Golang Job: Staff Security Engineer

Staff Engineer – Security Engineering

We're embarking on an engineering transformation program at CBA (Commonwealth Bank of Australia). We're looking for a high performing and passionate group of security engineers to push the boundaries with us.

As a Staff Security Engineer, you will be a highly technical security SME, with a passion for building and breaking things, knowledge across the SDLC, including coding, cloud environments, application security, identity and DevOps.

Together we will build tomorrow’s bank today, using world-leading engineering, technology, and innovation.

Your Business:

The Group Security function works to maintain the confidentiality, integrity and availability of data and services within the Group. You’ll be part of the Security Engineering practice under the Group Security Function, where you will partner with our Engineering and Product teams to help embed security into every stage of the product development life cycle by building automation, tooling and technologies.

Do Work that Matters:

Here, you will get to turn your passion into a reality, working with modern technology on state-of-the-art projects to enable a seamless and unrivalled customer experience. You will partner with teams that build high quality, reliable solutions that determine how millions of people access their money and define future industry trends. And what you do has an impact – you are working on the backend of Australia’s number one mobile app, used by over 5 million people, as well as several other products and applications across the Group.

Born curious, you are constantly learning and are eager to share the latest tech, insights, and ways of working with your team. Honing your craft is something that happens inside and outside of work, and you are a passionate and active member of the broader InfoSec community.

Key responsibilities include:

• Build the security components of CommBank’s next generation of technology platforms
• Partner with our product and platform engineering teams helping them embed security into every stage of the development lifecycle
• Be the technical lead for our security engineers to build, enhance or innovate new security capabilities and controls for our engineers to consume security easily and quickly
• Automate security on boarding and build self-service to minimise manual execution by our security operations teams
• Collaborate with engineering, cyber, fraud and other teams to identify and develop opportunities to improve the security posture and engineering velocity of the organisation via security automation and engineering
• Identify classes of security vulnerabilities and drive delivering solutions for remediation and prevention
  

We are interested in people who have:

• 8+ years of combined experience in software, product security, application security, penetration testing or security engineering
• 2+ years of experience in software development
• Experience perform threat modelling and risk assessment, including design and code reviews
• Build and hosting technologies (e.g., Kubernetes, Docker)
• Source code control tools (e.g., GitHub, GitLab, Bitbucket)
• Proficiency in at least one language (C# .NET Core, Java, Node.js, Golang.)
• REST API (Application Programming Interface) services
• Deep knowledge and understanding of different hosting pattern covering IaaS (Infrastructure as a service), CaaS (Container as a Services), PaaS (Platform as a Service), SaaS (Software as a service)
• Enterprise experience in at least one of the following cloud hosting platforms:
• AWS cloud – desirable
• Microsoft Azure
• Google Cloud Platform
  

Excellent communication and collaboration skills and experience working in a matrix organisation structure, previous experience working under Spotify model or similar agile framework is highly desirable.

In this role, you'll frequently be learning new technologies, processes and requirements. For that reason, we're interested in candidates with an eagerness to learn and try new things, even if some of the technologies are new to them. If this role sounds enticing to you, do not hesitate to reach out to us.