Datacom

Security Consultant – Offensive Security

Datacom

full-time

Posted on:

Location Type: Hybrid

Location: MelbourneAustralia

Visit company website

Explore more

AI Apply
Apply

Job Level

Junior

Tech Stack

JavaScriptLinuxPython

About the role

  • Perform comprehensive penetration testing on applications, APIs, networks and systems using both manual and automated methods.
  • Design and execute Breach & Attack Simulation (BAS) campaigns to test detection and response capabilities across customer environments.
  • Conduct AI Red Teaming assessments to identify vulnerabilities in machine learning models, LLMs, and AI-powered applications, including prompt injection, model poisoning, and data extraction attacks.
  • Formulate attack plans, test cases and working exploits during offensive security engagements.
  • Support Application Security initiatives including threat modelling sessions and secure code reviews, providing offensive security insights.
  • Prepare comprehensive reports detailing the results of offensive security testing and recommendations for remediation.
  • Deliver remediation workshops to clients, presenting findings, attack narratives, and practical remediation guidance.
  • Collaborate with Application Security and broader security teams to develop and implement effective testing capabilities and defensive strategies.
  • Conduct research and development to uplift offensive security capabilities and stay ahead of emerging threats.
  • Stay up-to-date with emerging security threats, vulnerabilities, AI security risks, and technology trends.

Requirements

  • Proven experience in Offensive Security and Penetration Testing within an enterprise or consulting environment, with a passion for adversarial testing and breaking things to make them stronger.
  • Experience or strong interest in Breach & Attack Simulations, AI Red Teaming, and emerging offensive security techniques.
  • Knowledge of application security principles, secure coding practices, threat modelling methodologies, and ability to support secure code reviews with an offensive mindset.
  • The ability to effectively communicate technical information to both technical and non-technical stakeholders, including executive-level presentations.
  • Relevant professional certifications, such as OSCP, eCPPT, eWPT, PNPT, GWAPT, eMAPT, OSWE, OSEP, or CRTO.
  • Proficiency in offensive security tools and platforms (Nmap, BurpSuite, Metasploit, Cobalt Strike, BloodHound, Kali Linux) and experience with BAS platforms is desirable.
  • Proven experience with programming and scripting languages (e.g., Python, Bash, PowerShell, JavaScript) for automation, exploit development, and code analysis.
  • Deep understanding of penetration testing methodologies (OWASP WSTG, OWASP ASVS, PTES, NIST SP 800-115) and security frameworks (NZISM, MITRE ATT&CK, NIST, CIS).
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
penetration testingBreach & Attack SimulationAI Red Teamingsecure coding practicesthreat modellingexploit developmentautomationcode analysisvulnerability assessmentoffensive security techniques
Soft Skills
effective communicationpresentation skillscollaborationresearch and developmentproblem-solvingadversarial mindsettechnical writingclient engagementworkshop facilitationstakeholder management
Certifications
OSCPeCPPTeWPTPNPTGWAPTeMAPTOSWEOSEPCRTO