Penetration Tester (Brisbane City)

Break things. Understand them. Make them safer. If you've ever looked at a system and thought "there's a way into this" and then kept going until you proved it, this will feel familiar. If you've never really seen yourself in a corporate setting, that's fine. Most people here didn't either. What you'll do This role is about thinking like an attacker. Not following a checklist. You'll spend most of your time deep in systems; testing web apps, internal networks, and Active Directory environments. Mapping things out, finding gaps, exploiting them, and understanding how far you can go. Then turning that into something clear and useful for the client. Some days are quiet and focused. Other days you're explaining how you got domain admin and what needs to change. The Team There's no single path into this team. Some are self-taught. Some came from infrastructure or development. Some from consulting. Others learned through CTFs, labs, or just breaking things at home. If you've learned by doing, you'll fit right in. Most of the work is independent and heads down. You'll have the space to go deep without being micromanaged. Being part of the team doesn't mean constant meetings or being "on" all day. It's about sharing ideas when you're stuck, getting a second set of eyes on something important, and working together when it actually adds value. About You You don't need to be extroverted to do well here. We care far more about how you think and what you produce than how you come across. What matters is how you approach problems. You're curious, you like figuring things out without being told exactly how, and you're willing to go deep to get to an answer. You don't just follow a process — you look for what others miss. At the same time, this is a client-facing role. Being able to clearly explain what you've found and why it matters is important. How you'll work We encourage a hybrid way of working that allows us to perform testing remotely while also performing on-site visits to our clients where necessary to meet their needs. You'll get exposure across web and application testing, internal networks, Active Directory, and more advanced attack simulation. This is real client work (not just controlled labs) and you'll have the freedom to contribute to how the work is done. About Orro We work across cloud, cyber, networks, and collaboration supporting some of Australia's most recognised organisations. Our cyber team focuses on practical, real-world security. No box-ticking. #J-18808-Ljbffr Apply on Kit Job: kitjobau.com/job/3riohw