Offensive Security Consultant

2 weeks ago


Sydney, New South Wales, Australia Deloitte Full time
This is a Offensive Security Consultant role with Deloitte based in Sydney, NSW, AU
== Deloitte ==

Role Seniority - senior

More about the Offensive Security Consultant role at Deloitte

Description:

Job Requisition ID: 36732

  • Salary packaging – to suit your personal and financial circumstances

  • Flexible work arrangements – work in a way that suits you best

  • Rewards platform – your hard work won't go unnoticed at Deloitte

We currently have multiple vacancies across from Senior Analyst to Senior Manager level in our Offensive Security team

About The Role

As part of the Deloitte Offensive Security team, you'll be responsible for defining, carrying out, and overseeing penetration testing projects to uncover security vulnerabilities in client's IT systems. You will be required to report on the identified vulnerabilities and provide recommendations for their remediation. Additionally, you will play a crucial role in the team, and other members will look to you as a subject matter expert for guidance and mentorship.

In this role you will respond to client requests, anticipating and meeting client problems and needs using innovative approaches when applicable. You will be involved in all aspects of security and vulnerability management engagements which include but are not limited to:

  • Network and host layer penetration tests and vulnerability assessments

  • Firewall, networking, and security device reviews

  • Web application assessments

  • API assessments

  • Mobile application assessments

  • Red Teaming - targeting technical, physical and human layers of an organisation's security controls.

  • Source code reviews using manual and automated tools.

  • Malware reverse engineering

  • Wireless Assessments

  • Closing meetings to present findings to the client.

  • Detailed reporting and proposal writing

About The Team

Positioned first globally in Security Consulting Services for the 6th year in a row. Yep, that's Deloitte. The cyberspace is constantly evolving and so are the threats that it brings. That's why our work is more meaningful (and exciting) than ever. Always one step ahead, we predict risks and safeguard our clients through end-to-end solutions. More importantly, we help clients unlock new opportunities through safer and more secure systems and policies.

About

Enough about us, let's talk about you.

We are currently looking for experienced Penetration Testers at Senior Analyst, Manager and Senior Manager levels with the following experience and qualifications:

  • Hold a current OSCP or CREST Certified Tester (CCT) in either Infrastructure or Web Applications or similar certification or be in a position and level to pass the exam for the certification

  • For more senior roles, experience in Red Team engagements. With a capability in line with the CORIE framework or similar (e.g. CBEST, TIBER) Experience in working with applications that perform a wide range of business functions - ideally across multiple industries

  • Ability to understand and assess applications from both a technical and business function perspective

  • Good experience in performing web application penetration testing and development of supporting business and technical-level reporting

  • Innovative and analytical in your approach to performing penetration testing, particularly of novel devices and environments

  • Capable of working to strict deadlines and prioritising work appropriately

  • The ability to develop scripts or code to automate testing and develop bespoke attacks

  • Good communication skills with an ability to explain complex technical issues to non-technical business clients

  • Excellent written skills with demonstrated ability to write reports and proposals. Including the ability to discuss findings from a risk perspective with clear remediation advice specific to the client's environment.

Experience in one or more of the following:

  • Reverse engineering

  • Web Applications

  • API's and Microservices

  • Exploit Development

  • Application vulnerability assessment

  • Mainframe systems

  • Mobile platforms (iOS/Android/Windows/etc)

  • Social Engineering

  • Endpoint protection

  • Practical exposure to security appliances such as firewalls, proxies, NIPS/HIPS and network security applications

  • Working knowledge of web concepts such as Ajax, XML, SOAP, and WS-Security

  • Familiarity with the Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP) and National Institute of Standards and Technology (NIST) Special Publications.

  • Familiarity with penetration testing and vulnerability tools such as Cobalt Strike, Kali Linux, dsniff, nessus, nmap, MetaSploit, CoreImpact, Qualys, tcpdump, wireshark, Nikto, Aircrack-ng, Hailstorm, Burp Suite, etc.

  • Strong programming experience with Visual Basic and C/C++ or Java languages

  • Networking: LAN, WAN, interworking technologies

  • Good understanding of IaaS environments like Azure, AWS and GCP

Why Deloitte?

At Deloitte, we focus our energy on interesting and impactful work. We're always learning, innovating and setting the standard; making a positive difference to our clients and our society. We put coaching at the heart of what we do, helping our people grow their careers in any direction – whether it be up, moving into something new, or even moving across the world.

We embrace diversity, equity and inclusion. We have a diverse collection of people from different backgrounds, with different experiences, gender identities, abilities and thinking styles. What binds us together is a shared commitment to value everyone's perspective and to cultivate inclusion; so that our work environment is a safe space we can all belong.

We prioritise flexibility and choice. At Deloitte, you get trust on Day 1. We know our people get their best work done when they're in control of where and how they work, designing their work week around their client, team and personal commitments.

