Description
Our purpose
Here at Datacom we connect people and technology in order to solve challenges, create opportunities and discover new possibilities for the communities we live in.
Our team
Our culture is built on people who love coming to work to solve problems, and we embrace those who lean into a problem rather than lean away. Using your cybersecurity expertise, you will join NZ's largest cybersecurity services company as part of a dedicated team, proud of delivering top class advice and guidance to our customers.
About The Role
As an Offensive Security Consultant within our Application Security Team, you will be a key member driving our offensive security capabilities across penetration testing, Breach & Attack Simulations (BAS), and AI Red Teaming. You will help Datacom build and deliver world-class offensive security assessments to external customers and internal Datacom teams, while contributing to broader Application Security initiatives.
As an Offensive Security specialist, you will play a critical role in identifying vulnerabilities through adversarial testing, simulating real-world attack scenarios, red teaming AI systems, conducting technical risk analysis, and providing actionable remediation recommendations. You will also support the Application Security team with threat modelling and secure code review activities, bringing an attacker's perspective to defensive security practices.
We're looking for passion, ambition, and a depth and breadth of core knowledge as well as the adaptability to ever changing market demands.
What you will do:
Perform comprehensive penetration testing on applications, APIs, networks and systems using both manual and automated methods.Design and execute Breach & Attack Simulation (BAS) campaigns to test detection and response capabilities across customer environments.Conduct AI Red Teaming assessments to identify vulnerabilities in machine learning models, LLMs, and AI-powered applications, including prompt injection, model poisoning, and data extraction attacks.Formulate attack plans, test cases and working exploits during offensive security engagements.Support Application Security initiatives including threat modelling sessions and secure code reviews, providing offensive security insights.Prepare comprehensive reports detailing the results of offensive security testing and recommendations for remediation.Deliver remediation workshops to clients, presenting findings, attack narratives, and practical remediation guidance.Collaborate with Application Security and broader security teams to develop and implement effective testing capabilities and defensive strategies.Conduct research and development to uplift offensive security capabilities and stay ahead of emerging threats.Stay up-to-date with emerging security threats, vulnerabilities, AI security risks, and technology trends.
What you will bring:
Proven experience in Offensive Security and Penetration Testing within an enterprise or consulting environment, with a passion for adversarial testing and breaking things to make them stronger.Experience or strong interest in Breach & Attack Simulations, AI Red Teaming, and emerging offensive security techniques.Knowledge of application security principles, secure coding practices, threat modelling methodologies, and ability to support secure code reviews with an offensive mindset.The ability to effectively communicate technical information to both technical and non-technical stakeholders, including executive-level presentations.Relevant professional certifications, such as OSCP, eCPPT, eWPT, PNPT, GWAPT, eMAPT, OSWE, OSEP, or CRTO.Proficiency in offensive security tools and platforms (Nmap, BurpSuite, Metasploit, Cobalt Strike, BloodHound, Kali Linux) and experience with BAS platforms is desirable.Proven experience with programming and scripting languages (e.g., Python, Bash, PowerShell, JavaScript) for automation, exploit development, and code analysis.Deep understanding of penetration testing methodologies (OWASP WSTG, OWASP ASVS, PTES, NIST SP 800-115) and security frameworks (NZISM, MITRE ATT&CK, NIST, CIS).
Why join us here at Datacom?
Datacom is one of Australia and New Zealand's largest suppliers of Information Technology professional services. We have managed to maintain a dynamic, agile, small business feel that is often diluted in larger organisations of our size. It's our people that give Datacom its unique culture and energy that you can feel from the moment you meet with us.
We care about our people and provide a range of perks such as social events, chill-out spaces, remote working, flexi-hours and professional development courses to name a few. You'll have the opportunity to learn, develop your career, connect and bring your true self to work. You will be recognised and valued for your contributions and be able to do your work in a collegial, flat-structured environment.
We operate at the forefront of technology to help Australia and New Zealand's largest enterprise organisations explore possibilities and solve their greatest challenges, so you will never run out of interesting new challenges and opportunities.