Cyber Security Penetration Testing & Assurance Consultant
About the client:
Our client is a major organisation committed to strengthening cyber resilience across diverse environments. This role is pivotal in delivering advanced penetration testing and assurance services to identify vulnerabilities and validate security controls.
About the role:
We are seeking a highly skilled Penetration Testing and Assurance Consultant/Analyst to conduct in-depth security testing, red and purple team exercises, social engineering assessments, and configuration reviews. You’ll help clients uncover vulnerabilities, improve defences, and enhance their overall security posture.
Key Responsibilities:
• Perform penetration testing using closed-box, open-box, and double-blind methods across internal/external systems, web/mobile apps, APIs, hardware, and cloud services.
• Plan and execute red and purple team exercises, collaborating with defensive teams to test detection and response capabilities.
• Design and deliver social engineering campaigns, including phishing simulations, to assess human factor vulnerabilities.
• Conduct security configuration reviews for systems, applications, networks, and cloud environments against best practice benchmarks.
• Document findings with clear, actionable recommendations and concise reports for technical and non-technical stakeholders.
• Advise clients on remediation strategies and security improvements.
• Stay current with emerging threats, attack techniques, and security technologies.
Required Experience:
• Proven experience in penetration testing and security assurance across varied platforms and environments.
• Strong knowledge of methodologies (OSSTMM, OWASP, NIST) and tools (Burp Suite, Metasploit, Nmap, Kali Linux, etc.).
• Experience with red/purple team engagements and coordination with defensive security teams.
• Hands-on expertise in social engineering and phishing simulation tools.
• Security configuration review and hardening for operating systems, network devices, applications, and cloud services.
• Relevant certifications (OSCP, OSCE, CREST CRT, CEH, GPEN, or equivalent) highly desirable.
• Excellent analytical, problem-solving, and communication skills.
Other Requirements:
• Must hold (or be eligible for) Australian Government NV1 security clearance.
• Ability to work independently and manage multiple engagements.
• Strong commitment to professional ethics and confidentiality.
• Willingness to travel to client sites as required.
What’s on offer?
This is a contract role based in Canberra (preferred), with options in Brisbane, Sydney, Melbourne, or Adelaide. You’ll play a key role in delivering robust penetration testing and assurance services in a dynamic, high-impact environment.
How to Apply
Please upload your CV to apply. For direct enquiries about the role, contact Farbar Siddiq at farbars@whizdom.com.au
or 0489 922 211.
Suitable candidates will be contacted with next steps. You may be required to complete selection criteria as part of the application process.
