Hey, Pen Testers, OSCP certified, based in Australia w. Aussie work rights? Experienced, perhaps with a CVE under your belt or a GitHub repo with the cool tools you’ve created? Keep reading as we reckon you’ll like this one.
Now, we’ve done this before, but let’s start with something a bit different. Below are legitimate, verbatim quotes from
other pen testers that we’ve helped secure jobs with this boutique offensive security consultancy. This is them talking, not us:
- “(Company Name) is going great. Just what I was looking for. The work’s well organised and there’s no corporate nonsense. Thanks heaps for setting me up with this gig :)”
- “Super excited about the work I’m involved in, and my wifey is likely tired of me talking about it, haha.”
- “It’s great! (Business Owner) is amazing and the team are lovely. Thanks again, I’m super happy mate.”
- “I’m loving it here, new things to learn every day and the crew is epic. Cheers for hooking me up.”
Why might this company interest you? It might not, but if the below appeals to you…
- You’ll earn a base salary up to $155k (super atop this), in-line with your experience.
- ZERO SALES! This is a purely technical role. No BD, just offensive security work.
- You can 100% work from home from anywhere in Australia. Literally anywhere - Sydney, Melbourne, Adelaide, Perth, Darwin, Humpybong, Eggs and Bacon Bay, Prominent Nob, etc. And yes, those last 3 are legit placenames.
- You’ll be joining a business who are small and nimble by choice! They choose to remain agile. They choose to not be a “bums on seats” consulting sweatshop. They wilfully look at the big, lumbering security consultancies out there – you know the ones – and say “nah, that ain’t us.”
- You’ll be encouraged to travel to attend industry events and conferences (people from this company recently travelled to Las Vegas for Black Hat and Def Con – that could be you!).
- There’s a legit, real culture of collaboration and cohesion – nobody is left to fend for themselves, knowledge is shared, and everyone learns from everyone.
- Apart from the usual bread & butter pen tests (webapps, API’s, etc.), you’ll get involved in proper red team engagements (everything from internal hacks, physical infiltrations, phishing campaigns, social engineering, simulations, etc.).
- This business will pay for you to obtain industry certs, whatever they cost; there is no “XYZ” training budget per year. Want your CRT? Go for it, and it won’t cost you a cent. Keen on your OSWP? Great, this business will facilitate that for you. CRTP more of interest to you? Do it. You get the picture.
- You’ll receive regular pay reviews, be fairly rewarded for your work and receive a bonus component which grows every year, to some quite substantial numbers, it must be said.
- You’ll be working with some genuinely great people. This one’s difficult to qualify, but take my word for it; you’re potential future colleagues are downright decent, intelligent and fun.
Now, if you’re already working as a tester, we won’t insult your intelligence by breaking down every single task you’ll be doing day-to-day. Suffice it to say, you’ll be playing with wireless assessments, webapps, API’s, a bit of AppSec, internal and/or external testing, the red teaming piece and all that comes with it (physicals, phishing, social eng., simulations, etc.), mobile testing, thick client, etc., etc., etc. There will also be the usual interacting with clients across a variety of industries and report writing, but do you know what there won’t be? Sales/BD. I can’t stress this enough –
this is a 100% technically focused role. So, what is this boutique business looking for? An established tester who’s played in the above spaces, who holds OSCP or CREST certs. This isn’t a role for someone early in their career and while years of experience tends to be an iffy metric against which to measure skill, use 4-5 years as an imperfect benchmark of minimum time working as a pen tester. You need to be able to operate effectively and independently, although you’ll never be left alone as an island.
So, who might this role appeal to?
- Maybe someone working for a BIG (*cough* 4 *cough*) consultancy who’s bored of (pre)sales, BD and putting PowerPoint presentations together, and who simply wants to focus on technical testing.
- Someone who wants the convenience of working from the comfort of their own home, and not being shackled to a desk for X, Y, or Z days per week, which is becoming the norm.
- Someone who actually wants to be part of a brilliant team who share info and help one another – if you’re a lone wolf, this probably isn’t the environment for you.
- Someone bored of testing webapps day in, day out, and who wants legit exposure to technically interesting work, and a plethora of cool tools with which to play.
Reach out, say hi, and let’s have a chat about YOU. Contact me, Michael, directly on mpearman@decipherbureau.com or apply to this role. Please rest assured anything discussed is kept 100% confidential, and only between you and me.
Decipher Bureau and the clients we partner with are committed to creating a diverse environment and are proud to be equal opportunity employers. All qualified applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.