Job Snapshot

Greater Western Sydney
Employment Type:
Job ID:

Job Summary

  • Senior Pen Tester role
  • Enterprise Cyber Security function
  • Very attractive rate

Penetration Tester required for an Enterprise Cyber Security function for one of our large NSW State Government clients that are investing heavily into the capability uplift and maturity of its Cyber Security.


  • Undertaking penetration tests of web applications, mobile applications, infrastructure, networks, and cloud applications, using a combination of manual and automated tools.
  • Identify cyber security weaknesses, explore impacts through exploitation, document results, and provide effective remediation recommendations.
  • Create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities.
  • Documentation and presentation of results and providing effective remediation recommendations.
  • Assist in security issue response in coordination with other teams across the company or externally, as required.
  • Maintaining up-to-date industry knowledge of advancements in hardware and software technologies and their potential security implications.
  • Develop solutions and testing approaches to problems for situations for which information is incomplete or for which no precedent exists.

Experience and Qualifications

  • CREST, OSCP, or equivalent certification.
  • Degree in Computer Science, Information Technology or equivalent (or compensating experience).
  • 5+ years in penetration testing across several of the following domains: web applications, mobile applications, infrastructure, networks, and cloud security.
  • Demonstrated advanced knowledge of penetration testing. A strong understanding of information security governance, risk, and compliance.
  • Advanced knowledge of web applications; standard internet protocols, and web technologies.
  • Advanced knowledge of common application security threats, such as SQL injection, Cross Site scripting etc.
  • Advanced experience with tools such as Nessus, nmap, Kali, ZAP, Metasploit, Burp Suite, etc.
  • Advanced knowledge of the OWASP and MITRE ATT&CK frameworks.

To apply directly or learn more, contact