Senior Penetration Testing Consultant

About Cybertify

Cybertify is Australia's premier compliance-first cybersecurity consulting firm, proudly Australian owned, fully independent, and sovereign in every respect. We specialise in protecting and enabling organisations in the country's most heavily regulated sectors: financial services, superannuation, legal, aged care, healthcare, banking, technology, and government-aligned enterprises.

Our clients demand more than security, they demand speed, trust, and board-level credibility. Cybertify delivers with rapid scoping, swift execution, and executive-ready outcomes that boards, regulators, insurers, and auditors respect.

Our Elite Cyber Squad, a hand-picked team of industry-leading red teaming, penetration testing, governance, and defensive experts, brings Big 4 calibre expertise with boutique agility, ensuring precision, independence, and uncompromising results.

About the Role

We are seeking a Senior Penetration Testing Consultant to deliver cutting-edge offensive security engagements across diverse client environments. This is a consulting delivery role — client-facing, hands-on, and outcome-driven.

You will scope, plan, and execute penetration tests across applications, infrastructure, cloud, mobile, wireless, IoT, and AI/LLM platforms. You'll emulate modern attack techniques, produce executive-ready reporting, and provide clear, practical remediation guidance to uplift client resilience.

This is not an internal tester role. You will be embedded in high-trust client engagements, working directly with CISOs, IT teams, and boards.

Key Responsibilities
Offensive Testing Delivery

• Deliver full-spectrum penetration testing, including:

• Web Application & API Security (OWASP Top 10, custom business logic testing).

• External Infrastructure assessments (internet-facing assets, cloud edge).
• Internal Infrastructure testing (Active Directory, lateral movement, privilege escalation).
• Cloud Security (Azure, AWS, M365 exploitation, misconfiguration testing).
• Mobile & Desktop Application Security (iOS, Android, Windows, macOS).
• Wireless Network Security (rogue APs, WPA2/3 attacks, interception, exploitation).
• Hardware & IoT Security (embedded systems, firmware analysis, exploitation).
• Restricted Environment Breakout (VDI, kiosks, locked-down devices).
• AI/LLM Penetration Testing (prompt injection, adversarial ML, model exploitation).

Client-Facing Consulting

• Engage directly with clients to scope penetration testing engagements.
• Run workshops and technical walkthroughs with IT/security teams.
• Present executive reports and remediation roadmaps to CISOs and boards.
• Provide practical, actionable guidance to close findings and strengthen resilience.

Reporting & Assurance

• Produce executive-ready reports that explain risks in clear business language.
• Provide detailed technical documentation for IT/security teams.
• Ensure all deliverables meet Cybertify's audit-ready and regulator-credible standards.

Collaboration & Contribution

• Collaborate with Cybertify's Red Team operators and GRC consultants to deliver integrated security outcomes.
• Contribute to the development of Cybertify's penetration testing playbooks, templates, and methodologies.
• Mentor junior consultants and share expertise across the Elite Cyber Squad.

Ideal Candidate

• 5+ years' hands-on penetration testing experience in a consulting environment (not in-house).
• Proven expertise across multiple domains: web, infra, cloud, mobile, wireless, IoT, restricted environments, AI/LLM.
• Strong knowledge of OWASP, MITRE ATT&CK, CREST/NCSC standards, and modern attack tooling.
• Proficient in common frameworks: Burp Suite, Cobalt Strike, Metasploit, Nmap, Kali, Wireshark, etc.
• Ability to script and develop tools in Python, PowerShell, C#, or similar.
• Experienced in executive communication — can deliver board-level reports and technical deep dives.
• Strong consulting presence: comfortable leading client meetings, scoping engagements, and presenting findings.

Certifications (Highly Regarded)

• CREST Registered/Certified Tester (CCT, CRT).
• OSCP / OSEP / OSWE / OSCE3 (or equivalent Offensive Security advanced certs).
• GIAC GPEN / GXPN.
• AWS/Azure Security certifications (where cloud is a focus).

Why Join Cybertify?

• Elite Cyber Squad Advantage: Work directly with Australia's most experienced cybersecurity professionals.
• Agile Disruption: Be part of a lean, fast-moving firm that delivers high-value results without the red tape and politics of bloated consultancies.
• Impactful Work: Solve complex, high-stakes cybersecurity and compliance challenges for boards, regulators, and executives across Australia's most critical sectors.
• Compliance-First DNA: Operate at the unique intersection of security and governance where GRC integration is not an add-on, but the foundation of every engagement.
• Professional Growth: Gain exposure to cutting-edge tools, advanced methodologies, and enterprise-grade frameworks (ISO 27001, SOC 2, Essential 8, CPS 234, NIST, and more).
• Independent & Trusted: Provide objective advice, free from vendor influence or offshore conflicts. Cybertify's independence ensures client trust is never compromised.
• Australian Sovereign Cyber: Support a firm that is 100% Australian owned and operated, designed to protect Australian businesses with Australian expertise.

What We Offer

• A high-trust workplace with genuine autonomy, influence, and zero micromanagement.
• Direct client impact—your work is seen at board and executive levels, not buried in handovers.
• Premium salary packages aligned with market-leading consulting firms, reflecting the calibre of talent we hire.
• Professional development pathways, including funded certifications, training, and industry memberships.
• Exposure to elite projects spanning offensive security, GRC, Zero Trust, regulatory alignment, and incident response.
• State-of-the-art Sydney CBD office with premium client and collaboration spaces.
• Cutting-edge tools and platforms across project delivery, client engagement, and cybersecurity operations.
• A supportive, collaborative team culture that balances intensity with respect, and professionalism with ambition.
• The opportunity to be part of a nationally recognised, fast-growing, sovereign cybersecurity force that is redefining the cyber consulting market.

Ready to Join Australia's Cyber Elite?

Click Apply and submit your CV with a short cover letter.

Apply now and discover why Australia's top cyber talent chooses Cybertify as their career destination.

Cybertify - Defending Australia's Digital Future, One Elite Professional at a Time

---