Staff Security Engineer

Organization: At CommBank, we never lose sight of the role we play in other people’s financial wellbeing. Our focus is to help people and businesses move forward to progress. To make the right financial decisions and achieve their dreams, targets, and aspirations. Regardless of where you work within our organisation, your initiative, talent, ideas, and energy all contribute to the impact that we can make with our work. Together we can achieve great things.

Job Title: Staff Security Engineer - Cloud Security

Location: Bangalore

Business & Team:

We're building tomorrow’s bank today, which means we need creative and diverse engineers to help us redefine what customers expect from a bank. Envisioning new technologies that are still waiting to be invented and reimagining products that support our customers and help build Australia’s future economy.

CommBank is recognised as leading the industry in IT and operations with its world-class platforms and processes, agile IT infrastructure, and innovation in everything from payments to internet banking and mobile apps. Cyber Security protects the bank and our customers from theft, losses and risk events, through effective and proactive management of cyber security, privacy and operational risk.

The CBA technology unit delivers the best digital banking services to Commonwealth Bank customers and to do so is responsible for digital delivery, group data and analytics, technology and technology infrastructure, cyber, fraud, physical security and business resilience for all divisions across CBA. It is also dedicated to delivering the best workplace technology experience for our over 53.000 people across CBA and focused on providing the latest tools, technology, and resources to enhance the way we work together and empower our people to achieve more for our customers.

The Security Engineering team protects the group and our customers from theft, loss and risk events, through effective and proactive management of cyber security, privacy and operational risk.

Impact & Contribution:

• Designing and implementing secure solutions that align with group security policies, standards, and reference architecture.
• Work on threat modelling and can interpret and understand key cyber controls across the Group.
• Identify security requirements, qualify threats to design the IT systems and build countermeasures to minimise cyber risks.
• Collaborating with cross-functional teams to drive security outcomes throughout the design, build, and run phases of product development
• Supporting the adoption of modern scalable and high-velocity security practices, including Secure by Design, DevSecOps, and Automation
• Contributing to the continuous innovation and re-engineering of existing security engineering practices, including the development of practice strategies, patterns, and processes

Roles & Responsibilities:

• Provide deep technical hands-on Experience in security engineering, with a focus on design, strategy and implementation of secure solutions.
• Have strong understanding of security policies, standards, and reference architecture, and expertise in threat modelling, threat detection, control mapping, vulnerability analysis and control engineering risk identification.
• Are experienced in designing and building reusable security patterns and or solutions.

Essential Skills:

• 12+ years of experience in security engineering.
• Have experience with secure by design, DevSecOps, and Security automation (SAST, DAST, IAST) practices.
• Are experienced in designing and implementing enterprise Security Guidelines and Practices
• should have hands on experience in developing code, doing secure code Review, Threat modelling.
• Should have hands on experience securing Docker, Container and Kubernetes.
• Experience with penetration testing and vulnerability assessment, and tool like OWASP ZAP or Burp Suite
• Familiarity with compliance frameworks, such as PCI-DSS or HIPAA
• Experience with AI/ML frameworks, libraries, and tools, such as TensorFlow, PyTorch, or Keras .
• Familiarity with Australian financial industry regulations and standards, such as the Australian Prudential Regulation Authority (APRA) and the Australian Securities and Investments Commission (ASIC)
• Design and govern secure multi-cloud architectures with deep expertise in IAM, network security, encryption, containers, and IaC across major cloud providers.
• Automate security controls and CI/CD guardrails using Terraform and CSPM tools while adopting secure-by-design patterns.
• Certifications - CISSP, CCSP, OSCP,
  Cloud-specific certifications (e.g., AWS Certified Security – Specialty, Azure Security Engineer Associate, Google Professional Cloud Security Engineer)

Education Qualification:

• Bachelor’s degree or master’s degree in engineering in Computer Science/Information Technology