Security Consultant / Pen Tester

Deliver on security testing engagements, grow your consultancy skills, progress your technical skillset and positively contribute to our culture.

The world is full of wicked problems to solve. That’s why we need you
The challenge of finding vulnerabilities that no one else has found is what gets you out of bed each morning.
You’re at your best when using your skills to solve problems that tackle the most critical challenges facing Australian enterprises and governments today.
You bring your whole self to work, because checking your personality at the door isn’t for you.

The work we do matters
We protect and defend our customers and communities by providing the widest range of cyber security professional services in the region.
With more than 1,300 team members across Australia, New Zealand, the UK and US, we are a leading force in cyber security, offering services from strategy, GRC, managed security services, cloud security, digital forensics and cyber education.
If you’re ready to work with teammates that get you, a leader that supports you and customers that need you, then you’re ready for CyberCX.
Unimagined opportunity with our Security Testing & Assurance team
On our team, you get access to an unmatched range of customers, work on unique projects and do it while working alongside some of the best in the industry.
If you’re keen to get out from behind a desk, we also test hardware (think ATMs, medical devices, satellites, and various operational technology) and we put our customers to the test with social engineering, red teaming, and physical penetration testing.
We celebrate our craft (think Hack of the Month), share our discoveries (internal conferences where we share our research) and you’ve probably seen our team at local meet ups and cons because we support and encourage them to get involved.
You might also know some of our team members from Channel 10’s Hunted (Australia).

What this role involves
As a Security Consultant your responsibilities are to deliver on security testing engagements, grow your consultancy skills, progress your technical skillset and positively contribute to our culture.
Day to day you will:

• Conduct security tests on customer information systems, infrastructure, software, network - remotely or onsite
• Provide robust and considered remediation advice that addresses security weakness and improves security posture
• Develop metrics to enable our customers to make informed decisions about the posture of their environment.

Skills and experience
This role requires full working rights in Australia (no current or future sponsorship).
A minimum of two years as a security testing/cyber practitioner in which you have developed capability in managing client expectations, your time, technical security testing, and report writing.

• Working knowledge of web application and network security, with hands-on experience in manual testing techniques and the use (and limitations) of automated scanners
• Effective stakeholder engagement and communication skills
• Strong analytical and problem-solving skills
• Knowledge of various operating systems and networks, especially Linux, Windows, and Active Directory
• Related certifications such as OSCP, CREST CCT (Applications or Infrastructure), SANS or other (apply even if you’re still working towards any of these)
• Experience with cloud and container technologies like AWS, Azure, or Kubernetes is a plus
• Proficiency in a programming language such as Python, Java, JavaScript, or C++ would be great.

Interested but don’t meet every item listed above? If you’re excited about this role but your experience doesn’t align precisely, please still apply. You could be just the right person for this role and CyberCX.

Great advantages for great people
A salary package that recognises your experience plus a range of advantages (just some of which are listed below – ask us for a benefits brochure).

• Flexible working in a hybrid arrangement (a blend of office and WFH) with modern and comfortable workplaces that accommodate different working styles
• All the usual leave entitlements plus additional paid leave options (including a day off for your birthday) and the chance to purchase extra leave each year
• Salary packaging options (such as a novated car lease)
• Health & Wellbeing program including access to our employee assistance service, mental wellness leave, online CyberCX Wellbeing Centre and workplace mental health first aiders
• Discounts on health insurance and gym membership plus savings on everyday groceries, electronics, technology, fuel, travel and more
• Personalised development planning, access to training and membership to industry organisations
• Employee interest groups and communities including a comprehensive Women in Cyber program
• A comprehensive reward and recognition program – with a special thank you every year on your anniversary!

Be yourself. We embrace diverse perspectives, experiences, and backgrounds. Please let us know if you require additional support or adjustments to assist with your recruitment experience.
We take security seriously. We require all employees to complete background checks (including police and global sanction list checks) annually.
Where appropriate, the CCX Talent Team will work with our preferred panel of agencies. Fees will not be paid for unsolicited resumes that are submitted directly to hiring managers and not through our approved process.