How to Apply to Medibank Private

13 min read Last updated April 20, 2026 35 open positions
Blake Crosley
Blake Crosley Researched using publicly available information, hiring data, and ATS analysis.

Key Takeaways

  • Medibank Private (ASX: MPL) is Australia's largest private health insurer, serving roughly 3.7 million customers across the Medibank and ahm brands, headquartered at Docklands in Melbourne with roughly 3,500 employees and around A$8 billion in annual revenue.
  • The company was founded in 1976 by the Australian Government as a public health insurer and was privatised through one of the largest ASX IPOs in history in November 2014, raising approximately A$5.7 billion. That dual heritage continues to shape culture and operating norms.
  • CEO David Koczkar (since May 2021) has led the company through the post-IPO maturation phase and through the response to the October 2022 cyberattack, which remains the defining recent event in Medibank's history and a major driver of current hiring priorities.
  • Cybersecurity, data governance, identity, fraud, privacy, customer trust, legal, and risk are all elevated functions at Medibank in 2025-2026 with executive-level attention and substantial budgets. Candidates in these tracks will find unusually meaningful work.
  • The Australian private health insurance market is heavily regulated by APRA and the Private Health Insurance Act, with pricing constrained by community rating, lifetime health cover loading, risk equalisation, and the annual rate review process administered by the Department of Health and Aged Care.
  • Medibank competes most directly with Bupa Australia, with HCF, NIB (ASX: NHF), HBF, Australian Unity, and a long tail of smaller funds rounding out the market. Compensation across the sector tends to be broadly comparable for like-for-like roles.

About Medibank Private

Medibank Private Limited (ASX: MPL) is Australia's largest private health insurer and one of the most recognisable consumer brands in the country. Headquartered at 720 Bourke Street in the Docklands precinct of Melbourne, Medibank serves approximately 3.7 million Australian customers through its flagship Medibank brand and the lower-cost ahm (Australian Health Management) brand. The company employs roughly 3,500 people across Melbourne, Sydney, Brisbane, and a network of state and regional offices, generates around A$8 billion in revenue, and sits comfortably within the ASX 100. For a job seeker considering a career in Australian financial services, regulated insurance, healthcare, customer operations, actuarial science, data analytics, or cybersecurity, Medibank represents a particular kind of employer that is difficult to replicate elsewhere in the local market. Medibank's history shapes nearly everything about how the company operates today. It was established in 1976 by the Whitlam-era Australian Government as a public health insurer designed to provide an alternative to the existing private funds, and it operated as a government business enterprise for almost four decades. The decision to privatise the company was taken by the Abbott Government, and Medibank listed on the ASX in November 2014 in what was at the time one of the largest Australian initial public offerings on record, raising approximately A$5.7 billion. The transition from a government-owned mutual-style insurer to a publicly listed company introduced shareholder accountability, formal earnings discipline, and the kind of investor-relations cadence that any ASX 100 board operates under, while the underlying member services, regulatory framework under APRA and the Private Health Insurance Act, and product structure (hospital cover plus extras cover) remained largely continuous. That dual identity, a former government insurer operating as a listed company in a heavily regulated market, is part of why Medibank careers feel different from other Australian financial services jobs. The company competes in a structurally consolidated Australian private health insurance market. The two largest players, Medibank and Bupa Australia, together account for roughly half of all insured lives. The next tier includes HCF, a private mutual fund, NIB Holdings (ASX: NHF), the Western Australian-headquartered HBF, Australian Unity, and a long tail of smaller funds and restricted funds serving particular professions or regions. Pricing and product features are constrained by Australian Government rebate settings, community rating rules, lifetime health cover loading, the Medicare Levy Surcharge interaction, and APRA prudential standards, which means competition tends to play out on member experience, claims service, digital tooling, ahm-style value brands, and ancillary services such as travel cover, pet insurance partnerships, and increasingly health and wellbeing programmes. Medibank's strategy under CEO David Koczkar, who succeeded Craig Drummond in May 2021, has emphasised diversification beyond the core private health insurance product into broader health services, a sustained investment in digital and customer experience, and a long-running rebuilding programme on cybersecurity, data governance, and customer trust following the events of October 2022. No honest discussion of Medibank as an employer can avoid the 2022 cyberattack. In October 2022, Medibank disclosed a major data breach in which a Russian-speaking criminal group (later attributed by Australian authorities and reporting to actors associated with the REvil ecosystem) gained access to systems containing personal information for approximately 9.7 million current and former Medibank, ahm, and international student customers. After Medibank declined to pay the ransom, the attackers progressively published sensitive customer data, including some of the most sensitive categories of health information, on the dark web. The incident became a defining Australian cybersecurity event, triggered an Office of the Australian Information Commissioner (OAIC) investigation, multiple class actions, an ASIC investigation into disclosures, parliamentary scrutiny, and a programme of remediation that Medibank has publicly disclosed as costing well in excess of A$70 million on top of ongoing security investment. For candidates, the practical effect is that cybersecurity, data governance, identity, fraud, and customer trust are not peripheral functions at Medibank, they are central organisational priorities with executive attention, board-level oversight, and substantial budgets. Many of the most interesting roles being hired in 2025 and 2026, particularly in technology, risk, legal, communications, and member services, exist either directly or indirectly because of the post-2022 transformation work. This guide takes the cyberattack and its aftermath seriously and explains what it means for candidates in concrete terms, because pretending otherwise would not be useful to anyone preparing for a Medibank interview.

