N

Lead Attack Surface Management - Group Security

NAB
Full-time
On-site
Vietnam

Job Posting End Date:


Worker Type:


Fixed Term (Fixed Term)



We're seeking a key member who have had a proven track record of running critical shared application platforms in a production cloud environment. The purpose is to provide technology-based security exposure detection services and Findings Management across NAB’s key assets to meet security objectives.

At NAB, we believe success comes from our people. We're committed to supporting your talent and skills through your career, as you help us build a culture that affects change for our customers and for the community too.



YOUR RESPONSIBILITIES


  • Lead and plan attack surface detection for NAB Group to identify the assets, exposure discoverable on internet such as DNS, Apps not having SSLs, HSTS enabled, APIs without authentication etc.
  • Provide direction for NAB in the usage of Attack Surface Scanning as a key discovery and remediation for the bank for externally facing assets.
  • Promote the use of ASM scanning and establish a BAU rhythm to effectively detect and scan NAB’s digital assets, including those of Subsidiaries and externally hosted 3rd party vendors.
  • Scan for attack surface for the organisation and validate the exposures using various technologies.
  • Develop technology configuration policies to support the secure use of NAB’s technology footprint in the building of new infrastructure and scheduled scanning of key security configurations.
  • Promote the use of Findings Management tooling and establish a BAU rhythm to support the remediation of NAB’s digital assets, including those of Subsidiaries and externally hosted 3rd party vendors.
  • Provide on-call support to assist the Cyber Defence and Incident Management teams to respond to critical exposures or concerns.
  • Collaborate in the development of Reporting to assist NAB understand control effectiveness & of NAB’s vulnerability exposure.
  • Use excellent communication skills to articulate technical security requirements and recommendations in a business context.


YOUR SKILLS AND EXPERIENCE


  • 8+ years full-time experience in enterprise security roles
  • 5+ years of experience in Application Security and Vulnerability Management
  • 2+ years of experience in Penetration Testing
  • 2+ Years of experience in People Management
  • Experience on any Attack surface management tool
  • Experience with Vulnerability scanning for Infrastructure and Applications
  • Hands on experience with Vulnerability scanning and penetration testing tools such as Nessus, Qualys, Nmap, Netsparker, Nuclei, Burpsuite, Metaspolit, etc.
  • Ability to write scripting to automate the scanning and testing scenarios.
  • Able to use scripting to automate the attack surface discoveries and run scanning to identify the exposure/vulnerability.
  • Familiar with Kali Linux/Unix commands
  • Ability to engage stakeholders and drive change.
  • Experience with Cloud, such as AWS and knowledge of their services/applications.
  • An understanding of Security principles and Web application attack methodologies
  • Excellent verbal and written English communication skills
  • Ability to attend to the detail on multiple concurrent tasks while meeting various deadlines and develop thorough, clear and concise action plans/objectives.


THE BENEFITS AND PERKS


We appreciate and reward our colleagues who do great work every day – from excelling for our customers, to taking ownership of an issue to get it resolved. Here’s how we support our people with a range of exclusive benefits.

1. Generous compensation and benefit package 

  • Attractive salary 
  • 20-day paid annual leave and 7-day paid sick leave
  • 13th month salary and Annual Performance Bonus
  • Premium healthcare for yourself and family members
  • Monthly allowance for team activities
  • Premium welcome kit and occasional gifts of appreciation
  • Extra benefits on your work anniversary

2. Exciting career and development opportunities  

  • Large scale products with modern technologies in banking domain
  • Clear roadmap for career advancement in both technical and leadership pathways
  • Access to digital learning platform such as Udemy
  • Consistent and high-quality leadership training through the Distinctive Leadership program (DLP)
  • Specialist capabilities and accreditations in key skill areas such as Cloud Engineering, Digital, Data, Security and SREs (Site reliability engineers)
  • Sponsored English course with native teachers
  • Opportunity for training in Australia

3. Professional and engaging working environment  

  • Hybrid working model and excellent work-life balance
  • State-of-the-art & modern Agile office
  • Food and beverages in the office pantry
  • Employee Assistance Program to improve your physical and mental health
  • Annual team activities and company events
  • A solid and talented team behind you – great people who love what they do


A DIVERSE AND INCLUSIVE WORKPLACE WORKS BETTER FOR EVERYONE

We know that our people make us who we are. That's why we have built a culture of respect – where everyone feels valued and appreciated for being their true authentic selves at NAB. With our focus on inclusion and diversity, and in partnership with our Employee Resource Groups, NAB is a place where First Nations colleagues, colleagues of all genders, sexualities and ages, carers and colleagues with disability, and colleagues from all cultures, races and religions have the opportunity to thrive, connect and grow.

We are intent on providing an environment where you can work your way. Ask about our many flexible work options and please let us know if we can provide any adjustments throughout the recruitment process.



CLOUD-FIRST 


NAB is undergoing an exciting "Cloud First" technology transformation by taking advantage of the latest tools and techniques used by leading technology and digital companies globally. But it’s not just about the Tech, we are also investing heavily in our people, so if you have an appetite to learn, grow and elevate others around you, this is the place for you! 


If this excites you, let's have a chat over a cup of coffee!




It's more than just a career at NAB!


We believe in people with people and dreams, and we want you to achieve your aspirations. More than just a career, NICV offers you a flexibility to balance your work - life, the opportunity to grow as professionals and people and a complete set of well-being offerings. If you have an appetite to learn, grow and elevate others around you, this is the place for you.



It's a good time to see what you can find at NAB as a


Lead Attack Surface Management - Group Security


CLOUD FIRST



NAB is undergoing an exciting "Cloud First" technology transformations by taking advantage of the latest tools and techniques used by leading technology and digital companies globally. But it's not just about the Tech, we are also investing heavily in our people, so if you have an appetite to learn, grow and elevate others around you, this is the place for you!



IT'S MORE THAN MONEY



We naturally also provide a very competitive remuneration package but a career with us is about a lot more than money. We believe in people with ideas and dreams, and we want you to achieve your aspirations. We will work together to deliver exceptional products and outcomes that push the limits of our own aspirations. Out passion for creating value and exceeding our customers' expectations means we are constantly striving to redefine our standards of excellence. You will have our backing to develop and our encouragement to explore, realize and reach your full potential.



If this excites you, let's have a chat over a cup of coffee!