Hey Pen Testers! Ever wanted to take on a career-defining red team engagement? Maybe your GitHub is packed with custom tools, or you’ve bagged a CVE or two?
If you're OSCP-certified, have +/- 4-5 years’ experience, and call Sydney, Melbourne, or Brisbane home (Aussie work rights required), this might be worth a look.

So exactly why might you like this? How about…

• 99.99% WFH from anywhere in Sydney, Melbourne, or Brisbane. Occasional on-site or physical work means we can’t say 100%, but it’s close.
• Zero sales or BD. Just offensive security: purely technical.
• Boutique & nimble by choice. No “bums on seats” consulting sweatshop. No corporate nonsense. Highly specialised.
• Travel encouraged. Attend industry events & conferences.
• True collaboration. No lone wolves: knowledge is shared, and everyone levels up.
• Beyond pen tests. Get hands-on with real red teaming: internal hacks, physical infiltrations, phishing, social engineering, etc.
• Ongoing education. Want CRT, OSWP, CRTP? Go for it.
• Regular pay reviews & bonuses. These scale over time.
• Work with genuinely great people. Smart, fun, decent, wicked sense of humour.
• $130k–$145k base + super. Fair pay for real skills.
• Adult environment. No

Day-In-The-Life?

If you're already a pen tester, you don’t need a play-by-play of your daily grind. Here’s the gist:
You'll tackle wireless assessments, web apps, APIs, AppSec, internal/external testing, and real red teaming. Mobile and thick client testing? Yep, those too.
Yes, there’s client interaction and report writing (with automation to make life easier). But you know what there isn’t? Sales. Zero. Nada. This is 100% technical, full stop.

Got Skills?

This boutique business is after an experienced tester—someone who’s been hands-on across the domains above, holds an OSCP or CREST cert, and can hit the ground running. While years of experience isn’t a perfect measure of skill, think 4-5 years as a rough benchmark. You’ll need to work effectively and independently, but you’ll never be left stranded.
Who might this role suit?

• Tired of the BIG (cough 4 cough) consultancy grind? No more (pre)sales, BD, or snooze-worthy PowerPoint decks – just technical testing.
• Value depth in your work? This isn’t a checkbox compliance shop.
• Want true WFH flexibility? No forced office days (looking at you, Aussie businesses mandating office returns).
• Crave a collaborative team? Lone wolves need not apply—info-sharing is part of the culture.
• Bored of endless webapp testing? Get stuck into red teaming, physical infiltrations, EDR bypasses, APT simulations, and more.

But Wait…

Let’s wrap up with some real words from pen testers who’ve joined this boutique offensive security consultancy. No fluff, just their honest takes:

• “Recently got the chance to do a career defining red team engagement. This is the closest to James Bond most of us will ever get!”

• “(COMPANY NAME) is going great. Just what I was looking for. The work’s well organised and there’s no corporate nonsense. Thanks heaps for setting me up with this gig :)”

• “Super excited about the work I’m involved in, and my wifey is likely tired of me talking about it, haha.”

• “I’m loving it here, new things to learn every day and the crew is epic. Cheers for hooking me up.”

• “It’s great! (BUSINESS OWNER) is amazing and the team are lovely. Thanks again, I’m super happy mate.”

Reach out, say hi, and let’s have a chat about YOU. Contact me, Michael, directly on [email protected] or apply to this role. Please rest assured anything discussed is kept 100% confidential, and only between you and me.

Decipher Bureau and the clients we partner with are committed to creating a diverse environment and are proud to be equal opportunity employers. All qualified applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.