Junior Penetration Tester (Hybrid, Sydney)

About the role

This 6‑month junior penetration testing position offers hands‑on experience in a highly regulated insurance environment. You will work alongside senior security engineers, gaining exposure to real‑world offensive security challenges across applications, infrastructure, APIs and cloud platforms.

Key responsibilities

• Assist with penetration testing engagements targeting web applications, APIs, infrastructure and cloud environments.
• Support vulnerability assessments and security validation activities.
• Collaborate with senior engineers to identify, document and report security risks.
• Produce technical findings reports and remediation recommendations.
• Participate in internal security reviews, threat‑modelling exercises and improve testing methodologies.
• Stay current with emerging threats, vulnerabilities and attack techniques.

Required profile

• 1–2 years of experience in cyber security, penetration testing, SOC, infrastructure or security engineering.
• Foundational understanding of penetration testing concepts and methodologies.
• Basic knowledge of networking, operating systems, authentication and web technologies.
• Interest in cloud security and willingness to learn modern security tooling.

Required skills

• Familiarity with tools such as Burp Suite, Nmap, Metasploit, Nessus, Kali Linux and OWASP ZAP.
• Understanding of networking fundamentals and operating system concepts.
• Basic grasp of authentication mechanisms and web technology stacks.
• Awareness of cloud security principles.

What we offer

• 6‑month fixed‑term contract with hybrid working in Sydney.
• Strong mentorship from experienced security professionals.
• Opportunity to develop offensive security capabilities within the insurance sector.
• Exposure to a modern security capability focused on proactive defense and automation.