Cyber Security Penetration Tester (All flex considered)

New South Wales, Australia

April 17, 2020
Security specialist

IAG’s strategy is to build our digital DNA and create the best digital insurance and ancillary company globally by moving towards more open systems and connecting with partners. In doing this IAG needs to ensure that our uplift in Digital capability is matched with a major uplift in our information security capability. 

The purpose of this role is to help protect IAG’s digital and information assets by performing penetration tests and other security related assessments. This role is in one of the critical teams in the Cyber Security Group. It is part of an elite team that is in huge demand across Australia. 

A major sophisticated cyber-attack against IAG could have a catastrophic impact on the business, and this team is one of the main lines of defence against such an attack. This role will see you utilise your passion for cyber security.


This is a Permanent Full Time Opportunity based in Sydney CBD


Key Responsibilities


  • Perform Infrastructure and Application Penetration Tests 
    • Ensure that new and existing systems comply with security requirements by conducting assurance reviews of systems and / or processes.
  • Manage Penetration Testing Reporting data 
    • Assist with framework implementation and ensure that projects have implemented mandated security controls prior to go-live. Validate and assist with the requirements of PCI or other mandatory legislative or regulated control requirements.
  • Process Improvement 
    • Identify practical improvements to processes that would improve agility and allow greater utilisation of self-service capabilities.


Skills & Experience


  • Thorough understanding of Cloud and other Security Standards / Frameworks e.g. CSA CCM, NIST CSF, ISO 27001, PCI-DSS
  • Application development exposure in one or more of the following: PHP, Python, Rails, HTML, JavaScript, PowerShell
  • Infrastructure and Web application security testing methodologies / frameworks e.g. OWASP, PTES, OSSTMM, ISSAF
  • Knowledge of OWASP standards such as ASVS (Application Security Verification Standard) and CVSS (Common Vulnerability Scoring System), including the OWASP Testing Guide
  • Knowledge of PCI requirements including PCI penetration testing requirements
  • Technical understanding of applications developed in web technologies such as HTML, JavaScript, Java/J2EE, ASP/.NET, PHP, Rest APIs, AngularJS, NodeJS, Bootstrap etc.
  • Experience of conducting Vulnerability Assessment and Penetration testing of Web Applications, API, Mobile and Network Infrastructure hosted on-premise and within cloud environments (e.g. AWS/Azure etc.)
  • Experience of working in SecDevOps environment or liaising with Development teams to gather security testing requirements and independently managing the execution of penetration tests as well as performing effort estimation 
  • Working with Kali Linux environment, Android/IOS environment and have experience in installing/troubleshooting security tools and other OS related issues
  • Setting up insecure apps (such as OWASP Broken Web Applications) in testing environments to evaluate security tools for scanning the applications/False positives and for remediation management 
  • Working experience in Nessus/Qualys, Burp Suite Pro, ZAP Proxy, Maltego, Wireshark, SQLMAP and other widely used security tools
  • Experience compiling and executing known public exploits using Metasploit or standalone exploits.
  • A minimum of 2 years’ experience working in corporate environments performing Application and Infrastructure security penetration testing
  • Penetration testing security certifications e.g. OSCP / OCSE / CRT / CCT


About Us 

At IAG, we believe that everyone has a unique point of view to share, shaped by their life experiences, cultures & passions. We celebrate and commit to: 

#Proud to be me – we value difference, not sameness
#Together – harnessing our collective wisdom enables us to be our best for our customers & each other
#No boxes – it’s not about labels, boxes or categories; It’s about building a diverse and inclusive mindset into everything we do


IAG is the largest general insurance group in Australia and New Zealand. We own some of the region’s most trusted brands, including NRMA Insurance, CGU, SGIO, SGIC and WFI. 

In addition to a diverse and inclusive culture, some of our benefits include 13% superannuation, 50% insurance discounts, flexible work and leave options, generous parental leave and return to work program, recognition and reward program, and various corporate partner discounts. 

At IAG we strongly believe to achieve success we must create a diverse and inclusive workforce. We encourage applications from all backgrounds and communities. IAG have committed to the reconciliation movement in Australia for First Nations people and focus on building a diverse culture by creating a safe and supportive work environment for all our employees. More information on our Reconciliation Action Plan can be found on our website: https://www.iag.com.au/reconciliation.


Continue the conversation

If you think this role might be for you, we want to hear from you. Please express your interest, making sure your Puffling profile is up to date with your current CV, ideal criteria for flex and salary expectations.