Penetration Tester

Company Description

Cliffside Cybersecurity delivers assessment-first security services for Australian organisations that are serious about understanding and reducing real risk. Our work spans web applications, infrastructure, cloud, identity platforms, and increasingly AI-driven systems including chatbots and agent-based architectures.

We are known for cutting through noise and testing what actually matters. That includes how modern systems behave under real-world abuse, not just whether a scanner flags a vulnerability. From regulated industries to high-growth platforms adopting AI, we partner with CIOs and CISOs who want honest answers, not templated reports.

Role Description

This role goes beyond traditional penetration testing. You will be expected to operate as a modern offensive security consultant, assessing how systems behave under realistic attack scenarios, including AI-driven workflows and autonomous decision-making systems.

Your work will include testing conventional applications and infrastructure, with a strong emphasis on AI-enabled platforms such as chatbots, copilots, and agent-based systems. You will be expected to identify not just technical vulnerabilities, but behavioural flaws, abuse paths, and unintended outcomes driven by model interactions.

You will contribute to and lead attack scenario-based testing, where engagements evolve dynamically and require creativity, lateral thinking, and the ability to move beyond predefined methodologies.

Over time, we expect this role to evolve into orchestrating offensive testing across distributed systems of agents, APIs, and integrations, rather than testing single applications in isolation.

What You’ll Actually Do

This role is hands-on and outcome-driven. You will be expected to:

• Conduct penetration testing across web applications, APIs, cloud, and identity platforms
• Design and execute attack scenarios, not just follow checklists or frameworks
• Test AI systems and chatbots for abuse risks, including prompt injection, policy bypass, data leakage, and unintended behaviour
• Assess how AI systems handle context, state, and interaction flows under adversarial conditions
• Simulate real-world attackers, including chaining vulnerabilities across systems and services
• Validate defensive controls such as WAFs, rate limiting, and bot protections under active exploitation attempts
• Clearly articulate business risk, not just technical findings
• Contribute to improving Cliffside’s testing methodologies, tooling, and delivery quality

What We’re Looking For

This is not a junior box-ticking role. We are looking for someone who can think, adapt, and challenge systems.

Core Offensive Security Capability

• Strong experience across web, API, infrastructure, and cloud penetration testing
• Ability to independently scope, execute, and deliver end-to-end engagements
• Experience with adversary simulation or red teaming
• Comfortable working in ambiguous environments where the path is not predefined

AI and Modern Application Focus

• Exposure to testing AI systems, chatbots, or LLM-based applications
• Understanding of how AI systems can be manipulated through input, context, or workflow abuse
• Interest in how autonomous agents and integrated systems create new attack surfaces

Technical Depth and Thinking Style

• Ability to think in attack chains rather than isolated vulnerabilities
• Strong problem-solving and analytical capability
• Comfort working with APIs, authentication flows, and complex application logic
• Curiosity and willingness to break things that are not obviously broken

Communication and Commercial Awareness

• Ability to translate technical issues into business impact
• Experience presenting findings to both technical and non-technical stakeholders
• Understanding that the end goal is risk reduction, not vulnerability count

Credentials and Background

• Certifications such as OSCP, OSCE, CREST CRT or similar are valued
• Experience in consulting or client-facing delivery environments
• Background in cybersecurity, computer science, or equivalent practical experience

What This Role Becomes

This role is a stepping stone into something more strategic.

As organisations move toward agent-based architectures, we are seeing a shift from testing single systems to testing interconnected ecosystems. That includes multiple AI agents interacting with APIs, users, and each other.

We are looking for someone who wants to grow into:

• Orchestrating offensive testing across multi-agent systems
• Designing complex attack simulations against AI-driven business processes
• Shaping how modern penetration testing is delivered in an AI-first world

Why Cliffside

We do not sell generic penetration testing. We test what matters, how attackers actually think, and how systems actually behave.

If you are still running tools and calling it a day, this is not for you.

If you want to be at the front of where penetration testing is going, this is exactly where you should be.

Salary package: 120k-140k + super and benefits based on experience.