Hey, Pen Testers, eager to sink your teeth into proper, actual red team engagements? The testing of webapps and infrastructure off to one side, let’s start with some of the more interesting technology you’ll be playing with, and engagements you’ll be delivering in this Senior Red Team Consultant role:
- Embedded / IoT devices: wearables, various Bluetooth devices, vehicle systems, electronic signage in public spaces, petrol stations / petrol pumps, train station displays, etc.
- Red team engagements in the OT space – for instance, literally trying to gain access to a physical mine site, aiming to compromise both the IT and OT environments.
- Red team engagements in the consumer space – ever fancied red teaming a cinema chain? Could be fun, that.
- Red team engagements in the critical infrastructure space (think major port infrastructure), where all your Amazon orders are delivered to. Tell me you don’t have a vested interest in helping protect such an environment.
Below are a couple of legitimate, verbatim quotes from an Offsec Consultant I assisted in landing a job with with this boutique offensive security consultancy (this is them talking, not me):
- “These guys have streamlined a lot of the tedious processes that other consultancies ignore.”
- “Really friendly teammates, went on a red team on my second day and it was super interesting!”
Those bullets above give just a small taste of what you’ll be doing. This business, and this Red Team, are technologists in the truest sense of the word. They test anything, they test everything. If they’re asked to test something they’ve never played with before, they take 5, figure out how to best approach things, and get on with it.
Point is, the technology you’ll be testing can be weird, wonderful, downright interesting, but it can also be unknown. SCADA systems one day, infrastructure the next. Break into a factory today, toy with a wearable device tomorrow.
While this is a consulting environment (one which happens to focus on more than just testing webapps ad infinitum), there’s so much repeat business that the need to “sell” almost doesn’t exist.
There’s also a fantastic spread of clients in different, interesting industries, so rest assured you won’t be servicing a big bank followed by… another big bank. You’ll be plying your trade in spaces like critical infrastructure, manufacturing, FMCG, construction, energy & resources, logistics, etc. Some clients will be multinationals with slick systems, and others will be smaller businesses with legacy systems dotted with different tech.
Your work will be Australia focused, but on occasion you’ll be sinking your teeth into work in the wider Asia-Pacific region.
Why else might you be keen to join this well-oiled machine of a red team?
- A base salary of up to $180k (super applied atop this base salary figure).
- A double-digit bonus which is calculated as a percentage of your salary package (base + super). Genuine, legitimate, true flexibility (and a boss and colleagues who actively encourage you to go live your life, instead of being glued to your job)
- Some maaaaaaad corporate discounts (seriously).
Are you an Aussie citizen who’s Sydney-based, with a solid amount of testing under your belt, a relevant cert like the OSCP in your hand, and an itch to move into an environment where you work is valued, and one which will genuinely allow you to flex your broader offensive security muscles skills beyond only webapps? If so, reckon you might like this one.
Please know that any application you make is treated with abject confidentiality. The only people who will know you’ve applied are you, and me. Reach out, say hi, and let’s have a chat about YOU.
HOW TO APPLY Click APPLY and/or contact Michael directly on mpearman@decipherbureau.com for a 100% confidential, informal conversation where your privacy will absolutely be respected.
Decipher Bureau and the clients we partner with are committed to creating a diverse environment and are proud to be equal opportunity employers. All qualified applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.