Job Description About the Team KPMG’s Technology Risk and Cyber team is a nationally led, fast‑growing practice that helps organisations understand, prioritise and reduce complex technology and cyber risks. Within this practice, our Active Cyber (Offensive Security) capability delivers penetration testing, red and purple team exercises, application, AI and cloud security testing, and adversary‑led simulations across government, financial services, critical infrastructure and large enterprise environments. The team operates in close partnership with broader Technology Risk, Assurance and Resilience specialists to connect deep technical findings with governance, regulatory expectations and operational resilience outcomes. You will join a collaborative, technically respected group where quality, trust and real‑world impact are central to how we work and how we grow our people. About the Role We are seeking an Offensive Security Manager (Technical Delivery Manager) to lead the delivery of complex offensive security engagements while remaining hands‑on in high‑risk and high‑value testing activities. This role is designed for experienced penetration testers or red/purple team operators who have progressed beyond individual delivery and are ready to take accountability for engagement outcomes, technical quality, and team development while still remaining relevant on technical toolset delivery. The Manager will support in red and purple team operations, act as a technical authority across infrastructure, web, API and cloud testing, and work closely with senior testers, directors and clients to translate adversary‑led findings into meaningful cyber risk reduction. This role balances technical leadership, delivery oversight and people leadership, while remaining actively involved in offensive operations where it matters most. Position Objectives Lead the end‑to‑end technical delivery of penetration testing and offensive security engagements, ensuring consistent quality, accuracy and impact. Reduce client cyber risk by applying real‑world attacker tradecraft and aligning findings to business‑critical assets and threat scenarios. Act as a technical authority and lead tester for complex testing activities across infrastructure, applications, APIs and cloud environments. Support and, where required, co‑lead red and purple team operations, contributing as an operator and tactical advisor. Strengthen client trust through clear, defensible and board‑ready reporting that connects technical issues to risk, resilience and regulatory expectations. Build and grow the capability of the offensive security team through business development initiatives and supporting with coaching, mentoring and technical leadership. Key Responsibilities Lead and manage the delivery of penetration testing and offensive security engagements, ensuring scope, risk, quality, timelines and financials are effectively controlled end‑to‑end. Conduct and provide oversight on high‑complexity penetration testing across internal/external networks, web and mobile applications, APIs, AI and cloud platforms. Provide technical leadership and delivery support to red team and purple team exercises, including adversary simulation planning and execution. Operate with minimal oversight on complex engagements, acting as the escalation point for technical decision‑making and testing methodology. Review, assure and approve penetration testing and red/purple team reports to ensure technical accuracy, consistency and executive‑level clarity. Translate technical findings into actionable remediation guidance, mapped to recognised frameworks (e.g. OWASP, NIST, MITRE ATT&CK, D3FEND, ASD). Engage directly with client stakeholders to explain attack paths, business impact and prioritised remediation strategies. Manage engagement risk, including authorisations, legal approvals, testing constraints and client change control. Coach, mentor and performance‑manage Senior Consultants and Consultants, including capability uplift through training and knowledge‑sharing. Contribute to practice growth through proposals, service development, thought leadership and continuous improvement of testing methodologies. Support in end-to-end business development and/or sales activities, including proposal development, quotations and client presentations Skills & Experience Strong background in offensive security with demonstrated experience delivering and leading penetration testing and red/purple team engagements. Advanced technical expertise across common attack paths, including identity, endpoint, network, application and cloud security. Proven ability to lead technical delivery while remaining hands‑on for complex or high‑risk testing activities. Strong consulting and stakeholder engagement skills, with the ability to communicate complex security issues in clear, business‑focused language. Solid understanding of cyber risk, control frameworks and threat‑informed defence in an Australian regulatory context. Experience coaching and developing junior offensive security testers. High standards of documentation, reporting quality and professional judgement. Continuous learning mindset, with awareness of emerging threats, attacker techniques and AI‑enabled attack vectors.
