Offensive Security Consultant | Penetration Testing SME

The Offensive Security Consultant at Triskele Labs is a Subject Matter Expert (SME) responsible for delivering high-quality penetration testing services. This role manages the entire lifecycle of offensive security engagements, from initial setup and information gathering through report generation and close-out activities.

The consultant must independently execute all types of penetration testing, adhering to modern frameworks, while managing client communications, scheduling, travel arrangements, and technical preparations. You will provide expert security advice to clients, both written and in person, ensuring all deliverables meet or exceed quality standards within defined timelines.

Requirements

Accountability:

• Responsible for communicating critical findings to the Penetration Testing Team Lead.
• Accountable for the quality and accuracy of deliverables within allocated resources and timelines.

Penetration Testing Responsibilities:

Independently conduct comprehensive penetration tests, including:

• Web and mobile applications
• External and internal infrastructure
• APIs
• Wireless networks
• Social engineering, phishing, and physical security
• Hardware assessments
• Cloud infrastructure security reviews

Proficiency is required in penetration testing tools such as:

• BurpSuite
• Nessus and other web application scanners
• Directory brute-forcing tools
• Encryption verification tools
• Web technology-specific tools (e.g., ASP.NET, PHP, Java)
• Ability to modify and configure tools as required (e.g., Python scripting).

Reporting and Quality Assurance:

• Produce detailed reports covering vulnerabilities, risk ratings, impacts, remediation steps, and technical details.
• Peer review team members’ reports to ensure quality and accuracy.

Client Engagement:

• Serve as the primary point of contact during engagements.
• Ensure contractual obligations and service expectations are met.
• Lead internal and external kick-off and close-out meetings.
• Manage client communication, including answering questions and providing updates.

Documentation and Communication:

• Produce comprehensive penetration testing reports and documentation.
• Maintain and review internal processes, templates, and resources.
• Ensure timely communication with clients and team members.

Skills and Qualifications:

Advanced knowledge of:

• Security systems and protocols
• Programming languages (e.g., Python) and network fundamentals
• Operating systems: Microsoft Windows, Linux, Unix
• Networking and security concepts: firewalls, proxies, SIEM, antivirus, IDPS

Required certifications:

• OSCP (essential)
• CREST Certified Tester (preferred)
• Additional certifications (e.g., GIAC, Offensive Security) are a plus.

Core Skills:

• Strong interpersonal, analytical, and documentation skills.
• Ability to work independently, manage multiple tasks, and meet deadlines.

Additional Requirements:

• Willingness to undergo security clearance and background checks.
• Valid Australian driver's license.
• Flexibility for interstate and international travel.
• Willingness to work overtime when required.

Benefits

Triskele Labs prioritizes team culture and provides additional benefits such as:

• Access to a professional external Employee Assistance Program (EAP) for all team members.
• Social functions organized by the People & Culture Team.

Note: Applications must include a cover letter addressed to 'Mike H.' Head of Offensive Security. Applications without a cover letter will not be considered.