- Work in one of the most advanced Cyber Security teams in Australia
- Work across an extremely broad range of technologies, and many innovative projects and systems.
- Supportive team environment, with a real focus on staff development and progression
- Remote working from home option available
About the Company :
Our client is looking for an experienced and dynamic penetration tester to join Australia's leading organisation in financial service industry.
About the role :
In this full-time role, you will be a key team member, responsible for penetration testing, offensive security consulting, attack breach and simulations and other security tasks.
- Conduct a range of penetration tests including; infrastructure, network, mobile application, WIFI and web application.
- Create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities.
- Develop technical solutions and new security tools to exploit security vulnerabilities and automate repeatable tasks.
- Have the flexibility to work on multiple projects as required.
- Lead or participate in attack and breach simulations, including; assessing and exploiting vulnerabilities, social engineering and conducting phishing campaigns.
- Report results of testing to project managers, service owners, developers and risk managers.
- Support team technical development through domain development or research and contribute to technical processes.
- Write comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement
Skills and experience :
- Minimum 2 -4 years' experience as a penetration tester
- Bachelor's degree in Engineering, Computer Science, OR other relevant industry certifications / experience.
- Ability to work closely with system owners, developers, engineers and/or project teams to perform scoping, threat modelling, and penetration testing from start to finish
- Thorough understanding of security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
- Demonstrated experience in security assurance across several of the following domains: web applications, mobile applications, infrastructure, networks, WiFi, cloud and container security, thick-clients applications, hardware and embedded systems, reverse engineering, POS terminals and ATMs, applied cryptography, block chain and smart contracts, etc.
- Experience in developing hacking tools, security research, advisories and presentations is an advantage
- Experience testing critical transactional systems in industries such finance and banking, government, and defence are highly desirable
- Maintain relevant industry certifications such as SANS or Offensive Security Certified Professional (OSCP)
- Problem solving skills and ability to work under pressure.