This isn't a "compliance checkbox" pen testing role
. If that's your jam, all good, but this probably isn't the role for you.
If you've got full Aussie work rights and your OSCP, please, keep reading.
This is deep-dive, think-like-an-adversary, earn-your-repeat-business kind of work. You'll join a boutique offensive security consultancy that deliberately stays small, sharp, and technical. They pen test for risk, not to tick off ISO items, and their clients span government, finance, healthcare, education, and tech. Mostly mid-market, where the work is complex and interesting, but not suffocated by red tape.
Here, you'll: - Get your hands dirty with web, mobile, internal/external network, wireless, and thick client testing
- Jump into red team engagements - internal hacks, phishing, social engineering, physical infiltration
- Share knowledge with a crew that swaps exploits, tools, and techniques in real time
What you won't get: Micromanagement, time tracking, or pointless stand-ups. You'll work how and when you need to, fully remote across Australia's East Coast.
They've built a strong reputation in the offensive space, not through headcount or hype, but because their team is genuinely good at what they do. It's a place where folks tend to stick around, upskill, and occasionally get flown around for conferences.
What's in it for you: - Up to $150k base aligned with your skills and experience
- Fully remote WFH culture (East Coast Australia)
- Training is supported and covered, not a token budget
- Zero sales or BD - this is pure technical focus
If you're a seasoned pen tester who values autonomy, technical depth, and a team that genuinely gets it, let's have a casual, confidential chat.