Job Description

Penetration Tester (NV1/NV2/TS Cleared)

We are seeking a security-cleared Penetration Tester to deliver security assessments across a mix of government and private sector clients. This role involves identifying vulnerabilities, simulating real-world attacks, and supporting compliance within regulated and security-sensitive environments.

Key Responsibilities

• Perform penetration testing and vulnerability assessments across networks, applications, cloud, and hybrid environments
• Simulate real-world attack scenarios to identify and exploit security weaknesses
• Deliver clear, actionable reports with risk ratings and remediation recommendations for both technical and non-technical stakeholders
• Support compliance with Australian Government frameworks (ISM, PSPF, DISP) where applicable
• Collaborate with client teams to validate remediation efforts and uplift security posture
• Contribute to red teaming and adversary emulation activities as required
• Ensure adherence to client security, legal, and data handling requirements

Required Skills & Experience

• Active NV1, NV2, or TSPV security clearance (mandatory)
• Proven experience in penetration testing across enterprise or consulting environments
• Strong understanding of common vulnerabilities and attack methodologies (OWASP Top 10, MITRE ATT&CK)
• Hands-on experience with tools such as Burp Suite, Metasploit, Nmap, Nessus, Kali Linux
• Ability to operate across multiple client environments with varying security requirements
• Strong communication skills, with experience presenting findings to clients

Desirable

• Certifications such as OSCP, CREST, OSWE, or GPEN
• Experience working with government and/or regulated industry clients
• Familiarity with EDR/SIEM platforms (e.g. CrowdStrike, Splunk)
• Background in security engineering, SOC, or consulting