Your role probably boxes you into either offensive or defensive work, but rarely both.
This one breaks that mould. And if that doesn’t sound right for you, I wouldn’t keep reading.
You’ll split your time 50/50 between internal pen testing and hands on SecOps.
That mix will keep your skills sharp and your future options open, whether you want to go deep in one area later or stay broad and technical.
It doesn’t matter which side you’re coming from. If you're a SecOps specialist with some offensive chops, you’ll get the chance to build those skills properly. If you’re a pen tester who’s always wanted to understand how the blue team works from the inside, this is your shot. The team will teach you, back you, and give you space to grow.
You’ll test everything from web apps, internal infrastructure, hardware and IoT devices. Smaller tests are handled in-house. For major releases, external firms are brought in, and you’ll be the one convincing auditors that the internal testing is up to scratch.
This isn’t just a pen testing job. You’ll be involved in incident response, vulnerability management, and helping users through ticket triage. It’s the kind of role where you learn how the full cyber stack works, not just one narrow piece of it.
The team is small: five people run defensive security for the entire business. Everyone’s a generalist but has a specialisation — whether it’s AppSec, Splunk, or something else. You’ll have the freedom to carve out your own space, but the team is always there to train, guide, and support. They’re not looking for a unicorn, or someone with years and years of experience, just someone who’s curious, open to coaching, and willing to get stuck in.
You’ll work on something new every day, across different tools, platforms, and products that actually make a difference in people’s lives. Most places keep you focused on one or two things. Here, you’ll see how it all fits together. And once BAU is under control, there’s a push toward smarter testing, AI, and more automation.
There’s an on-call element, but the flexibility is real: three days a week from home, a solid bonus, and an environment that genuinely values its people.
An OSCP (or something close) is essential.
DM, email, or call me. We’ll sort the CV stuff later.
Russell@theonset.com.au / 0438984265