Our Cyber Security team helps over 14.5 million customers achieve this by providing a secure banking environment where they can interact confidently in an increasingly connected digital world.
DO WORK THAT MATTERS
Our mission is to protect the Bank and our customers from theft, losses and risk events. Our Cyber Security team helps over 14.5 million customers achieve this by providing a secure banking environment where they can interact confidently in an increasingly connected digital world.
This program gives you the opportunity to tailor the career you want. By joining Cyber Security as part of our Technology & Operations (Enterprise Services) Graduate Program, you'd have the option to work in the following areas (although not limited to): Penetration Testing, Developing Security Controls, Incident Response, Threat/Cybercrime Intelligence, Digital Forensics, Cyber Outreach, Privacy and Application Security.
At CommBank we're known for our innovative digital services. We've always been pioneers and we're currently investing heavily in data analytics, cryptocurrencies and Quantum computing. For the hundreds of new services or app updates we release in any given year, we need to ensure they are as secure as possible and that's why CommBank is building one of the country's largest digital assurance teams – our ethical hackers/penetration testers.
Penetration Testing – being our fastest growing area in information security, our ethical hackers are given an almost limitless array of tools to attempt to break our products and services before they go live for our customers, hence - a great environment to work in if you enjoy being up-to-date with the latest technologies and pulling things apart to see how they work.
Developing Security Controls - when we do find vulnerabilities or come up against a new adversary attacking our existing controls, we may need to develop new ones.
Occasionally we see malware in the wild that commercially available detection systems haven't picked up yet and very quickly have to discover how it works, who it's targeting and who might be vulnerable to it. We might need to disassemble that malware in a controlled environment to see whether we need to adjust our controls. Very occasionally, a threat is so new and so radically different that those controls aren't readily available, so we might need to develop them on-the-fly. We have a team of software developers that specialise in this area. Even with the commercially available software we use, it's rarely a case of 'set and forget'. We have systems that generate alerts every time an anomaly appears in the logs of our network devices and teams of people who focus on refreshing the algorithms used in those systems. A strong foundation in programming, maths and an interest in data analytics would be advantageous to working in this area.
Cyber Incident Response – A dynamic and fast-changing area of IT - when we do have incidents that are worthy of our attention, there are specialist responders who investigate and triage. They will adjust our controls if we were to experience something like a Denial or Service attack and will analyse malware we find in the wild to protect our customers against infection or to assist law enforcement. Our people typically comprise a broad mix of computing, network engineering and problem solving skills.
Threat and Cybercrime Analyst – Becoming more attuned to our adversaries' methods of attack, a Threat Analyst takes in data from potentially hundreds of sources, on what might be over the horizon to lookout for any actor or scam that specifically targets our customers and the digital services they are likely to use. These feeds might come from security vendors, Computer Emergency Response Teams, our peers in other security teams, from the Government or our customers reporting a scam they've been sent on an email. They study the underground marketplaces used by malicious actors to see what malware kits they're selling, what data they're dumping and whose credentials they've stolen.
Digital Forensics – A massive growth area, working in digital forensics requires a rare mix of computing skills with a sound knowledge of the law, in cases where we need to prove what historical events happened on a computer system and may be used for legal discovery.
Privacy Advisors –Our privacy advisors need to understand the intersection of the law and computing. Our privacy team help to ensure every new service or app we release is not only compliant with Privacy regulations, but more importantly, that every app or service meets the privacy expectations our customers have of us as a bank.
Application Security – We are now working closer and closer with the software development teams here at the Bank to educate them and provide tools to assist them to develop more secure code.
SEE YOURSELF IN OUR GRADUATE PROGRAM:
Our 18 month program provides a tailored experience offering two 9 month rotations with options in teams in our Cyber Security Division as well as more broadly across Technology & Operations if you choose.
Together we can make a difference for our customers as well as businesses and the broader community.
WE INVEST IN YOUR FUTURE
With a significant investment in cyber security and quantum cryptography, you will have the chance to work with and learn from the best in one of the most advanced and diverse Cyber Security teams in Australia.
WE'RE INTERESTED IN HEARING FROM YOU IF:
At CommBank, we're committed to building a diverse and inclusive workforce reflecting the customers, businesses and communities we serve. As a values driven organisation, we nurture and support our people; through focussing on skill and talent development, collaboration, flexibility and internal promotion. With service in mind at every touch point, we take accountability for the role we play in securing and enhancing the financial wellbeing of people, businesses and communities. At CommBank you can be you.