## Penetration Tester
## Position Overview
We are looking for a skilled and driven Penetration Tester to join our cybersecurity team and play a critical role in identifying and addressing vulnerabilities across our systems, networks, and applications. In this role, you will design and execute comprehensive penetration testing engagements, simulate real-world cyber threats, and deliver actionable insights that strengthen our security posture. The ideal candidate brings strong technical expertise, a methodical approach to problem-solving, and a passion for ethical hacking and offensive security practices.
## Key Responsibilities
- Develop, plan, and execute penetration testing methodologies across networks, web applications, cloud environments, and internal infrastructure to uncover security weaknesses before they can be exploited
- Design detailed test cases through in-depth technical analysis of risks, common vulnerability patterns, and threat intelligence relevant to the organisation's environment
- Produce comprehensive test scripts, materials, and testing packs to evaluate both new and existing software, services, and systems for security vulnerabilities
- Plan and conduct cyber threat emulation activities — including adversary simulation and red team exercises — to validate the effectiveness of technical security controls and identify gaps in defences
- Identify exploitable vulnerabilities and map potential attack vectors into systems, analysing scan results and manual findings to assess the severity and risk of security loopholes
- Carry out social engineering assessments, including simulated phishing campaigns, to evaluate the effectiveness of security awareness programmes and staff resilience to human-focused threats
- Perform thorough post-engagement analysis and produce clear, well-structured reports that communicate technical findings and risk ratings to both technical teams and senior stakeholders
- Provide prioritised, practical remediation recommendations and work collaboratively with development and infrastructure teams to support the resolution of identified vulnerabilities
- Stay current with emerging attack techniques, exploit research, CVEs, and evolving threat landscapes to ensure testing methodologies remain effective and up to date
- Support certification, accreditation, and compliance activities by providing security assurance testing aligned with relevant frameworks and regulatory requirements
- Contribute to the continuous improvement of internal security testing processes, tooling, and documentation to enhance the team's overall capability and efficiency
## Required Qualifications & Skills
- Demonstrated experience in penetration testing, ethical hacking, or a closely related offensive security role
- Proficiency with industry-standard penetration testing tools such as Metasploit, Burp Suite, Nmap, Nessus, Cobalt Strike, or similar
- Strong understanding of network protocols, operating systems (Windows and Linux), web application architectures, and cloud platforms (AWS, Azure, or GCP)
- Practical knowledge of common vulnerability frameworks and standards, including OWASP Top 10, MITRE ATT&CK, CVE, and CVSS
- Experience conducting vulnerability assessments, threat modelling, and risk analysis across varied technical environments
- Ability to write clear, professional reports tailored to both technical and non-technical audiences, articulating findings, risks, and recommended remediation actions
- Solid understanding of security principles, defence-in-depth strategies, and secure development practices
- Relevant industry certification such as OSCP (Offensive Security Certified Professional), CEH, or equivalent
- Strong analytical and critical thinking skills with meticulous attention to detail
- Demonstrated ability to manage multiple engagements simultaneously and work effectively both independently and within a collaborative team environment
## Preferred Qualifications
- Advanced certifications such as OSCE, OSEP, GPEN, GWAPT, or CREST-accredited qualifications
- Experience with red team operations, purple team exercises, or adversary simulation engagements
- Familiarity with scripting or programming languages such as Python, Bash, PowerShell, or Ruby for custom tool development and automation
- Exposure to ICS/SCADA, IoT, or operational technology (OT) security testing environments
- Experience working within regulated industries or environments subject to frameworks such as ISO 27001, NIST, or the Australian Government Information Security Manual (ISM)
- Knowledge of cloud-native security testing techniques and containerised environment assessments
## Why Join Us?
- Work on technically challenging and varied engagements across diverse industries, giving you genuine breadth of experience and ongoing professional growth
- Access a structured professional development budget to pursue advanced certifications, attend industry conferences, and build on your existing skill set
- Enjoy flexible working arrangements, including hybrid options, that support a healthy work-life balance
- Be part of a collaborative, high-performing security team that values knowledge sharing, innovation, and a strong ethical approach to cybersecurity
- Contribute to meaningful work that directly protects organisations and individuals from real-world cyber threats
## Job Details
- Job Type: Full-time, Permanent
- Work Schedule: 8-hour shift
- Salary: $70,000 – $120,000 per year + Super
Job Types: Full-time, Permanent
Pay: $70,000.00 – $120,000.00 per year
Benefits:
Application Question(s):
- Are you currently in Australia?
- Are you looking for visa sponsorship?
- How many years of experience do you have?
Work Location: Hybrid remote in Sydney NSW 2000