Application Process

  1. 1
    Begin at the official Medibank careers portal at careers

    Begin at the official Medibank careers portal at careers.medibank.com.au. Medibank operates its own branded recruitment site rather than directing candidates to a generic ATS landing page, although the underlying applicant tracking technology is a custom-configured Australian recruitment stack. Search by keyword, location (Melbourne, Sydney, Brisbane, Adelaide, Perth, or remote Australia where applicable), and business area (Customer, Health Services, Technology and Data, Cyber and Risk, People and Culture, Finance, Legal, or Strategy and Marketing).

  2. 2
    Create a candidate profile that you will reuse across multiple applications

    Create a candidate profile that you will reuse across multiple applications. Medibank reuses profile data across requisitions, so investing time in accurate work history parsing, complete contact details, right-to-work status, and notice period information up front saves rework on later applications and reduces parser errors that lead to silent rejections.

  3. 3
    Upload your resume in PDF format unless the requisition specifically requests DO

    Upload your resume in PDF format unless the requisition specifically requests DOCX. Use a single-column layout, standard headings, and avoid tables, text boxes, headers and footers, or graphics. Australian recruitment portals are notoriously sensitive to multi-column CV layouts, and a parser failure at the upload stage is the single most common reason qualified candidates never reach a recruiter.

  4. 4
    Submit and expect an initial recruiter screen within one to three weeks for acti

    Submit and expect an initial recruiter screen within one to three weeks for actively recruited roles. Medibank uses in-house talent acquisition partners for almost all permanent positions, organised by business unit, so the recruiter who calls you will typically know the hiring manager personally and will have specific context on the role, the team, and the priorities behind the requisition.

  5. 5
    Move through a hiring manager interview, which is usually conducted by Microsoft

    Move through a hiring manager interview, which is usually conducted by Microsoft Teams for first-round conversations and frequently in-person at the Docklands HQ for final rounds for Melbourne-based roles. Sydney-based roles frequently use the Sydney CBD office for in-person rounds. Behavioural and competency-based questioning anchored to Medibank's Values and Behaviours framework is the dominant interview style across nearly every business unit.

  6. 6
    Complete a second-round interview with peers, cross-functional partners, or a se

    Complete a second-round interview with peers, cross-functional partners, or a senior leader. For technology, cyber, and data roles expect a technical assessment, a system design conversation, or a take-home exercise in addition to the behavioural rounds. For actuarial, finance, and risk roles expect technical questions on Australian private health insurance economics, APRA prudential standards, capital adequacy, and reserving methodology.

