
- Deep passion for ethical hacking & security research; proactively exploring & adopting new tools, techniques, exploits, and methodologies to elevate testing quality
- Broad technical expertise in assessing platforms including (but not limited to) web applications & APIs, mobile (iOS/Android), network/server infrastructure, major cloud providers (AWS, Azure, etc.), & hardware/IoT devices
- General knowledge of SAST (Static Application Security Testing) & DAST (Dynamic Application Security Testing) tooling, & how these complement manual offensive testing in identifying & prioritising vulnerabilities
- Knowledge of secure development practices & DevSecOps principles within the SDLC, including integration of security controls in CI/CD pipelines to support shift‑left security & faster remediation
#J-18808-Ljbffr
first seen 2026-07-09 08:12:01 · last verified 2026-07-09 08:12:01
pentestcareers.com // breach the job market