Senior Penetration Tester

Are you looking for an exciting new role at one of Aotearoa's newest independent security consultancies, where the focus is on helping clients through delivering high quality technical mahi?
About Us Pakiki Security is an IT Security consultancy providing advice, security consulting and penetration testing.
Pakiki is the Te Reo word meaning "to frequently question, inquire, or probe" .
Our goal is to help customers improve their overall state of security, which in turn helps to keep Kiwis safe.
Acting with, and treating people with Mana, is really important to us and so is being an important part of the security community in New Zealand, And that's why we will never sell our company offshore.
We currently have a presence in Christchurch and Wellington.
On top of our perks listed below, we give 5% of our profits as a Koha to a charity decided by the staff, and plant native trees for every project sold.
About the Role We are seeking an experienced and highly skilled penetration tester/security consultant to carry out engagements for our clients.
The types of technical engagements we routinely carry out are: Web/mobile application penetration testing API penetration testing Internal/external network penetration testing Vulnerability assessments Code reviews Server/endpoint hardening reviews Cloud assessments IoT/Hardware hacking Digital Forensics General IT Security Consulting As a senior consultant, you would be expected to be able to carry out many of those types of reviews.
While we have a solid foundation, as one of our initial technical team members, you'll have the opportunity to influence the development of our service offerings and the end deliverables we send to clients.
Key Responsibilities You will be expected to: Assist with scoping of projects.
Carry out penetration testing on client systems to a high standard.
For complex projects, this may involve developing test plans, and coordinating with other members of the team to ensure the test has been completed properly.
Perform analysis of the vulnerabilities identified and produce detailed, client-facing reports with actionable advice and recommendations.
Stay current with the latest vulnerabilities and technologies.
Provide guidance, mentorship, and coaching to junior members of the team or other members of the team who have a different skillset to yourself.
Provide constructive advice to clients in meetings to help them improve their security posture.
Perform technical QAs and provide feedback on other team members' mahi.
Contribute to internal development of tools, automation, templates, and/or methodologies.
Requirements You must have: 3+ years of hands-on experience in penetration testing or offensive security.
Strong knowledge of network protocols, application security, operating systems (Linux, Windows), and common vulnerability classes (e.g., OWASP, MITRE ATT&CK).
Proficiency with tools such as Burp Suite, Metasploit, Nmap, Wireshark, and custom scripting (Python, Bash, PowerShell, etc.).
Excellent verbal and written communication skills; able to translate complex technical issues into less-technical language appropriate for the customer.
Excellent time management, and in particular you'll need to be able to deliver reports within 2 working days of project completion.
A clean criminal history.
Additionally, we would prefer candidates with: Experience with cloud platforms (AWS, Azure, GCP).
Experience in incident response and forensics.
Active contributions to the security community (conferences, blogs, open-source projects).
Formal certificates or qualifications may be factored in, but are not required (EG: OSCP, OSCE, CREST, GPEN, University Degrees, etc) What We Offer A 4 day work week A team breakfast once a week Work from home Competitive salary and incentive program A training budget Regular team events A guarantee that we will not be sold to overseas investors #J-18808-Ljbffr