Lead Offensive Security Specialist

Job Description

Lead Offensive Security Specialist

We are looking for seasoned penetration testers and red teamers with varying levels of experience to attack some of the largest and highest profile companies in the world.

Our red teams are full scope with limited testing restrictions that provide realistic and high impact results for our clients. You will be given the opportunity to execute bleeding edge attacks in a variety of customer settings, including the digital assets some of the world’s most critical infrastructure and major financial institutions.

You will be furnished with industry leading commercial tools as well as custom tools developed by our own global research and development team. You will work in concert with our global incident response and cyber threat intelligence teams who will keep you furnished with the latest attack techniques and threat actor modus operandi, allowing you to deliver attack simulations to clients that are both current and authentic.

Based in Australia, successful candidates will be joining a global team of industry experts who are driven by desire to push the envelope as it relates to security research, innovation and providing our clients with realistic simulated cyber-attacks, the likes of which they have not seen before. This will afford you the opportunity not only to develop your penetration testing and red teaming skills and experience, but also to collaborate with and build a global network of peers from countries including the U.S., Czech, Israel, Italy, Brazil and the U.K.

As part of our global community you will have opportunities to work on some unusual and diverse projects, examples of which include testing autonomous vehicles in a purpose built facility, testing new public cloud services for tier-1 cloud providers and experimentation with offensive and defensive security capabilities in space.

We maintain a positive and highly collaborative working environment of skilled, confident and experienced security professionals who continually learn from one another and develop together as one of the industries more formidable security assessment teams. We embrace values such as ‘egoless-greatness’ and a passion for solving problems for our clients.

Location : Flexible across Melbourne (preferred), Sydney or Brisbane.

You will have most or all of the following skills:

• Experience executing most phases of a kill chain: breaching the perimeter through external/spear phishing attacks, persistence, lateral movement, privilege escalation (local and network), target acquisition, and exfiltration
• Experience with command and control frameworks, techniques, and architectures
• Payload development and evasion techniques
• Some experience being stealthy during offensive operations
• Proficiency with leading commercial and open source automated reconnaissance and penetration testing tools and services
• Proficiency with performing targeted penetration tests without use of automated tools
• Client-side code execution
• Intimately familiar with networking fundamentals (all OSI layers)
• Understanding of application design principals
• Knowledge of web application exploitation methodologies
• Ability to independently research new vulnerabilities in software products
• Familiar with fundamentals of software exploitation on modern operating systems
• Current knowledge of common threats as they relate to specific industries
• Ability to read: C, C++, C#, Objective C, PHP, Java, Python, Ruby, etc.
• Excellent written skills, articulating highly technical topics to a wide range of audiences
• Effective organizational and inter-personal skills communicating with clients

You will embrace the following values:

• Willingness to share your perspectives and experiences with other less technical people to help them increase their understanding of security
• Desire to collaborate with your peers to continue to develop your technical, professional and commercial acumen
• Passion for understanding the client problems and looking or innovative ways to use your offensive security skills to help them advance their security capabilities.
• Egoless-greatness – collaborating as part of a team and sharing in the team’s success
• Taking risks, trying new things and being open to changing the way you do things in the interest of advancing our profession and enhancing the value to our clients

You will have most or all of the following experience/certifications:

• 5+ years of experience performing network and application penetration tests
• CREST Certified Simulated Attack Specialist (CCSAS)/GIAC Advanced Penetration Tester (GXPN)
• and CREST Certified Infrastructure Tester (CCT Inf)/Offensive Security Certified Expert (OSCE)
• Offensive Security Exploitation Expert (OSEE)

Qualifications

About Accenture

Accenture is a global professional services company with leading capabilities in digital, cloud and security. Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Interactive, Technology and Operations services — all powered by the world’s largest network of Advanced Technology and Intelligent Operations centers. Our 624,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. We embrace the power of change to create value and shared success for our clients, people, shareholders, partners and communities. Visit us at www.accenture.com.

At Accenture, our philosophy is anchored in recognising that our people are multi-dimensional. We take an intersectional human approach to create a work environment where all people feel like they can bring their authentic selves to work, every day.

We believe that equality drives innovation. Our commitment to accelerating equality starts at the top with our board and CEO and extends across every part of the company. This comes to life when our people own the equality agenda, making it part of their jobs – every decision, every day – and feel free to speak up and to act.

We do not tolerate discrimination because of differences, such as age, ability, ethnicity, gender, gender identity or expression, religion, or sexual orientation. We want a workplace that is inclusive and diverse to that end we are setting bold goals and taking comprehensive action. To achieve these goals, we collect infomation that allows us to track the effectiveness of our Inclusion and Diversity programs.

Learn how Accenture protects your personal data and know your rights in relation to your personal data. Read more about our Privacy Statement.