Security Operations & Intelligence Penetration Tester at Careers @ MUFG Pension & Market Services

Melbourne, Victoria, Australia -

Full Time

Start Date

Immediate

Expiry Date

20 Jul, 26

Salary

0.0

Posted On

21 Apr, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Penetration testing, Vulnerability assessment, Web application security, API security, Risk mitigation, ISO 27001, NIST Cybersecurity Framework, OWASP Top 10, Mitre Att&ck, Cloud security, Infrastructure security, Technical reporting, Stakeholder management, Security operations, Threat intelligence

Industry

Financial Services

Description

Overview Reporting to the Head of Security Operations and Intelligence and based in our offices in Melbourne CBD, the Penetration Tester will perform security testing across applications, infrastructure and cloud services to identify vulnerabilities and validate exploitability under approved scope and rules of engagement. The tester will ensure all activities are conducted within agreed boundaries and timeframes, delivering testing outcomes and reports by set deadlines. The role translates technical findings into clear risk statements and remediation guidance in the form of a report. This is a hands-on technical role. Key Accountabilities and main responsibilities Strategic Focus * Act as a senior advisor to the business, providing expert guidance on modern cyber threats, secure practices, and risk mitigation strategies. * Partner with engineering and technology teams to prioritise remediation activities aligned to business risk and security outcomes. * Promote MUFG RS’s culture of security awareness, collaboration, and continuous improvement across technology and business teams. * Contribute to strengthening the organisation’s overall security posture through insight-driven testing outcomes and informed recommendations. Operational Management * Plan and execute authorised penetration tests in line with agreed scope and rules of engagement. * Conduct security testing of web applications and APIs to identify common and emerging vulnerabilities. * Ensure penetration testing activities are safe, controlled, and non-disruptive to production services. * Deliver clear, actionable penetration testing reports, including evidence, severity ratings, business impact, and remediation guidance. * Validate remediation actions and perform re-testing to confirm vulnerabilities have been effectively addressed. * Work closely with engineering teams to efficiently close findings and reduce exposure. People Leadership * Effectively communicate with senior leaders to provide business-critical updates, risk insights, and escalation points. * Proactively coach and support team members, fostering learning and development, clear ownership, and effective escalation pathways. * Work collaboratively with Security Operations, Threat Intelligence, Infrastructure, IT, and wider business teams to support coordinated investigation and remediation activities. * Lead by example in reinforcing accountability, collaboration, and professional security practices within the team. Governance and Risk * Ensure all penetration testing and related activities align with ISO 27001:2022, the NIST Cybersecurity Framework, and internal security policies and standards. * Comply with applicable Australian, UK, and European legislation, regulatory requirements, and contractual security obligations. * Maintain accurate documentation, procedures, and compliance artefacts to support audits, regulatory reviews, and risk assessments. * Identify gaps in security controls or processes and deliver recommendations to strengthen governance and risk management maturity. The above list of key accountabilities is not exhaustive and may change from time-to-time based on Cbus and business needs. Experience & Personal Attributes * Tertiary or industry qualifications (OSCP, BSCP, OSWE) * 5+ years penetration testing experience * * Black/Grey/White box * Strong understanding of OWASP Top 10 * Open source tooling * Chaining vulnerabilities * Mitre Att&ck Mapping * Living of the land * Strong communication skills with the ability to translate technical information into business language. * Experience producing structured penetration test reports that demonstrate the attack path with supporting evidence, business impact and detailed remediation advice. * Proven ability to Identify and validate vulnerabilities beyond automated scanning results asses vulnerability impact in a business context and priorities findings based on risk rather than technical severity * Pragmatic and outcome focused, understanding the difference between theoretical risk and rded al world exposure. * Comfortable operating as a stand-alone specialist, demonstrating autonomy, accountability, and sound prioritisation. * Collaborative mindset, able to influence engineers and stakeholders without relying on positional authority. * Strong ethical foundation and adherence to responsible disclosure practices. * Curiosity and continuous learning orientation, staying current with modern attack techniques and defensive controls. MUFG Pension & Market Services is a global, digitally enabled business that empowers a brighter future by connecting millions of people with their assets – safely, securely and responsibly. Through our two businesses MUFG Retirement Solutions and MUFG Corporate Markets, we partner with a diversified portfolio of global clients to provide robust, efficient and scalable services, purpose-built solutions and modern technology platforms that deliver world class outcomes and experiences. A member of MUFG, a global financial group, we help manage regulatory complexity, improve data management and connect people with their assets, through exceptional user experience that leverages the expertise of our people combined with scalable technology, digital connectivity and data insights. Our Corporate Centre Technology Services & Information Security function manages our IT infrastructure, technology operations, and information security. It oversees IT system development, maintenance, and security to ensure smooth technology operations support our daily activities. We implement strong cybersecurity measures to protect sensitive data and manage service delivery through effective IT service management practices. By supporting global operations, we ensure our technological infrastructure is secure, efficient, and aligned with business needs. MUFG Pension & Market Services is continuing to build a dynamic, client-focused, caring, and inclusive culture based on entrepreneurial spirit, effective risk management, empathy, and trust, underpinned by core values. We work collaboratively, supporting and valuing the talents and perspectives of our people, and promoting a flexible work environment where their wellbeing is prioritized. We believe diversity drives better client outcomes, improvement, and growth. Join us on the MUFG Pension & Market Services journey to achieve our full potential. We treat everyone fairly and equitably, regardless of diverse characteristics. Candidates must have the relevant work rights. Successful applicants must complete background screening before employment.

Responsibilities

The Penetration Tester will plan and execute security testing across applications, infrastructure, and cloud services to identify and validate vulnerabilities. They will also provide expert guidance to engineering teams on remediation strategies and ensure all activities align with regulatory and internal security standards.