The Offensive Security Consultant at Triskele Labs plays a key role in delivering high-quality penetration testing services. As a Subject Matter Expert (SME) in the security industry, the consultant is responsible for managing the entire lifecycle of offensive security engagements, from initial setup and information gathering to report generation and close-out activities.
This role requires independent execution of all types of penetration testing, following modern frameworks, while also handling client communications, scheduling, travel arrangements, and technical preparations. The consultant must provide expert security advice to clients, both in person and in writing, and ensure that all outputs meet or exceed expected quality standards within defined timelines.
Requirements
Accountability:
- Responsible for communicating critical findings to the Penetration Testing Team Lead.
- Accountable for the quality and accuracy of deliverables within the allocated resources and timelines.
Penetration Testing Responsibilities:
- Independently conduct penetration tests, including:
- Web and mobile applications
- External and internal infrastructure
- APIs
- Wireless networks
- Social engineering, phishing, and physical security
- Hardware assessments
- Cloud infrastructure security reviews
- Proficient in penetration testing tools such as:
- BurpSuite
- Nessus and other web application scanners
- Directory brute-forcing tools
- Encryption verification tools
- Web technology-specific tools (e.g., ASP.NET, PHP, Java)
- Modify and configure tools as required (e.g., Python scripting).
- Produce detailed reports on vulnerabilities, risk ratings, impacts, remediation steps, and technical details.
- Peer review team members’ reports to ensure quality and accuracy.
Client Engagement:
- Serve as the primary point of contact during engagements.
- Ensure contractual obligations and service expectations are met.
- Lead internal and external kick-off and close-out meetings.
- Manage client communication, including answering questions and providing updates.
Documentation and Communication:
- Produce comprehensive penetration testing reports and documentation.
- Maintain and review internal processes, templates, and resources.
- Ensure timely communication with clients and team members.
Skills and Qualifications:
- Advanced knowledge of:
- Security systems and protocols
- Programming languages (e.g., Python) and network fundamentals
- Operating systems: Microsoft Windows, Linux, Unix
- Networking and security concepts: firewalls, proxies, SIEM, antivirus, IDPS
- Required certifications:
- OSCP (essential)
- CREST Certified Tester (preferred)
- Additional certifications (e.g., GIAC, Offensive Security) are a plus.
- Strong interpersonal, analytical, and documentation skills.
- Ability to work independently, manage multiple tasks, and meet deadlines.
Additional Requirements:
- Willingness to undergo security clearance and background checks.
- Valid Australian driver's license.
- Flexibility for interstate and international travel.
- Willingness to work overtime when required.
Benefits
Team culture is everything to Triskele Labs and it is the reason we exist.
We provide our team a great range of additional benefits such as:
- Additional days of leave for 'Birthday Leave' and 'Doona Day'
- Access to a professional external Employee Assistance Program (EAP) for all team members
- Social functions organised by our People & Culture Team
We are a forward-thinking company and always looking for ways to boost our team culture to ensure we are a destination employer. We continually undertake surveys to seek feedback from our team on ways we can improve our work environment and team member experience at Triskele Labs.
Australia