  7. 7
    Complete pre-employment screening once a verbal offer is extended

    Complete pre-employment screening once a verbal offer is extended. Medibank screening typically includes right-to-work verification, a National Police Check, professional registration confirmation for clinical or regulated roles, employment references usually covering the prior three to five years, and for technology, cyber, finance, and senior roles often a credit check and a more detailed background screening through a third-party provider.

  8. 8
    Onboard through Medibank's pre-hire portal

    Onboard through Medibank's pre-hire portal. Day one orientation includes mandatory data protection, privacy, information security, and customer-handling training, plus role-specific compliance modules. Post-2022, security awareness training and identity-handling protocols carry materially more weight in onboarding than they did at most Australian financial services employers historically.

Resume Tips for Medibank Private

recommended

Format for Australian recruitment portal parsing

Format for Australian recruitment portal parsing. Use a single-column layout, conventional section headings (Professional Summary, Experience, Education, Qualifications, Technical Skills), Arial or Calibri 10 to 12 point, and avoid text boxes, multi-column layouts, headers and footers, tables, and graphics. The Medibank careers portal performs automated parsing on every uploaded document, and parser failures account for a significant share of unfair early-stage rejections across all major Australian employers.

recommended

Mirror the language of the job description, particularly for Australian regulato

Mirror the language of the job description, particularly for Australian regulatory acronyms (APRA, ASIC, OAIC, AUSTRAC, ACCC, AHPRA where applicable), Medibank-relevant business areas (private health insurance, PHI, hospital cover, extras, ancillary, ahm, claims, member experience, health services), technology platforms (Salesforce Health Cloud, ServiceNow, Snowflake, Azure, AWS, Databricks, Pega, Genesys, Power BI, Tableau), and cybersecurity and risk frameworks (ISO 27001, NIST CSF, Essential Eight, ASD ISM, APRA CPS 234, Privacy Act 1988, Notifiable Data Breaches scheme).

recommended

Quantify your impact with specific Australian context where possible

Quantify your impact with specific Australian context where possible. For customer and operations roles cite call volumes handled, average handle time, first contact resolution rates, NPS movement, and complaints resolution data. For claims roles cite claims volumes, automation rates, leakage reduction, and recovery outcomes. For actuarial and finance roles cite premium income, loss ratios, claims experience, capital ratios, and pricing impact. For technology and cyber roles cite users, transactions per second, incident volumes, mean time to detect and respond, system availability, and quantified risk reductions.

recommended

Surface regulated-industry experience prominently

Surface regulated-industry experience prominently. Prior work at Bupa Australia, NIB, HCF, HBF, Australian Unity, Teachers Health, or any other registered private health insurer accelerates credibility immediately. So does adjacent regulated experience at the Big Four Australian banks, AMP, Macquarie, IAG, Suncorp, Allianz Australia, QBE, Mercer, AustralianSuper, or any APRA-regulated entity. Australian Government health and human services experience (Services Australia, Department of Health and Aged Care, AIHW) is particularly valued in policy, strategy, and health services roles.

recommended

Lead with a concise professional summary of three to four lines that names your

Lead with a concise professional summary of three to four lines that names your function, years of experience, regulated-sector exposure, and one or two signature achievements. Australian recruiters screen high volumes of CVs and rely heavily on the top third of page one to decide whether to read the rest, particularly for high-volume customer service and claims requisitions where Medibank may receive several hundred applications for a single posting.

recommended

Highlight any genuine alignment with Medibank's stated mission of better health

Highlight any genuine alignment with Medibank's stated mission of better health for better lives. Examples that read well include voluntary work in community health, mental health advocacy, allied health support, cancer or chronic disease support organisations, or work that has touched the Australian healthcare system in a meaningful way. Avoid the failure mode of reciting Medibank marketing language back at the company; specific personal narrative consistently outperforms generic enthusiasm.

