Penetration Tester

• Remote working available within Australia only
• Must be an Australian Citizen as you will be working with government clients
• NV1 Security Clearance or Baseline Clearance (or the ability to obtain one) is highly advantageous

About the Role:

We are seeking an experienced Penetration Tester to join a well-established cybersecurity team, working alongside skilled professionals in both Red and Purple Team operations. This role is pivotal in identifying vulnerabilities, testing defences, and strengthening the organisation’s security posture through comprehensive penetration testing activities.

This is an opportunity to work in a dynamic and growing team, focusing on standard penetration testing (80% of the role) while gaining exposure to full-time Purple Teaming operations. The ideal candidate will have at least three years of hands-on experience in penetration testing and a solid understanding of Red Team methodologies.

Key Responsibilities:

• Conduct penetration tests on web applications, infrastructure, APIs, wireless networks, and internal systems.
• Assist in Red and Purple Team exercises, testing defensive capabilities and refining security measures.
• Perform threat hunting and analysis to proactively identify vulnerabilities and weaknesses.
• Document and report findings, collaborating with internal security teams to ensure effective remediation.
• Engage with stakeholders across technical and non-technical teams to communicate security risks effectively.
• Work autonomously while contributing to a highly collaborative environment.
• Occasional travel may be required to warehouse locations featuring automated robotic systems.

Skills & Experience:

• Minimum three years’ experience in penetration testing or Red Team operations.
• Strong experience conducting penetration testing across various systems (e.g., web applications, networks, APIs).
• Proficiency in scripting languages such as Python and PowerShell.
• Familiarity with industry frameworks such as MITRE ATT&CK, ISO 27000 series, or NIST Cybersecurity Framework.
• Strong knowledge of security tools such as Nessus, Metasploit, and Burp Suite.
• Hands-on experience with network and system administration, including infrastructure, cloud, and IoT security.
• Demonstrated problem-solving ability and strong communication skills.
• Ability to work independently without requiring close supervision.
• Experience in threat hunting and security research is highly regarded.

Preferred Qualifications:

• OSCP certification is preferred; other offensive security certifications (e.g., OSCE, OSEP) are highly favourable.
• NV1 Security Clearance or Baseline Clearance (or the ability to obtain one) is highly advantageous.
• Experience in Red/Purple Team operations is beneficial.
• Experience with Operational Technology security (SCADA, PLCs) is a plus.
• Strong background in scripting and automation for security testing.