Overview

If you are currently looking for opportunities and feel this role is right for you, please upload your resume and we will contact you to discuss current opportunities.

Application Security Analyst DDoS & WAF

Do work that matters

Enterprise Services (ES) is responsible for the world leading applications of technology and operations across every aspect of CommBank from innovative product platforms for our customers to essential tools within our business. We also use technology to drive efficient and timely processing, an essential component of great customer service.

The Cyber Security team protects the bank and our customers from theft, losses and risk events, through effective and proactive management of cyber security, privacy and operational risk.

See yourself in our team

Working within a team responsible for the development, management and enhancement of the CBA Group’s DDoS, WAF and CDN services, focused on protecting the bank’s online services both domestically and internationally, you will work with the business to advise on what controls are needed and what best practice looks like. In addition you will proactively champion the use of appropriate DDoS and WAF controls throughout the CBA by providing consultancy and configuration design services to internal customers during initial engagement, service on-boarding and BAU activities. By providing security leadership and expertise through direct interaction with business stakeholders you will lead innovation to the Group and its customers.

What you will need to exceed

  • Be self-driven, proactive and willing to contribute to the development of a high performance team.
  • Have the ability to communicate clearly and professionally, in written and verbal form, at both a technical and non-technical level.
  • Have a good knowledge of cyber security principles and concepts, web attack types and countermeasures.
  • Solid understanding of internet protocols and technologies such as HTTP, APIs, HTML/JS, DNS, TLS, TCP/IP etc.
  • Ideally, you will have a breadth and depth of knowledge across a range of WAF and DDoS technologies
  • Have experience in defining and implementing security controls for a financial institution or a large enterprise
  • Be able to communicate what is needed to non-technical business stakeholders and apply critical thinking skills.
  • A strong grasp of risk management principles
  • A background in development would be advantageous