Cyber Security Consultant

Phronesis Security is Australia's first B Corp certified cyber security company, committed to delivering world-class cyber security consulting with a tangible social and environmental impact. To do so, we have built sharing our profits with some of Australia's highest impact charities into our core operating model.

We provide tailored, pragmatic advice, grounded in deep business understanding and an intimate understanding of Australia's threat landscape. We offer the following services:

• Governance, Risk and Compliance
• Penetration Testing
• Security Architecture
• Security Awareness and Education
• Strategy and Management (vCISO)

We believe in clear communication without the 'fluff' that can sometimes make roles vague or ambiguous. Therefore, we've reduced this job description down to a simple set of prerequisites and responsibilities to ensure you can focus on the things that matter most: our impact, our people, and our customers.

Prerequisites:

Mandatory:

• Australian citizen or permanent resident with a valid visa with permission to work
• Offensive Security Certified Professional certification (OSCP)
• Knowledge of scripting or programing languages (Python, Ruby, Java, JavaScript, Go, Rust)
• Knowledge of web applications and web application security (HTTP protocol, OWASP Top 10, etc.)
• Strong analytical and problem-solving skills
• Excellent communication and interpersonal skills

Desirable:

• Desirable certifications (e.g., OSEP, OSWE, OSWA, OSED, CRTO) to deliver high-quality penetration testing

Responsibilities:

Uphold our commitment to social and environmental impact, and participate in our culture as a trusted, innovative, and socially responsible consultancy by:

• Following reasonable direction from management to help you grow your cyber security career and the business;
• Providing feedback to management if you feel your role or duties do not align with your career goals;
• Supporting other team members in their professional development and cybersecurity careers; and
• Adhering to the company's policies and standards, including our information security policies, our HR Policy, and our Code of Ethics.

Actively contribute to the growth of our business by:

• Delivering vulnerability assessments for our clients, including completing manual evaluation to provide additional context;
• Assisting with penetration tests for our clients, including performing penetration testing against web applications, mobile applications, APIs, internal infrastructure (Active Directory, servers, network devices and endpoints), cloud infrastructure (Azure and AWS) and wireless networks;
• Assisting with source code reviews for our clients, including the operation of SAST/DAST tools;
• Assisting with security research to develop and improve cyber security techniques and tooling;
• Assisting with the development of new tools to assist with and automate the penetration testing process;
• Developing and maintaining your technical skills and awareness of the threat environment (e.g., through attaining and maintaining relevant certifications);
• Producing high-quality analysis and written work that adheres to our Quality Assurance process via formal peer and management reviews of all deliverables;
• Following our project management methodology to ensure deliverables and projects are completed within budget, scope and schedule; and
• Providing feedback to management to ensure we are continually improving current offerings and our sales and delivery methodologies.

What we're offering:

• A safe, supportive and inclusive culture, acknowledged by us being a certified Great Place to Work, highly commended in the Australian Women in Security Awards as Best Place to Work in Security, and a B Corporation.
• We want you along for the ride. This role is an opportunity to bring your own flair, be a part of an exciting growth journey, and to shape the role according to your skillset and aspirations.
• We care about your wellbeing inside and outside of work. We have a confidential Employee Assistance Program (EAP) provides you with free access to professional counseling, mental health support, and life coaching services.
• We do awesome work with a broad range of clients. Whether doing penetration testing for startups, security assessments for critical infrastructure providers, or securing some of Australia's most sensitive government data, our work is appreciated and impactful.
• We believe in making the world a better place. We donate 10% of our profits to high-impact charities with tangible results, so you know every day you're making a difference. We are also Australia's first B Corp certified cyber security company, an independent attestation to our commitment to caring for our people, community, and planet.
• We are remote-by-default. This means we provide a generous home office and ICT allowance as well as access to coworking spaces at 750 locations across 38 countries. As long as our clients are happy, you can work from wherever you work best.
• We think you should never stop learning. We have a generous training and leave allowance that can be used on course fees, certifications, textbooks, conferences, tools or whatever you need to improve your skillset.
• We love cross-pollination. While this is primarily a Penetration Testing-focused role, there is ample opportunity to get involved in our other service lines, including security architecture, GRC, and security awareness and education.