Ethical Hacking

Brand new role on greenfield cyber transformation program
- ASX50 company offering handsome remuneration & a learning & development
- Hybrid or remote working possible, open to all Australia.

**Ethical Hacking / Pentesting Lead**

On behalf of our client, an iconic ASX50 company, we are seeking a seasoned Ethical Hacking / Pentesting Lead, the first of its kind in this organisation. The Ethical Hacking / Pentesting Lead will join an elite and fast-growing implementation team to build out an ambitious cyber security services platform.

The Ethical Hacking / Pentesting Lead will be responsible for building & leading an offensive security service offering as well as creating testing frameworks & thought leadership to uplift capability.
- **Brand new role on greenfield cyber transformation program**:

- **ASX50 company offering handsome remuneration & a learning & development**:

- **Hybrid working in either Sydney, Brisbane or Melbourne**

The Ethical Hacking / Pentesting Lead will be responsible for the following duties:

- Function as both a hands-on technician, especially initially, and as a strategist
- Contribute to the building of defensive security capability aligned to business objectives
- Conduct hypotheses testing and rapid prototyping
- Create service catalogs, and execute vendor evaluations
- Create protocols and SLA's for vendors
- Lead attack simulations, and purple, blue and red engagements
- Lead the creation of an offensive security framework including standards and protocols
- Coach, mentor and train cyber security people across the organisation on all things offensive security-related to foster an attacker mindset culture
- Lead reporting, advisory and assessment with stakeholders across the organisation
- In order to test defensive solutions, the Ethical Hacking / Pentesting Lead will lead attack simulation, purple teaming and threat hunting
- Continuous improvement of operating analytics, protocols, reporting and practices
- Assist in the creation of reporting for business and technology stakeholders across the organisation, including for executive layer
- Assist in the research of the evolving threat landscape, tactics, techniques and procedures and provide actionable insights & recommendations for mitigations and uplifts

The Ethical Hacking / Pentesting Lead will be working in the following environment:

- Cloud technologies (AWS, Azure, GCP)
security technologies (firewalls, WAF, proxy, endpoint security (e.g. Crowdstrike, Defender ATP)
- scanners (rapid7, OWASP ZAP, Burpsuite, Tenable, Qualys)
- SIEM (e.g. Splunk, Elastic, LogRhythm, Azure Sentinel)
- open source tools (MISP, malware sandboxes, threat hunting tools (nmap, metasploit, others)
- purple team tooling (e.g. kali linux etc)
Operating Systems (linux, microsoft, iOS)

In order to be successful, the Ethical Hacking / Pentesting Lead will IDEALLY have MOST of the following:

- Veteran experience in similar positions in large, complex organisations
- Team lead experience
- Service delivery experience to customers whether internal or external
- The ability to balance offensive security strategic excellence with business needs
- Veteran experience in security testing, social engineering and vulnerability assessments
- Substantial knowledge of major security and risk management frameworks
- The ability to execute most phases of the kill chain to exfiltration
- Strong technical expertise in security, networking, cloud infrastructure, and web and mobile within CI/CD
- Experience in payload development as well as stealth and evasion techniques.
- Experience of response and threat detection including monitoring of defence of SOC/SIEM
- Threat Intelligence & Analysis
- Open source and commercial offensive security tooling experience
- The ability to pentest without automated tooling
- Knowledge of network forensics
- Malware analysis
- Code writing and reading, ideally in the following languages: Python, C#, C++, C, Java, PHP

No one ticks all the boxes, but if you have experience in just over 50% of the above, we would love to hear from you as this is a rare opportunity in the Australian market as it is pioneering new cyber frontiers and you will be a foundational member.