recommended

List Australian professional memberships and certifications where relevant, incl

List Australian professional memberships and certifications where relevant, including FIAA (Fellow of the Institute of Actuaries of Australia) for actuarial candidates, GAICD or AICD memberships for senior leadership roles, CISSP, CISM, CRISC, CEH, or SABSA for cyber roles, AGSM, MBA, or other Australian executive education credentials for senior commercial candidates, and Lean Six Sigma, ITIL, PRINCE2, or AgilePM for operations and delivery roles.

recommended

Keep the CV to two pages for most roles, three pages only for executive or highl

Keep the CV to two pages for most roles, three pages only for executive or highly technical positions where additional depth is genuinely warranted. Save and submit as PDF. Name the file FirstName-LastName-CV-Medibank.pdf so it is easy for the recruiter to identify in their inbox or candidate review tools.

ATS System: generic_careers

Apply via https://careers.medibank.com.au.

  • Apply via careers.medibank.com.au; create a reusable candidate profile
  • Avoid multi-column CV layouts, tables, and graphics that break Australian portal parsers
  • Mirror Australian private health insurance and APRA terminology from the job description
  • Right-to-work in Australia is required for most roles; sponsorship is selective and typically reserved for senior actuarial, cyber, and specialist technical positions

Interview Culture

Interviewing at Medibank reflects what you would expect from a privatised former government insurer that is also an ASX 100 company operating in the wake of a defining cybersecurity incident: respectful, structured, behaviourally rigorous, weighted toward judgment and customer empathy, and quietly serious about regulatory and ethical conduct in a way that is not always immediately visible from the outside. Most candidates report a process that takes three to six weeks from application to offer, with two to four rounds of conversations once they advance past the recruiter screen. The pace is professional and the tone is measured, in keeping with Melbourne corporate culture more broadly; recruiters are generally attentive about communicating status, providing feedback windows, and confirming next steps in writing. Behavioural interviewing anchored to Medibank's Values and Behaviours framework is the dominant style across virtually every business unit. Interviewers will probe specific past situations using STAR-style questioning (Situation, Task, Action, Result), looking for concrete actions you took, the trade-offs you weighed, and the measurable outcomes you produced. Expect questions about times you put a customer or member first when commercial pressures pulled the other way, navigated a regulatory or compliance issue, recovered from a service failure, partnered across functions to deliver a difficult outcome, led without formal authority, or made a decision with imperfect information under time pressure. Examples that demonstrate genuine care for vulnerable customers, integrity under pressure, and the ability to balance commercial discipline with member outcomes consistently land well. Technical and functional depth matters and varies by track. Actuarial, finance, and pricing candidates can expect detailed questions on Australian private health insurance economics, APRA prudential standards, capital management, reserving methodology, premium rate-setting and the annual rate review submission to the Department of Health and Aged Care, lifetime health cover loading, and the interaction of community rating with risk equalisation. Customer operations and claims candidates will face scenario-based questions on member handling, complaints management, vulnerability identification, and how you would respond to a difficult customer interaction in a regulated environment. Technology, cyber, and data candidates encounter system design conversations, security architecture discussions on Azure or AWS, identity and access management deep-dives, and post-2022 specifically a heightened focus on data governance, privacy, breach response, and the practical operationalisation of APRA CPS 234 and the Privacy Act. Health services and corporate strategy candidates frequently face case studies on the future of integrated healthcare, the interaction with the public Medicare system, and Medibank's diversification strategy beyond the core insurance product. The culture skews collaborative and consensus-oriented rather than star-driven, which is consistent with both the Melbourne corporate environment and the company's heritage as a former government enterprise. Interviewers tend to dislike candidates who oversell, dismiss compliance and risk as bureaucracy, treat customer-facing operational roles as low-status, or speak in jargon without substance. They tend to reward candidates who demonstrate genuine curiosity about the Australian private health insurance system, can articulate why long-term member outcomes matter, ask thoughtful questions about strategy and the post-2022 transformation, and can talk credibly about both the commercial and the human dimensions of healthcare. For senior roles, particularly in technology, cyber, risk, legal, and communications, expect at least one interview round to include a direct, substantive conversation about the 2022 cyberattack, what it changed, and how you would contribute to the ongoing work of rebuilding customer trust. Candidates who treat that conversation as a meaningful question rather than a box-ticking exercise consistently outperform.

