Lead Penetration Tester (PROJ-4572)

Key duties and responsibilities

• Assess Australian Government entities to determine the effectiveness of both prevention and detection security controls.
• Execute tools to simulate well known adversary tradecraft to perform privilege escalation and lateral movement.
• Identify weaknesses in common Microsoft technologies such as Active Directory.
• Assess and identify vulnerabilities in web applications and APIs.
• Development and automation of custom tools. 

Essential criteria

• Demonstrated minimum 5 years’ experience in infrastructure and/or web application penetration testing.
• Demonstrated experience with assessing environments and systems against the Australian government’s Information Security Manual.
• Demonstrated experience in assessing and exploiting common vulnerabilities found in enterprise networks and infrastructure (e.g. Microsoft Active Directory, Azure AD).
• Demonstrated experience in assessing, identifying and exploiting known and common vulnerabilities (OWASP Top 10) in web applications and supporting infrastructure.

Desirable criteria

• Possess professional certifications such as OCSP, GPEN, OSWA, GWAPT, OSWE, OSCE.
• Experience with scripting languages (PowerShell, Python, Javascript etc).
• Experience in developing security tools across varying system architectures; exposure to testing enclaved networks and classified systems.
• Demonstrated practical knowledge of web application penetration testing, including fuzzing, scripting, and application logic exploitation.