We help you live and work well. To support your personal and professional life, we offer a range of  perks and benefits , including retail discounts, wellbeing leave, paid volunteering days, twelve flexible working options, market-leading parental leave and return to work support package.

Next Steps Sound like the sort of role for you? Apply now.

By applying for this job, you'll be assessed against the Deloitte Talent Standards. We've designed these standards so that you can grow in your career, and we can provide our clients with a consistent and exceptional Deloitte employee experience globally. The preferred candidate will be subject to background screening by Deloitte or by their external third-party provider.

Before we jump into the responsibilities of the role. No matter what you come in knowing, you'll be learning new things all the time and the Deloitte team will be there to support your growth.

Please consider applying even if you don't meet 100% of what's outlined

Key Responsibilities
  • Conducting penetration tests
  • Reporting vulnerabilities
  • Client engagement
Key Strengths
  • Penetration testing
  • Vulnerability assessment
  • Client communication
  • Red Teaming
  • Scripting and automation
  • Reporting and proposal writing
Why Deloitte is partnering with Hatch on this role. Hatch exists to level the playing field for people as they discover a career that's right for them. So when you apply you have the chance to show more than just your resume.

A Final Note: This is a role with Deloitte not with Hatch.

  • Sydney, New South Wales, Australia Macquarie Group Full time

    Join to apply for the Senior Offensive Security Consultant role at Macquarie Group Join to apply for the Senior Offensive Security Consultant role at Macquarie Group Get AI-powered advice on this job and more exclusive features.Join our diverse team as we embark on our roadmap to strengthen Macquarie Group's security capability.As a security...


  • Sydney, New South Wales, Australia Macquarie Group Full time

    Join to apply for the Senior Offensive Security Consultant role at Macquarie GroupJoin to apply for the Senior Offensive Security Consultant role at Macquarie GroupGet AI-powered advice on this job and more exclusive features.Join our diverse team as we embark on our roadmap to strengthen Macquarie Group's security capability. As a security professional,...


  • Sydney, New South Wales, Australia beBeeSecurity Full time $160,000 - $190,000

    Senior Offensive Security ConsultantThis is a senior-level security position responsible for delivering complex offensive security engagements and contributing to the company's security practices on a tactical and strategic level.Key Responsibilities:Design, scope, and execute penetration tests to evaluate the security of computer systems and...


  • Sydney, New South Wales, Australia Macquarie Bank Limited Full time

    Join our diverse team as we work to enhance Macquarie Group's security posture. You will collaborate with security professionals to deliver complex offensive security engagements and contribute to Macquarie's security practices at tactical and strategic levels.At Macquarie, we value diversity and empower our people to shape possibilities. As a global...


  • Sydney, New South Wales, Australia Macquarie Bank Limited Full time

    Join our diverse team as we strengthen Macquarie Group's security capabilities. As a security professional, your key role will be to deliver complex offensive security engagements and contribute to Macquarie's security practices on both tactical and strategic levels.While Macquarie offers hybrid working arrangements, this role requires three days a week in...


  • Sydney, New South Wales, Australia Macquarie Bank Limited Full time

    Join our diverse team as we strengthen Macquarie Group's security capabilities.As a security professional, your key role will be to deliver complex offensive security engagements and contribute to Macquarie's security practices on both tactical and strategic levels.While Macquarie offers hybrid working arrangements, this role requires three days a week in...


  • Sydney, New South Wales, Australia Macquarie Bank Limited Full time

    Join our diverse team as we strengthen Macquarie Group's security capabilities. As a security professional, your key role will be to deliver complex offensive security engagements and contribute to Macquarie's security practices on both tactical and strategic levels. While Macquarie offers hybrid working arrangements, this role requires three days a week...

  • Security Specialist

    2 weeks ago


    Sydney, New South Wales, Australia beBeeCybersecurity Full time $80,000 - $120,000

    Imagine working with an extraordinary team to build a better world.We bring together individuals who share our passion for security and innovation to tackle complex challenges.Our MissionWe strive to be the leaders in security testing services, pushing the boundaries of what's possible.Our portfolio includes web, mobile, and network penetration testing, as...


  • Sydney, New South Wales, Australia beBeeCybersecurity Full time $160,000 - $250,000

    Senior Security ConsultantA high-level opportunity for seasoned penetration testers and red teamers awaits.As a Senior Security Consultant, you will have the autonomy to lead security assessments across various systems and organisations, uncovering vulnerabilities and collaborating with clients on remediation plans.With a passion for offensive cybersecurity,...


  • Sydney, New South Wales, Australia beBeeOffensiveSecurity Full time $120,000 - $160,000

    As an experienced offensive security professional, this role offers the opportunity to transition from hands-on testing into a strategic position. You will leverage your technical foundation to develop business solutions through pre-sales consulting.This is a chance to drive business growth by translating your technical expertise into valuable business...