This is a Snr Consultant - Offensive Security, Sydney role with FTI Consulting based in Sydney, NSW, AU FTI Consulting Role Seniority - senior More about the Snr Consultant - Offensive Security, Sydney role at FTI Consulting Who We Are FTI Consulting is the leading global expert firm for organisations facing crisis and transformation. We work with many of the world's top multinational corporations, law firms, banks and private equity firms on their most important issues to deliver impact that makes a difference. From resolving disputes, navigating crises, managing risk and optimizing performance, our teams respond rapidly to dynamic and complex situations. At FTI Consulting, you'll work side-by side with leaders who have shaped history, helping solve the biggest challenges making headlines today. From day one, you'll be an integral part of a focused team where you can make a real impact. You'll be surrounded by an open, collaborative culture that embraces diversity, recognition, professional development and, most importantly, you. About The Role FTI Consulting is seeking a Senior Consultant - Offensive Security to join its Australian Cybersecurity team (must be Aust Citizen, or PR). This is a high-impact consulting role for an experienced offensive security professional who wants to work beyond commodity penetration testing and vulnerability assessments, and contribute to complex, high-stakes client engagements. You will deliver advanced offensive security services while advising senior stakeholders on real-world cyber risk. The role requires strong technical depth, sound judgement, and the ability to communicate clearly in executive, regulatory and legal contexts. What You'll Do Work with clients to provide strategic and tactical advice that enhance our clients' cybersecurity posture: Deliver advanced penetration testing across corporate networks, cloud environments and a range of applications. Execute red team and adversary simulation exercises aligned to contemporary threat actor TTPs. Safely conduct exploitation, post-exploitation, and attack path analysis in complex enterprise environments. Assess security controls and detection capability from an attacker's perspective. Translate technical findings into concise and approachable language for senior stakeholders. Produce high-quality reports suitable for executive, regulatory, and litigation use. Assist and drive scoping discussions for offensive security engagements. Support cyber incident response matters through attacker-centric analysis. Mentor junior team members and contribute to practice capability development, including building bespoke offensive security tools and automating offensive security workflows. Support proposals, client presentations, and business development activity. How You'll Grow This is an excellent opportunity for a person with proven, hands-on cybersecurity experience to join a high-performing cybersecurity consulting team. With the ever-evolving cybersecurity landscape, the need for continuous professional development remains at the forefront of the quality of our team and is wholly supported. We are committed to investing and supporting you in your professional development and we aim to promote continuous learning and individual skills development through on-the-job learning, self-guided professional development courses and external offensive security certifications. Qualifications & Experience At a minimum, we expect candidates to have: Demonstrated experience (3-6 years) delivering professional offensive security services within consulting or complex enterprise environments. Strong hands-on capability across all, or the majority of: Network and infrastructure penetration testing Web and API application security testing Active Directory and identity-focused attacks Cloud security testing (AWS, Azure, and/or GCP) Endpoint security and EDR evasion techniques Solid understanding of modern threat actor methodologies and attack chains. Scripting and automation skills (e.g. Python, PowerShell, Bash). Strong written and verbal communication skills, with confidence presenting to senior audiences. Strong offensive security reporting skills Additionally, The Below Is Highly Desirable Industry certifications including or equivalent to OSCP, OSEP, OSWP, OSWE, CREST CRT, CRTP, CARTP and / or offensive security SANS certifications. Have identified and published CVEs. Have developed open source offensive security tools. Have presented at offensive security conferences, such as BSides or SecTalks. Australian Government security clearance or the ability to obtain one. Before we jump into the responsibilities of the role. No matter what you come in knowing, you’ll be learning new things all the time and the FTI Consulting team will be there to support your growth. Please consider applying even if you don't meet 100% of what’s outlined Key Responsibilities Key Strengths A Final Note: This is a role with FTI Consulting not with Hatch.
