Security Engineer (Threat Modeling)

Top 3 reasons to join us

• Very competitive remuneration package
• Build products for millions of users in Australia
• Hybrid and flexible working environment

Job description

By applying for the above position, you accept and agree that your personal data and any information stated in the attached curriculum vitae (CV) will be used and processed by ITViec and NAB Vietnam for recruitment purposes. The storage and processing of such information will comply with the applicable laws of Vietnam, and the policies and procedures of ITViec and NAB Vietnam regarding personal data, as amended from time to time.

We're seeking key members who have had a proven track record of running critical shared application platforms in a production cloud environment. This role is responsible for ensuring NAB Group's cyber threat controls are appropriate, capable, optimally configured, consistent across all NAB Group entities, and gaps are identified and remediated through operational and investment activities. Also, responsibility for developing threat activity reporting and insights.

At NAB, we believe success comes from our people. We're committed to supporting your talent and skills through your career, as you help us build a culture that affects change for our customers and for the community too.

YOUR RESPONSIBILITIES

• This role is responsible for ensuring NAB Group's cyber threat controls are appropriate, capable, optimally configured, consistent across all NAB Group entities, and gaps are identified and remediated through operational and investment activities. Also, responsible for developing threat activity reporting and insights:
• Develop and maintain the threat and countermeasures framework, including attack surfaces, attack vectors, attack paths, TTP mapping, mitigating controls and countermeasures, control capability, and mitigation metrics
• Identify, implement and report on mitigation strategies for tracked Adversaries and tradecraft.
• Ensure a defensible architecture by influencing and driving key stakeholders, including Senior Management, Strategy & Architecture, Support Teams, Third Parties and Vendors
• Stay abreast of industry best practices and emerging threats to ensure defensive capabilities are optimal
• Produce reporting on countermeasure effectiveness, ineffectiveness, and ROI
• Perform deep dive investigations into potential high risk exposure areas
• Periodically review countermeasure detailed configuration to ensure optimal defensive posture
• Actively drive improvement in countermeasures to prevent successful attack and exploitation
• Work with Cyber Response, Red Team and Threat Detection teams to automate adversary simulation and test countermeasure effectiveness
• Provide regular reporting on key operational and delivery measures
• Influence and drive maturity improvements in the NIST IDENTIFY, PROTECT and DETECT domains
• Other related activities as required by Cyber Security Leadership

Your skills and experience

• 3-5 years of experience working in an Application Security, consulting or related role
• A unique combination of engineering acumen, CTI and Offensive Security experience and a Cyber Defense mindset.
• Extensive experience in CTI/SOC in large complex enterprise environments
• Proven experience in consulting roles
• Appropriate tertiary or industry qualifications in cyber security
• Excellent leadership, communication, stakeholder management and influencing skills
• Expertise in intelligence, SOC/IR, Threat/Risk analysis, Penetration testing/ Red Team is preferred.
• Extensive experience in software, tools and cloud engineering (AWS, Azure, GCP and common modern backend/scripting development frameworks/languages such as Python and NodeJS)
• Familiarity with common security and threat frameworks such as NIST CSF, NIST SPs, CKC, MITRE ATT&CK)

Why you'll love working here

1. Generous compensation and benefit package 

• Attractive salary and benefits  
• 20-day annual leave and 7-day sick leave, etc.  
• 13th month salary and Annual Performance Bonus  
• Premium healthcare for yourself and family members  

2. Exciting career and development opportunities  

• Large scale products with modern technologies in banking domain  
• Clear roadmap for career advancement in both technical and leadership pathways  
• Sponsored certificates in both IT and banking/finance  
• Premium account on Udemy
• English learning with native teachers  

3. Professional and engaging working environment 

• Hybrid working model and excellent work-life balance    
• Well-equipped & modern Agile office with fully-stocked pantry   
• Annual company trip and events    

A DIVERSE AND INCLUSIVE WORKPLACE WORKS BETTER FOR EVERYONE 

NAB is a place where colleagues of all genders, sexualities and ages, carers and colleagues with disability, and colleagues from all cultures, races and religions have the opportunity to thrive, connect and grow. 

If this excites you, let's have a chat over a cup of coffee!