Let’s start with something a bit different. Below are very real quotes from
other pen testers that we’ve helped secure jobs with this boutique offensive security consultancy. This is them talking, not us:
- “Super excited about the work I’m involved in, and my wifey is likely tired of me talking about it, haha.”
- “(COMPANY NAME) is going great. Just what I was looking for. The work’s well organised and there’s no corporate nonsense. Thanks heaps for setting me up with this gig :)”
- “I’m loving it here, new things to learn every day and the crew is epic. Cheers for hooking me up.”
- “It’s great! (BUSINESS OWNER) is amazing and the team are lovely. Thanks again, I’m super happy mate.”
With that out of the way, are you OSCP certified, based in Sydney w. Aussie work rights? Are you experienced, perhaps with GitHub repo busting at the seams with cool tools you’ve created? Maybe a CVE under your belt? You might like this one.
So exactly why might you like this? How about…
- You’ll earn a base salary up between $130 - $160k aligned with your skills and experience (you’ll be paid super atop this base figure).
- ZERO SALES! This is a purely technical role, just offensive security work.
- You can 100% work from home from anywhere in Sydney. Despite WFH all-day, every-day, there will be the occasional on-site engagement, hence the Sydney requirement.
- You’ll be joining a business who are small and nimble by choice! They choose to remain agile. They choose to not be a “bums on seats” consulting sweatshop. They wilfully look at the big, lumbering security consultancies out there – you know the ones – and say “not our style.”
- You’ll be encouraged to travel to attend industry events and conferences.
- There’s a legit, real culture of collaboration and cohesion – nobody is left to fend for themselves, knowledge is shared, and everyone learns from everyone.
- Apart from the usual bread & butter pen tests (webapps, API’s, etc.), you’ll get involved in proper red team engagements (everything from internal hacks, physical infiltrations, phishing campaigns, social engineering, simulations, etc.) – some VERY interesting stuff.
- This business will pay for you to obtain industry certs, whatever they cost; there is no “XYZ” training budget per year. Want your CRT? Go for it, and it won’t cost you a cent. Keen on your OSWP? Great, this business will facilitate that for you. CRTP more of interest to you? Do it. You get the picture.
- You’ll receive regular pay reviews, be fairly rewarded for your work and receive a bonus component which grows every year, to some quite substantial numbers, it must be said.
- You’ll be working with some genuinely great people. This one’s difficult to qualify, but take my word for it; you’re potential future colleagues are downright decent, intelligent and fun.
Now, if you’re already working as a tester, we won’t bore you by breaking down every single task you’ll be doing day-to-day. Suffice it to say, you’ll be playing with wireless assessments, webapps, API’s, a bit of AppSec, internal and/or external testing, the red teaming piece and all that comes with it (physicals, phishing, social eng., simulations, etc.), mobile testing, thick client, etc., etc., etc. There will also be the usual interacting with clients across a variety of industries and report writing (with automation), but do you know what there won’t be? Sales. This can’t stress this enough –
this is a 100% technically focused role. So, what is this boutique business looking for? An established tester who’s tested in the above domains, who holds OSCP or CREST certs. This isn’t a role for someone early in their career and while years of experience tends to be an iffy metric against which to measure skill, use 4-5 years as an imperfect benchmark of minimum time working as a pen tester. You need to be able to operate effectively and independently, although you’ll never be left alone as an island.
So, who might this role appeal to?
- Maybe someone working for a BIG (*cough* 4 *cough*) consultancy who’s bored of (pre)sales, BD and putting boooooring PowerPoint presentations together, and who simply wants to focus on technical testing.
- Someone who wants the convenience of working from the comfort of their own home, and not being shackled to a desk for X, Y, or Z days per week, which is becoming the norm (Cheers, Amazon!).
- Someone who actually wants to be part of a brilliant team who share info and help one another – if you’re a lone wolf, this probably isn’t the environment for you.
- Someone bored of testing webapps day in, day out, and who wants legit exposure to technically interesting work, and a plethora of cool tools with which to play.
Reach out, say hi, and let’s have a chat about YOU. Contact me, Michael, directly on mpearman@decipherbureau.com or apply to this role. Please rest assured anything discussed is kept 100% confidential, and only between you and me.
Decipher Bureau and the clients we partner with are committed to creating a diverse environment and are proud to be equal opportunity employers. All qualified applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.