Job Title: Senior Penetration Tester (Red Team Specialist)
Location: Sydney CBD (Hybrid – minimum 3 days onsite)
Type: Full-time
Salary: $140,000 – $180,000

Join Australia's Premier Compliance-First Cybersecurity Firm: Cybertify

Cybertify is Australia’s trusted compliance-first cybersecurity consulting firm. We support organisations in the country’s most tightly regulated sectors and work with high-profile individuals. Our clients span legal, financial services and fintech, healthcare, education, government, critical infrastructure, SaaS, and private sectors. Our delivery is built on precision, compliance, and trust.

We believe that strong offensive security programs are vital to resilience. As we grow, we are seeking a Senior Penetration Tester (Red Team Specialist) to lead and execute advanced offensive security engagements for our regulated and high-value clients.

Your Role

This is a hands-on technical role for a seasoned operator who can independently scope, execute, and report on full-scope adversary simulations, red team exercises, and traditional penetration tests across a wide range of environments.

Key Responsibilities

Penetration Testing & Red Team Delivery

Conduct full-scope penetration testing across web, mobile, API, internal/external networks, wireless, and cloud platforms

Lead red team engagements, including threat emulation, lateral movement, and defence evasion

Design and execute CORIE-style simulations for financial sector clients

Run phishing simulations and social engineering campaigns

Perform physical security assessments (badge cloning, tailgating, on-site access attempts)

Reporting & Communication

Produce well-structured, client-ready reports with clear risk ratings and remediation advice

Present findings and exploitation paths to both technical and executive stakeholders

Participate in client debriefs and walkthroughs

Client Engagement & Planning

Define testing approach, scope, and tooling in pre-engagement and RoE meetings

Maintain high discretion, especially when working with VIP, legal, or sensitive client environments

Tailor testing methodology based on client risk profile and budget

Tooling & Operational Contribution

Use and adapt tools including Kali Linux, Metasploit, Burp Suite Pro, Cobalt Strike, and Sliver

Maintain and improve internal payloads, frameworks, and simulation libraries

Document techniques and adversary TTPs for future emulation exercises

Role Requirements

Experience

5+ years of hands-on penetration testing and red teaming experience

Proven ability to conduct full-scope tests independently

Strong understanding of attacker TTPs, kill chains, and stealth techniques

Experience delivering engagements for regulated or high-trust environments (legal, financial, healthcare, government)

Technical Skills

Web, app, and API testing (OWASP Top 10, business logic flaws, privilege escalation)

Network and infrastructure testing (Active Directory, internal pivoting, perimeter exposure)

Wireless, phishing payloads, and social engineering techniques

Strong scripting skills (Python, PowerShell, Bash)

Competent with at least one C2 framework (e.g. Cobalt Strike, Sliver)

Required Certifications

OSCP (minimum baseline)

+1 of the following: CRTO, GPEN, eCPTX, or equivalent
OSCP + one red team or infrastructure cert is mandatory.

Preferred Certifications (Bonus)

OSEP, OSCE, OSCE3

CRTE, CRTL

GXPN

Sektor7 Malware Development Series

KLCP

Client-Facing and Reporting Standards

Communicate clearly and professionally in both written and verbal formats

Translate technical findings into business risk for non-technical stakeholders

Maintain confidentiality and discretion at all times

Produce reports that require minimal editing and meet Cybertify’s quality standards

Responsiveness & Accountability

Reply to client emails and return missed calls within 4 business hours

Never reschedule client engagements without prior written approval

Submit all deliverables on time and to expected standard

Maintain professional conduct across all channels and meetings

Home Office & Connectivity

Dedicated, professional, distraction-free home office

High-speed internet with ≤ 70 ms latency

Capable of secure remote work and video calls with executive clients

Performance Metrics

Volume and timeliness of completed tests and red team exercises

Client satisfaction and repeat engagement

Report quality and turnaround

Internal contributions to tooling, methodology, and process improvement

Professionalism and responsiveness across all interactions

Contribution to templates, playbooks, and delivery quality

How to Apply

Submit your resume and a cover letter via Seek explaining why you’re the perfect fit for this role.