Security Testing - Specialist

This specialist role in Security Testing at Telstra involves providing technical leadership in complex source code security reviews and offering consultative advice on security testing tools. The position is crucial for enhancing Telstra's security posture by identifying vulnerabilities, improving assessment capabilities, and empowering developers to implement secure coding practices. The specialist will conduct penetration testing, vulnerability scans, and source code reviews, contributing to the overall security strategy and mentoring the developer community.

Must Have

• Generate attack scenarios and conduct authorized penetration testing.
• Act as a technical subject matter expert in application security testing and secure source code development.
• Execute vulnerability scans, interpret results, and document security gaps.
• Conduct source code security reviews and use assessment tools to identify threats.
• Collaborate on the Security Testing strategy and contribute to future capability.
• Evaluate system security, recommend improvements, and develop comprehensive security testing reports.
• Provide input into security testing processes, methodologies, and standards.
• Develop and deliver training and guidance for the developer community.
• Develop scripts and contribute to automation in security testing.
• Translate security vulnerabilities into business risks for stakeholders.
• Minimum 3 years’ experience in Security Testing, including Application Security/Secure Code and Penetration Testing.
• Experience with various software delivery models (DevOps, Waterfall).
• Manual security assessment experience (penetration testing, code review).
• Proficiency in creating technical and executive reports.
• Working knowledge of security assessment tools (vulnerability scanners, SAST, DAST, SCA).
• Ability to review and provide feedback on security assessment reports.
• Understanding of security fundamentals (transport security, authentication, authorization, threat modelling, logging, and monitoring).
• Experience in software development, including building exploits and automation scripts.
• Industry certifications or demonstrable skillset (e.g., Offensive Security – OSCP).

Good to Have

• In-depth penetration testing experience across multiple domains, including zero-day exploit identification.
• Experience implementing automated security assessment tools in CI/CD pipelines.
• Strong understanding of adjacent security dependencies (endpoints, platforms, databases, network security, frameworks).
• Additional industry certifications (e.g., OSWE, OSCE3, CISSP, CCSP, CREST CRT/CCT).
• Experience managing engagements with external security vendors.

The Opportunity

Aligned with Telstra’s Cyber Security Strategy, this position offers the chance to provide technical leadership in complex source code security reviews and to deliver consultative advice on security testing tools. You will play a key role in enhancing Telstra’s security posture by identifying vulnerabilities, improving assessment capabilities, and empowering developers to work securely. This is an opportunity to make a tangible impact on the security of Telstra’s systems and networks, while developing your expertise and mentoring others.

Key Responsibilities

• Generate attack scenarios and conduct authorized penetration testing to identify and address security vulnerabilities.
• Act as a technical subject matter expert in application security testing and secure source code development.
• Execute vulnerability scans, interpret results, and document security gaps.
• Conduct source code security reviews and use assessment tools to identify threats, vulnerabilities, and attack vectors in applications.
• Collaborate with the Security Testing – Senior Lead and team members to drive the Security Testing strategy and contribute to future capability and operations.
• Evaluate system security, recommend improvements, and develop comprehensive security testing reports.
• Provide input into security testing processes, methodologies, and standards.
• Develop and deliver training and guidance for the developer community, promoting secure coding practices.
• Develop scripts and contribute to automation in security testing.
• Translate security vulnerabilities into business risks for stakeholders and communicate findings effectively.
• Take a pragmatic approach to balancing business objectives, standards, cost, time, and risk.
• Comply with Telstra’s HSE policies and support safety and environmental responsibilities.

Qualifications and Experience

Essential:

• Minimum 3 years’ experience in Security Testing, including Application Security/Secure Code and Penetration Testing.
• Experience with various software delivery models (DevOps, Waterfall).
• Manual security assessment experience (penetration testing, code review).
• Proficiency in creating technical and executive reports.
• Working knowledge of security assessment tools (vulnerability scanners, SAST, DAST, SCA).
• Ability to review and provide feedback on security assessment reports.
• Understanding of security fundamentals (transport security, authentication, authorization, threat modelling, logging, and monitoring).
• Tertiary qualifications in Electrical/Electronic, Computer, Network or Software Engineering; Information/Cyber Security; IT or related discipline.
• Experience in software development, including building exploits and automation scripts.
• Industry certifications or demonstrable skillset (e.g., Offensive Security – OSCP).

Highly Desirable:

• In-depth penetration testing experience across multiple domains, including zero-day exploit identification.
• Experience implementing automated security assessment tools in CI/CD pipelines.
• Strong understanding of adjacent security dependencies (endpoints, platforms, databases, network security, frameworks).
• Additional industry certifications (e.g., OSWE, OSCE3, CISSP, CCSP, CREST CRT/CCT).
• Experience managing engagements with external security vendors.