What Medibank Private Looks For

  • Genuine alignment with Medibank's stated purpose of better health for better lives, expressed through a personal narrative rather than a recited tagline. Interviewers can tell within minutes whether the mission resonates with you.
  • Customer-centric and member-centric thinking grounded in a real understanding of how Australian private health insurance products affect end customers, particularly during difficult moments such as serious illness, surgery, or chronic condition management.
  • Integrity and judgment under regulatory or fiduciary pressure, with concrete examples of acting on principle when shortcuts were available. APRA, ASIC, OAIC, ACCC, and the Private Health Insurance Ombudsman all sit close to Medibank's operating reality.
  • Comfort with the post-2022 cybersecurity and data-trust environment. Even in roles outside of cyber and technology, interviewers value candidates who have thought seriously about how trust is rebuilt and what good data stewardship looks like in practice.
  • Quantitative literacy and comfort with data, whether expressed through actuarial science, claims analytics, customer experience metrics, financial reporting, software engineering, or commercial decision-making.
  • Long-term commitment and a track record of meaningful tenure or progression in prior roles. Medibank's workforce skews longer-tenured than the Australian financial services average, and interviewers value builders who stay long enough to see initiatives land.
  • Melbourne corporate cultural fluency for HQ-based roles, or genuine regional understanding for state office and field-based roles. The company is not New York or London in tempo or style; candidates who arrive expecting otherwise tend to read poorly.

