Hey Pen Testers! Are you OSCP certified, based in Sydney, Melbourne or Brisbane w. Aussie work rights? Ever wanted to tackle a proper, “career defining” red team engagement? Maybe you’re the type with a GitHub repo bursting at the seams with cool tools you’ve created? Maybe you have a CVE or 2 under your belt? If so, maybe you’ll like this one.
So exactly why might you like this? How about…
- You’ll earn a base salary up between $130 - $160k aligned with your skills and experience (you’ll be paid super atop this base figure).
- ZERO SALES! This is a purely technical role, just offensive security work.
- You can 99.9% work from home from anywhere in Sydney, Melbourne or Brisbane. Despite WFH all-day, every-day, there will be the occasional on-site engagement, hence the East Coast requirement, and the 99.9% clarification (versus 100%).
- You’ll be joining a business who are small and nimble by choice! They choose to remain agile. They choose to not be a “bums on seats” consulting sweatshop. They wilfully look at the big, corporate consultancies out there – you know the ones – and say “nope, not our style.”
- You’ll be encouraged to travel to attend industry events and conferences.
- There’s a legit, real culture of collaboration and cohesion – nobody is left to fend for themselves, knowledge is shared, and everyone learns from everyone.
- Apart from the usual bread & butter pen tests (webapps, API’s, etc.), you’ll get involved in proper red team engagements (everything from internal hacks, physical infiltrations, donning disguises, phishing campaigns, social engineering, simulations, etc.) – some VERY interesting stuff (“career defining”, according to one person we helped secure a job with this business).
- This business will pay for you to obtain industry certs, whatever they cost; there is no “XYZ” training budget per year. Want your CRT? Go for it, and it won’t cost you a cent. Keen on your OSWP? Great, this business will facilitate that for you. CRTP more of interest to you? Do it. You get the picture.
- You’ll receive regular pay reviews, be fairly rewarded for your work and receive a bonus component which grows every year, to some quite substantial numbers, it must be said.
- You’ll be working with some genuinely great people. This one’s difficult to qualify, but take my word for it; your potential future colleagues are downright decent, intelligent, fun, and most happen to have wicked senses of humour, too.
Day-In-The-Life? Now, if you’re already working as a pen tester, we won’t bore you by breaking down every single task you’ll be doing day-to-day. Suffice it to say, you’ll be playing with wireless assessments, webapps, API’s, a bit of AppSec, internal and/or external testing, the red teaming piece and all that comes with it (physicals, phishing, social eng., simulations, etc.), mobile testing, thick client, etc., etc., etc. There will also be the usual interacting with clients across a variety of industries and report writing (with automation), but do you know what there won’t be? Sales. This can’t be stressed enough –
this is a 100% technically focused role. Got Skills? So, what is this boutique business looking for? An established tester who’s tested in the above domains, who holds OSCP or CREST certs. This isn’t a role for someone early in their career and while years of experience tends to be an iffy metric against which to measure skill, use 4-5 years as an imperfect benchmark of minimum time working as a pen tester. You need to be able to operate effectively and independently, although you’ll never be left alone as an island.
So, who might this role appeal to?
- Maybe someone working for a BIG (*cough* 4 *cough*) consultancy who’s bored of (pre)sales, BD and putting boooooring PowerPoint presentations together, and who simply wants to focus on technical testing.
- Someone who values depth when testing. This isn’t a compliance-base, tick-box pen testing business.
- Someone who wants the convenience of working from the comfort of their own home, and not being shackled to a desk for X, Y, or Z days per week, which is becoming the norm (Cheers, Amazon, a certain Aussie gaming company, and ¾ of our Big Banks!).
- Someone who actually wants to be part of a brilliant team who share info and help one another – if you’re a lone wolf, this probably isn’t the environment for you.
- Someone bored of testing webapps day in, day out, and who wants legit exposure to technically interesting work, and a plethora of cool tools with which to play.
But Wait, There’s More? Let’s finish with a flourish. Below are genuine quotes from
other pen testers we’ve helped secure jobs with this boutique offensive security consultancy. This is them talking:
- “Recently got the chance to do a career defining red team engagement. This is the closest to James Bond most of us will ever get!”
- “Super excited about the work I’m involved in, and my wifey is likely tired of me talking about it, haha.”
- “(COMPANY NAME) is going great. Just what I was looking for. The work’s well organised and there’s no corporate nonsense. Thanks heaps for setting me up with this gig :)”
- “I’m loving it here, new things to learn every day and the crew is epic. Cheers for hooking me up.”
- “It’s great! (BUSINESS OWNER) is amazing and the team are lovely. Thanks again, I’m super happy mate.”
Reach out, say hi, and let’s have a chat about YOU. Contact me, Michael, directly on mpearman@decipherbureau.com or apply to this role. Please rest assured anything discussed is kept 100% confidential, and only between you and me.
Decipher Bureau and the clients we partner with are committed to creating a diverse environment and are proud to be equal opportunity employers. All qualified applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.