Penetration Tester

Packetlabs was built by an ethical hacker after seeing vulnerability assessments presented as penetration tests. Our slogan "Ready for more than a VA scan?" drives at the importance of not providing our clients with a false sense of security.

 
We are a passionate team of highly trained, proactive, pentesters. We provide expert-level penetration testing services that are thorough and tailored to help foster a safe digital space where everyone has the right to privacy and security. Packetlabs consultants find weaknesses others overlook and continuously learn new ways to evade controls. We hold ourselves to a very high standard.

To do so, weonlyhire individuals with the same drive and passion.

Note:While the position is based in Australia, initial onboarding and collaboration may involve some after-hours work to align with our Eastern Time Zone (Canada/US) team. Flexible scheduling options will be supported as the role transitions to standard local hours.

Who we are looking for

• Core values:
• • You have a customer-first mentality. Is a great communicator with clients, project managers, and teammates. Rapid responses and on time.
  • You deliver work that you take pride in. Your work is an autograph of your excellence.
  • You dig deeper into every finding. Doesn't stop until impact is proven.
  • You are comfortable being uncomfortable. Goes towards obstacles, not away from them. Consulting isn't your typical job and requires adapting to rapidly changing environments.
  • You are always learning. Cybersecurity is changing every day, and you need to keep up or want to keep up.Be deeply aware of your skillset and be willing to improve.
  • You are Self-motivated and dependable.
  • You are humble. Egos don't have a place at Packetlabs.
• Education and experience:
• • We are looking for an experienced developer/application security tester to join our team:
  • • Solid working knowledge of programming languages, including C, C#, Python, Objective-C, Java, JavaScript, SQL, and frameworks like AngularJS.
    • Familiarity with web services and data exchange formats such as XML, JSON, SOAP, REST, and AJAX.
    • Understanding of AI/LLM weaknesses and flaws in applications.
    • Extensive experience/expertise in using an attack proxy (e.g. Burp Suite)
  • Preferred if you have 3 - 5 years of experience working in penetration testing and consulting
  • A graduate of a post-secondary college or university degree program.
  • Has at least two years of experience dealing with information security-related tasks.
  • Has professional qualifications (one or more): OSCP, OSWE, BSCP. 
  • • OSCP or Burp is mandatory for our organization.

What you’ll be doing

• Your primary role is to perform penetration testing of web applications, mobile applications, thick clients, and APIs.
• Source code review and whitebox penetration testing to prove the impact of application flaws.
• Reverse engineering of mobile and thick client applications.
• You sometimes chain application flaws to other areas, such as cloud and on-prem AD infrastructure. Opportunities for lateral movement into the infrastructure teams are limited and given at the manager's discretion.
• Develop detailed reports on findings and remediations for impactful findings. You will learn to debrief these findings at both a technical and executive level.
• Perform SAST and DAST on enterprise, SaaS, and custom in-house applications.
• Experience in using scanners and knowledge of validation and elimination of false positives.
• A strong understanding of OWASP in Web, API, Mobile, and AI/LLM is necessary, but you will be asked to go beyond.

Why us?

• Immediate and continual offensive security training
• Amazing team and working environment
• Competitive compensation and growth opportunity