Introduction At Indue, we are dedicated to embracing diversity, equity and inclusion in all forms. Guided by our values of "Go Far. Go Together," "Real Heart. Real Action," and "Open Mind. Open Doors," we are committed to fostering a workplace where every individual feels valued, respected, and empowered. We understand that our collective strength lies in our diverse perspectives and experiences, and by working together, we can achieve greater heights and drive impactful change across our communities. Join us and be part of a team that values your unique contributions and is dedicated to creating a positive, inclusive workplace. We provide a range of technology payment solutions, including market leading financial crime solutions, New Payments Platform, mobile payments and card programs in a B2B market. Visit our website at www.indue.com.au for more information. What We Offer Work-life Balance: Flexible working arrangements, ability to work from home and meeting free Fridays. Career development: Full Pluralsight Subscription for all technical team members, study assistance, internal movements and secondment opportunities. Reward & Recognition: Excellent recognition programs appreciating employee’s contributions, service anniversaries and Annual Awards. Culture: Collaborative and inclusive culture, approachable leadership team who provide monthly updates, and regular social celebrations. Wellness: Employee Assistance Program, discounted Health Insurance and ability to purchase additional leave. Description About the Role The Application Penetration Tester plays a critical role in safeguarding Indue’s IT systems, applications and infrastructure by scanning and simulating real-world attacks to uncover weaknesses and vulnerabilities. The role is responsible for undertaking regular penetration testing of internal and external facing applications/ systems and IT infrastructure that Indue develops, implements, updates and/ or maintains. The role is required to plan, coordinate, engage, execute, track, manage and report on application/ system vulnerabilities and implementation of approved mitigation processes/ activities. Furthermore, the role is responsible to improve and educate Indue’s DevSecOps practices by actively engaging and collaboratively building and improving secure and reliable IT applications, systems and infrastructure aligned with Indues system development lifecycle working closely with information security team, project management, product management, enterprise systems, architecture, engineering, testing, quality assurance, and risk management functions Responsibilities for the role include: Own, manage, plan, coordinate, and deliver the entire pen testing and vulnerability management program for Indue aligned with risk appetite, and ISO27001, PCI DSS and other compliance requirements. Be a SME for technical vulnerabilities including pen testing, static code analysis, and network security, and provide advice, guidance, training and awareness about good secure practices. Own, follow-up, track, monitor and report on all pen testing and vulnerability mitigation actions across Indue. Engage and contribute to the system development lifecycle through DevSecOps design, build, testing and support phases and help identify and address vulnerabilities early in the lifecycle saving cost and reducing risk. Regularly maintain, update, and communicate all relevant standards, processes and procedures to relevant stakeholders. About You You will have all or majority of the following skills and attributes: [List skills and attributes required by the successful candidate:] 3 years of experience operating as a pen tester operating with limited supervision. Hold at least one of the following certifications: OSCP, CREST CCT, SANS GCPN, C|PEN or similar. Experience in security report writing and discussing reports with stakeholders to obtain their buy-in. Good understanding and experience in utilising CVSS standards, OWASP methodologies and Metasploit tooling. Good analytical and problem-solving skills. The following skills will be highly desirable: A cybersecurity degree and/ or relevant tertiary cybersecurity qualification Related cybersecurity certifications such as CEH, CompTIA PenTest, CISSP, CISM Understanding of other cybersecurity frameworks including NIST, OSSTMM Awareness of information security standard requirements such as ISO27001, PCI DSS, ASD-Essential8/ ASD-ISM Sounds like you? Use the 'Apply' button to create your profile and submit your Cover Letter and Resume, demonstrating your relevant experience for the role. No agency enquiries - only direct candidates with full working rights in Australia will be considered. Candidates may be requested to complete a criminal history check and other relevant background checks as part of our recruitment process.
