The Offensive Security Consultant at Triskele Labs plays a key role in delivering high-quality penetration testing services.
As a Subject Matter Expert (SME) in the security industry, the consultant is responsible for managing the entire lifecycle of offensive security engagements, from initial setup and information gathering to report generation and close-out activities.This role requires independent execution of all types of penetration testing, following modern frameworks, while also handling client communications, scheduling, travel arrangements, and technical preparations.
The consultant must provide expert security advice to clients, both in person and in writing, and ensure that all outputs meet or exceed expected quality standards within defined timelines.Accountability:Responsible for communicating critical findings to the Penetration Testing Team Lead.Accountable for the quality and accuracy of deliverables within the allocated resources and timelines.Penetration Testing Responsibilities:Independently conduct penetration tests, including:Web and mobile applicationsExternal and internal infrastructureAPIsWireless networksSocial engineering, phishing, and physical securityHardware assessmentsCloud infrastructure security reviewsProficient in penetration testing tools such as:BurpSuiteNessus and other web application scannersDirectory brute-forcing toolsEncryption verification toolsWeb technology-specific tools (e.g., ASP.NET, PHP, Java)Modify and configure tools as required (e.g., Python scripting).Produce detailed reports on vulnerabilities, risk ratings, impacts, remediation steps, and technical details.Peer review team members' reports to ensure quality and accuracy.Client Engagement:Serve as the primary point of contact during engagements.Ensure contractual obligations and service expectations are met.Lead internal and external kick-off and close-out meetings.Manage client communication, including answering questions and providing updates.Documentation and Communication:Produce comprehensive penetration testing reports and documentation.Maintain and review internal processes, templates, and resources.Ensure timely communication with clients and team members.Skills and Qualifications:Advanced knowledge of:Security systems and protocolsProgramming languages (e.g., Python) and network fundamentalsOperating systems: Microsoft Windows, Linux, UnixNetworking and security concepts: firewalls, proxies, SIEM, antivirus, IDPSRequired certifications:OSCP (essential)CREST Certified Tester (preferred)Additional certifications (e.g., GIAC, Offensive Security) are a plus.Strong interpersonal, analytical, and documentation skills.Ability to work independently, manage multiple tasks, and meet deadlines.Additional Requirements:Willingness to undergo security clearance and background checks.Valid Australian driver's license.Flexibility for interstate and international travel.Willingness to work overtime when required.#J-18808-Ljbffr