[Hiring] Security Consultant - Offensive Security @Datacom

Role Description

As an Offensive Security Consultant within our Application Security Team, you will be a key member driving our offensive security capabilities across penetration testing, Breach & Attack Simulations (BAS), and AI Red Teaming. You will help Datacom build and deliver world-class offensive security assessments to external customers and internal Datacom teams, while contributing to broader Application Security initiatives.

• Perform comprehensive penetration testing on applications, APIs, networks and systems using both manual and automated methods.
• Design and execute Breach & Attack Simulation (BAS) campaigns to test detection and response capabilities across customer environments.
• Conduct AI Red Teaming assessments to identify vulnerabilities in machine learning models, LLMs, and AI-powered applications, including prompt injection, model poisoning, and data extraction attacks.
• Formulate attack plans, test cases and working exploits during offensive security engagements.
• Support Application Security initiatives including threat modelling sessions and secure code reviews, providing offensive security insights.
• Prepare comprehensive reports detailing the results of offensive security testing and recommendations for remediation.
• Deliver remediation workshops to clients, presenting findings, attack narratives, and practical remediation guidance.
• Collaborate with Application Security and broader security teams to develop and implement effective testing capabilities and defensive strategies.
• Conduct research and development to uplift offensive security capabilities and stay ahead of emerging threats.
• Stay up-to-date with emerging security threats, vulnerabilities, AI security risks, and technology trends.

Qualifications

• Proven experience in Offensive Security and Penetration Testing within an enterprise or consulting environment, with a passion for adversarial testing and breaking things to make them stronger.
• Experience or strong interest in Breach & Attack Simulations, AI Red Teaming, and emerging offensive security techniques.
• Knowledge of application security principles, secure coding practices, threat modelling methodologies, and ability to support secure code reviews with an offensive mindset.
• The ability to effectively communicate technical information to both technical and non-technical stakeholders, including executive-level presentations.
• Relevant professional certifications, such as OSCP, eCPPT, eWPT, PNPT, GWAPT, eMAPT, OSWE, OSEP, or CRTO.
• Proficiency in offensive security tools and platforms (Nmap, BurpSuite, Metasploit, Cobalt Strike, BloodHound, Kali Linux) and experience with BAS platforms is desirable.
• Proven experience with programming and scripting languages (e.g., Python, Bash, PowerShell, JavaScript) for automation, exploit development, and code analysis.
• Deep understanding of penetration testing methodologies (OWASP WSTG, OWASP ASVS, PTES, NIST SP 800-115) and security frameworks (NZISM, MITRE ATT&CK, NIST, CIS).

Benefits

• Social events
• Chill-out spaces
• Remote working
• Flexi-hours
• Professional development courses