About the company 
Our client is a boutique security consultancy established at the end of 2022 by a team of esteemed and accomplished security professionals. Embedded within Australia's elite cybersecurity community, they possess extensive expertise in offensive security, garnered through years of collaboration with Fortune 500, ASX 100, and Federal Government entities. Their passion lies in cultivating comprehensive situational awareness and sophisticated strategies to diagnose, advise, and develop robust cyber security measures. Their primary focus is on safeguarding intellectual property, securing customer data, and maintaining control over both digital and physical business assets

About the role
Due to the company's rapid growth trajectory in the past year, catalyzed by strong relationships with esteemed Australian organisations, they are now at an exciting juncture of expansion, seeking to onboard their very first senior security consultant. Their core expertise lies in conducting comprehensive Web application (both white and black box) and network (both internal and external) penetration testing. Consultants operate in a full-circle capacity, managing tasks from initial scoping calls through to comprehensive report writing and conducting debrief sessions

Responsibilities 

•  Proven penetration testing abilities, ability to carry out manual penetration tests and use automated penetration testing tools.
• Experience reviewing web applications, thick client, source code, operating system and network security architectures. Expert level skills with testing tools including: Burpsuite, Kali Linux, nmap, sqlmap etc.
• Offensive/Red-team experience - knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.
• Proven ability to program and script in a variety of programming/scripting languages.
• Knowledge of either *-nix, Windows or Mac OS internals.
• Ability to communicate practical impact of vulnerabilities, build proof of concept code to exploit, define effective remediations, and liaise with developers to find a suitable solution.

What you need?

• You will be an experienced technologist with a demonstrable track record of delivering complex penetration testing engagements. =
• Minimum 3 years current experience actively working as a security consultant/penetration tester
• Deep knowledge of manually assessing infrastructure, web applications, networks, APIs, Mobile, including strong knowledge of Active Directory.
• Previous Red Teaming/Social Engineering experience is advantageous but not mandatory
• Knowledge of assessing cloud and hybrid environments (AWS/Azure/GCP) is also desirable
• Deep knowledge of various Operating Systems and network principles
• Strong understanding of OWASP, OSSTMM, MITRE ATT&CK frameworks
• Ability to adapt to complex ever changing environments and to quickly understand, and exploit to your advantage, such environments.
• Experience of scoping complex and bespoke engagements for large enterprise networks and applications
• Proficiency in writing technical documentation, helping to set company standards for reporting.
• Superb written and spoken English skills are vital for compiling high-quality reports and liaising with stakeholders.
• Abilities to work autonomously with minimum supervision
• Desired certifications - OSCP, OSWE, CEH, CRT, CISSP etc.

What's in it for you?

• Abilities to influence and help with strategic direction of the business
• Dedicated research time
• Paid conferences/events
• Fully remote only! 
• Outcome driven environment with lots of flexibility around working hours. Work when you desire! 
• Allocated budget for certifications.
• Surround yourself with some of the best technical minds. Massive opportunities for learning and development.

Although this is a fully remote position, candidates must be based in either New Zealand or Australia. Due to nature of this role, we are only accepting applications from candidates who have existing legal rights to work either NZ or Australia.