Skip to content

Offensive Security

Think like an attacker to find and exploit vulnerabilities before the adversaries do.

Offensive security professionals simulate real-world attacks to identify and help remediate security weaknesses before malicious actors can exploit them. This pathway progresses from hands-on vulnerability testing to leading sophisticated red team operations and adversary simulations.

Career Progression

Junior Penetration Tester

ENTRY $70k - $100k AUD

Experience: 0-2 years

Run vulnerability scans and assist senior testers in identifying security weaknesses across systems and applications.

Day-to-Day:

  • Run vulnerability scans using industry tools
  • Assist senior penetration testers with test execution
  • Document findings and observations
  • Research known vulnerabilities and proof-of-concept exploits
  • Maintain and update testing lab environments

Key Skills: Vulnerability Scanning Network Fundamentals Web Application Basics Linux/Windows Administration Report Writing

Certifications: CompTIA Security+ eJPT CompTIA PenTest+

Common Tools: Nmap Burp Suite Community Metasploit Nessus Kali Linux

Penetration Tester

MID $110k - $145k AUD

Experience: 2-5 years

Conduct independent penetration tests and assessments, identifying and exploiting vulnerabilities to assess client security posture.

Day-to-Day:

  • Conduct penetration tests independently from start to finish
  • Write comprehensive assessment reports with findings and recommendations
  • Present findings and remediation strategies to clients
  • Develop custom exploits for discovered vulnerabilities
  • Stay current with emerging attack techniques and tools

Key Skills: Web App Testing Network Exploitation Active Directory Attacks Social Engineering Custom Scripting

Certifications: OSCP CEH GPEN

Common Tools: Burp Suite Pro BloodHound Cobalt Strike Impacket CrackMapExec

Senior Penetration Tester

SENIOR $145k - $185k AUD

Experience: 5-8 years

Lead complex red team engagements and develop advanced offensive security methodologies to simulate sophisticated adversary attacks.

Day-to-Day:

  • Lead complex red team engagements across multiple infrastructure layers
  • Develop and refine offensive testing methodologies
  • Mentor and supervise junior penetration testers
  • Manage client relationships and expectations
  • Conduct assumed-breach assessments and adversary simulations

Key Skills: Red Team Operations Exploit Development Evasion Techniques Client Management Methodology Development

Certifications: OSCP OSCE3 CRTO

Common Tools: Custom C2 Frameworks Ghidra Binary Ninja Cloud attack tools EDR bypass tooling

Red Team Lead

LEADERSHIP $180k - $230k AUD

Experience: 8+ years

Design and execute strategic adversary simulation programmes, providing executive-level insights into organisational security resilience.

Day-to-Day:

  • Design comprehensive adversary simulation programmes aligned with business risk
  • Brief executive leadership on findings and strategic implications
  • Manage and develop offensive security team members
  • Coordinate purple team exercises with defensive security teams
  • Develop long-term offensive security strategy and direction

Key Skills: Adversary Simulation Programme Management Threat Modelling Executive Communication Strategic Planning

Certifications: OSCP CRTO CISSP

Common Tools: Custom tooling Threat intelligence platforms C2 frameworks Purple team tooling

Transition Opportunities

From Offensive Security, common career transitions include:

  • Security Architecture - Leverage deep attack knowledge to design resilient systems
  • Threat Intelligence - Apply offensive insights to understand real-world adversaries
  • Security Consulting - Advise organisations on security improvements
  • AppSec / Secure Development - Focus on vulnerability prevention during development