Penetration Tester

About us Making a meaningful difference with mission‑critical software that empowers communities to thrive. ReadyTech is more than just a one‑trick pony playing in one market with one product, or one customer. We re‑imagine, design, develop and deliver technology to solve our customer’s diverse problems – supporting multiple businesses across a variety of markets to be ready for anything. We're an ASX‑listed company which means we are stable, have a strong track record of sustainable growth and have a significant number of long‑term customers. So, what does this mean for you? It means we can offer you an experience that will push you to be your best, provide career‑building challenges, and that will offer you numerous growth opportunities that can’t be found in any other company. It's an inclusive environment where there is no place for politics, where we get our heads together to solve the problems that really matter to our customers, and where we always stay focused on our north star – the communities we serve, and society at large. The Key Accountabilities Of The Role Independent Security Testing Conduct penetration tests and security assessments across applications, cloud environments, and infrastructure, independently from development and delivery teams. Vulnerability Identification & Risk Assessment Identify, validate, and prioritise vulnerabilities and security gaps, providing clear risk insights aligned to business impact. Security Uplift & Collaboration Work with engineering, DevOps, and security teams to communicate findings and support effective remediation and security practice uplift. Continuous Security Improvement Recommend enhancements to security controls, processes, and testing methods to improve overall organisational resilience. Compliance & Standards Alignment Support alignment with IRAP, SOC 2, ISO IRAP SOC 2 ISO Threat Intelligence & Proactive Testing Stay current with emerging threats and apply this knowledge to proactively test ReadyTech systems. Reporting & Communication Produce clear, actionable reports and communicate findings to both technical and non‑technical stakeholders including customer attestation evidence, audit documentation, and compliance reporting. Ethical and Responsible Conduct Perform all testing within approved scope, following ethical hacking standards and safeguarding sensitive data. The Key Responsibilities Of The Role Conduct independent penetration testing across applications, networks, APIs, and cloud environments using methodologies consistent with industry‑recognised certifications (e.g., CEH, OSCP, OSWE, GWAPT). Apply ethical hacking techniques, exploit development skills, and adversarial thinking that align with the capabilities validated through external penetration‑testing qualifications. Perform advanced manual testing to identify complex vulnerabilities and business logic flaws, leveraging skills in reconnaissance, enumeration, exploitation, privilege escalation, and post‑exploitation. Review system architecture, configurations, and—where required—source code, applying secure coding and vulnerability‑analysis knowledge aligned with CEH / OSCP / OSWE‑level standards. Provide high‑quality remediation guidance and technical uplift to engineering, DevOps, and security teams, informed by best practices from recognised security certification bodies. Maintain detailed testing documentation, methodologies, and evidence in a manner consistent with professional penetration‑testing standards and compliance expectations (IRAP, SOC 2, ISO). Contribute to developing and maturing ReadyTech’​s internal penetration‑testing frameworks, adopting techniques and methodologies from leading certification programs and industry bodies (e.g., OWASP, SANS). Continuously update skillsets by tracking emerging vulnerabilities, exploit techniques, and threat actor behaviour’s, maintaining competency equivalent to CEH / OSCP‑level professionals. The Key Requirements For The Role Conducting penetration tests using industry‑aligned techniques and toolsets (e.g., Burp Suite, Nmap, Metasploit, OWASP ZAP). Manual vulnerability discovery, exploit validation, and risk assessment. Identifying and analysing security weaknesses across web applications, APIs, cloud platforms, and infrastructure. Communicating technical findings clearly to both technical and non‑technical audiences. Writing structured, high‑quality reports and documentation. Problem‑solving, critical thinking, and applying an adversarial mindset during testing. Collaborating effectively with engineering, DevOps, and cybersecurity teams. Common vulnerabilities and exploitation techniques (e.g., OWASP Top 10, SANS Top 25). Secure development practices and common coding flaws (e.g., injection, access control issues). Network and application security fundamentals, including authentication, encryption, and cloud security concepts. Ethical hacking frameworks and methodologies aligned with qualifications such as CEH, OSCP, OSWE, GWAPT, or similar. Compliance frameworks relevant to the organisation such as IRAP, SOC 2, and ISO. Threat landscapes, attacker behaviours, and modern exploitation tooling. Performing penetration tests or structured security assessments (professional experience or lab‑based training acceptable for junior / mid‑level). Using recognised penetration‑testing tools and scripting languages (e.g., Python, Bash, PowerShell) to aid testing activities. Working with cloud environments (AWS / Azure / On Prem) and understanding common misconfigurations. Applying hacking and secure‑testing practice in line with certification standards. Preparing penetration test reports and remediation guidance. Participating in capture‑the‑flag events, home labs, or self‑directed security research (For early‑career / junior candidates). Hold a CEH, OSCP, OSWE, GWAPT, or similar qualification. Why you should become a ReadyTecher A day off for your birthday—hip hip hooray Benefits Additional 4 days of leave each year. ReadyTecher Awards each quarter with the chance to win flights and accommodation to Hamilton Island. Hybrid work, with in‑house baristas in Australia via the Ready Beans team. Access to Sonder— a technology‑driven platform supported by safety, medical and mental health experts—available 24/7. Paid parental leave. Additional paid leave for miscarriage, endometriosis and menopause. Volunteer leave. Flu vaccinations. And plenty of ReadyTech merch drops along the way ReadyTech is committed to seeing things through each other’s eyes. We invest deeply in relationships by offering positivity, fairness and empathy in every interaction and love that everyone is different. We’re proud to be an equal‑opportunity employer that celebrates our diversity of race, beliefs, sexual orientations, gender identities, age, disability status, marital status and more—so that every single one of us can feel like we belong. As part of our commitment to ensuring a safe and secure working environment for all employees and in compliance with Australian regulations, please note that if selected for this role, you will be required to complete a comprehensive police check and an Australian working rights check. Should you have any questions or concerns regarding these requirements, please feel free to contact us. So, if you are ready for anything, please apply today. Please note that if your application is progressed to the next stage, we will send you some testing to complete as part of your application as we have found this helps us to quickly identify potential ReadyTechers Job Details Seniority level: Entry level Employment type: Full‑time Job function: Information Technology Location: Sydney, New South Wales, Australia #J-18808-Ljbffr