Frequently Asked Questions

What ATS does Medibank use for applications?
Medibank operates a custom-configured Australian recruitment portal hosted at careers.medibank.com.au rather than a publicly branded enterprise ATS landing page. Applications are screened by in-house Medibank talent acquisition partners organised by business unit, and you should expect direct outreach from a Medibank recruiter rather than from a third-party agency for most permanent roles.
How does compensation at Medibank compare to Bupa Australia, HCF, and NIB?
Compensation across the major Australian private health insurers tends to be broadly comparable for like-for-like roles. A mid-level qualified actuary in Melbourne or Sydney can expect roughly A$110,000 to A$160,000 base plus superannuation across Medibank, Bupa Australia, NIB, and HCF, with senior actuaries in the A$160,000 to A$220,000 range and Chief Actuary or Appointed Actuary roles materially higher. Customer operations, claims, and entry-level corporate roles cluster within standard Australian financial services bands. Medibank and Bupa generally offer the deepest career ladders given their scale, while NIB and HCF can offer faster progression for high performers in smaller teams. Total reward also reflects standard ASX 100 short-term and long-term incentive structures for senior Medibank roles.
Does Medibank sponsor visas?
Yes, but selectively. Visa sponsorship at Medibank is most common for senior actuarial roles, specialist cybersecurity and identity roles where local Australian talent is genuinely scarce, and certain niche technology and data positions. For more generalist commercial, customer operations, claims, marketing, or junior corporate positions, Medibank typically prioritises candidates with existing Australian work rights. The company will sponsor where the role and the candidate justify it, not as a default.
Does Medibank run a graduate or intern programme?
Yes. Medibank runs the Medibank Graduate Programme, a structured early-career rotation programme open to recent Australian university graduates across business, technology, data, actuarial, and corporate functions. The programme operates on a fixed annual cycle with applications typically opening in the Australian autumn for following-year start dates. Assessment centres, often held in Melbourne, are a standard step in the selection process. Medibank also runs a smaller summer internship programme that frequently feeds into the graduate programme intake.
How has the 2022 cyberattack affected Medibank's culture and hiring?
The October 2022 cyberattack was a defining event for Medibank and continues to shape hiring priorities materially in 2025-2026. The company has publicly disclosed remediation costs in excess of A$70 million on top of ongoing security and trust investment. Cybersecurity, identity, fraud, data governance, privacy, legal, communications, and member trust are all elevated functions with executive sponsorship and ongoing recruitment. Cultural emphasis on customer trust, transparency in incident response, and the operational discipline of running a sensitive-data business has visibly increased. Candidates in technology, cyber, risk, and related tracks will find that this is one of the most genuinely interesting periods in Medibank's history to join, and interviewers expect candidates to engage thoughtfully with the topic rather than avoid it.
Is Medibank a good place to grow a cybersecurity or data career?
Yes, particularly in the current period. The post-2022 transformation has driven sustained, board-level investment in security architecture, identity and access management, fraud, data governance, privacy engineering, security operations, and the operationalisation of APRA CPS 234 and the Privacy Act. Cyber roles at Medibank carry meaningful business influence, board-level visibility, and unusually strong support from the executive team. Candidates with experience at Australian banks, government cyber agencies, or top-tier consultancies are particularly valued. The data and analytics function is similarly well-resourced, with significant cloud platform investment and a clear roadmap toward AI applications in claims, fraud, and member experience.
What's the difference between roles in claims, actuarial, and digital at Medibank?
Claims roles are the high-volume operational engine of the business, focused on processing hospital and extras claims, fraud detection, provider relationships, and member experience at the moment of truth. Actuarial roles are smaller in headcount but carry deep technical influence on pricing, reserving, capital management, and the annual rate review submission to the Department of Health and Aged Care. Digital and technology roles span the customer-facing app and web experience, the underlying claims and policy administration platforms, the data and analytics estate, and the substantial cyber and security organisation. Each track has its own career ladder, but cross-functional movement (particularly from actuarial into digital and from claims into product) is genuinely possible and reasonably common.
What are the strategic priorities under CEO David Koczkar?
Under David Koczkar, who became CEO in May 2021 having previously served as Chief Operating Officer, Medibank has emphasised four broad themes. The first is sustained investment in member experience and digital channels to differentiate on service rather than price in a community-rated market. The second is diversification beyond the core private health insurance product into broader health services, including health and wellbeing, telehealth, and partnerships with primary and allied health providers. The third is the ongoing post-2022 cybersecurity and trust transformation programme. The fourth is disciplined capital management and shareholder returns appropriate to an ASX 100 listed company. Candidates who can speak fluently to one or more of these themes in their interview tend to perform well.
Where is Medibank headquartered and is hybrid working available?
Medibank is headquartered at 720 Bourke Street in the Docklands precinct of Melbourne, with major secondary offices in Sydney CBD, Brisbane, and a network of state and regional offices including Adelaide and Perth. The company operates a hybrid working model for most corporate roles, with the specific in-office expectation varying by team and role. Customer-facing call centre roles, retail roles, and certain operational positions have higher in-office or in-centre requirements. Recruiters are generally transparent about the working pattern attached to a specific role early in the process.
How does Medibank's status as a former government insurer show up in the culture today?
More than a decade after the 2014 IPO, Medibank's heritage as a government-owned insurer remains visible in several ways. The workforce skews longer-tenured than the Australian financial services average, internal mobility is genuinely strong, and consensus-oriented decision-making is more common than the more directive styles seen at some Australian banks and insurers. The cultural commitment to community rating, member fairness, and the broader public role of private health insurance in the Australian healthcare system is genuine and shows up in product, regulatory, and policy decisions. At the same time, the company operates with full ASX-listed governance, investor-relations cadence, and earnings discipline, and the cultural transition from public-sector to listed-company norms is essentially complete at the executive level. Candidates who appreciate both halves of that heritage tend to settle in well.

Open Positions

Medibank Private currently has 35 open positions.

Check Your Resume Before Applying → View 35 open positions at Medibank Private

Related Resources

Career Guides for Medibank Private Roles

Related Articles

Sources

  1. Medibank Private Careers
  2. Medibank Investor Centre
  3. Medibank About Us
  4. ASX MPL Profile
  5. OAIC Statement on Medibank Cyber Incident
  6. ABC News: Medibank cyber attack coverage
  7. Australian Financial Review: Medibank coverage
  8. APRA Private Health Insurance
  9. Private Health Insurance Ombudsman