Cybersecurity Consultant

SALTT Technologies | Full-time | Australian Citizens only

Sydney, Melbourne or Brisbane | Hybrid

The role

SALTT Technologies is hiring a Cybersecurity Consultant to join our Technical Testing & Assurance practice. The core of this role is hands-on penetration testing — web apps, APIs, mobile, cloud environments, internal networks, and Active Directory. But we're looking for someone who wants to go further than the report.

The consultants who thrive here are the ones who find a critical vulnerability and then want to understand how it gets closed — which control addresses it, how that control should be configured, and whether the implementation actually works. If that's how you think, this role has room to grow in that direction.

You'll work alongside senior consultants and report directly to the CTO. Our clients span financial services, government, and critical infrastructure. Engagements are delivered under our CREST-accredited testing practice — scoped, authorised, and technically substantive.

What you'll do

You'll lead and contribute to cybersecurity engagements end-to-end — from scoping through to delivery and controls uplift. Day-to-day, that means:

Technical testing

• Web application, API, mobile, network, and infrastructure penetration tests

• Active Directory and cloud (AWS/Azure/GCP) attack path analysis

• Scoping engagements and presenting findings clearly to technical and executive audiences

• Writing reports that are technically precise and actionable — not just a vulnerability dump

Controls & remediation

• Advising clients on the appropriate security controls to address discovered vulnerabilities — WAF configuration, EDR policy tuning, network segmentation, IAM hardening, and similar

• Working with SALTT's Security Architecture & Engineering practice to design and validate control implementations

• Conducting retests to verify that implemented controls are effective

Client engagement

• Acting as a trusted security advisor to CISOs and technology leaders

• Contributing to thought leadership and representing SALTT at industry events where appropriate

What you'll bring

Essential:

• OSCP (Offensive Security Certified Professional) or equivalent practical certification — this is a firm requirement, not a preference

• Proven hands-on penetration testing experience — at least two years in a consulting or in-house red team role

• Strong web application testing skills — OWASP Top 10 is a floor, not a ceiling

• Solid understanding of network fundamentals and Active Directory attack techniques

• The ability to write reports that are technically accurate and readable without hand-holding

• Scripting ability in Python, Bash, or PowerShell — comfort at the command line, not necessarily a developer background

Valued:

• Additional certifications such as OSEP, BSCP, CRTO, or GIAC offensive certifications (GPEN, GWAPT, GXPN)

• CREST membership or working toward it

• Familiarity with security controls — WAF platforms, EDR tooling, network security, and IAM — and an understanding of how they map to the vulnerability classes you find in testing

• Exposure to security architecture and controls engineering — zero trust design, identity and access management, endpoint and perimeter controls

• Familiarity with cloud attack paths (AWS/Azure) and container or Kubernetes environments

• Bug bounty history, public CVEs, or open-source tooling contributions

Why SALTT?

We're a small, senior team. You won't be managed by someone who doesn't understand what you do. You'll work on engagements that matter, present findings to CISOs, and have genuine input into how we build the practice.

As an organisation we hold CREST accreditation, GIAC certifications, and HackTheBox credentials — so when we say we're technical, we can back it up.

The controls-engineering orientation of this role is deliberate. Testers who hand over a report and disappear are a commodity. Consultants who can find a vulnerability and then help a client implement the right control to close it — and verify it works — deliver a fundamentally different outcome. That's what we're building toward.

We're also developing Korrosiv, our AI-driven offensive security platform. If you're interested in contributing to tooling and research alongside client work, that opportunity exists.

Beyond client work, we run Defend The Future — our pro bono program providing security services to charities across Australia.

Eligibility

• Australian citizen — required; some clients operate in government and high-trust environments

• Current Australian driver's licence

• Must be able to pass a National Police check and obtain a Working with Children Check

• Security clearance preferred due to the nature of government and high-trust client engagements

Apply

Send your CV and a short note on your testing background to car••••@saltt.tech. We read every application. A HackTheBox profile, a GitHub, or any public work you're proud of — include a link.