Associate Penetration Tester

at  Toll Group

About Toll Group
At Toll, we do more than just logistics - we move the businesses that move the world. Our 16,000 team members can help solve any logistics, transport, or supply chain challenge – big or small. We have been supporting our customers for more than 130 years. Today, we support more than 20,000 customers worldwide with 500 sites in 27 markets, and a forwarding network spanning 150 countries. We are proudly part of Japan Post —
www.tollgroup.com

Benefits

• Parental Leave: Primary 14 weeks pay and secondary 2 weeks pay
• Flexible Working Arrangements: 3 days in office/2 days working from Home
• Salary Sacrificing and Novated lease
• Private healthcare cover, discounted car hire and other retail discounts

Why Join Us?

• Shape the future of Toll’s technology landscape, driving a multi-dimensional strategy that includes cloud and IT utility models.
• Work with cutting-edge technologies and industry experts to design and implement solutions that keep us ahead of the curve.
• Partner with business mentors and IT teams to deliver value-driven solutions, while mentoring and developing internal talent.

The Role
Group IT provides technology strategy, governance, delivery, and support for all of Toll. The team enable Toll with the right technology foundations and business systems to grow the business and support our customer needs.
As we continue to evolve and transform, we have a new opportunity for a Penetration Tester to join our Cyber Security Team. Reporting into the Head of IT Security Operations, you will perform penetration tests to pre-empt, detect, and respond to security threats, ensuring the organisation’s security posture is robust and effective. The role involves collaborating with the cybersecurity team, conducting advanced penetration testing, and supporting red/purple team exercises. You will have the opportunity to scope, initiate and perform penetration testing, document and report on all testing performed and findings identified, investigate and react to findings and identify log sources to aid internal investigation teams. You will also be responsible for self-maintaining set of specialist skills that enable advanced penetration testing within a geographic and architecturally distributed cyber eco system.

To be successful as Associate Penetration Tester you will need to:

• Assist senior members in conducting red/purple team exercises to test the defense capability and effectiveness of the blue team / Security Operations Centre (SOC)
• Conduct API, infrastructure, web application, wireless network, and internal assessments
• Conduct CIS (Center for Internet Security) benchmarking to ensure systems and configurations meet industry standards
• Assist in threat hunting and analysis
• Collaborate with and support junior members within the Cyber Threat Prevention Teams

About You:

If you’re ready to take on a challenging and rewarding role in cyber security, we want to hear from you! Apply now and be part of a team that values your expertise and dedication.

• Minimum 3 years’ experience as a Cyber Security Specialist/Penetration Tester
• Excellent knowledge and experience in risk management strategies for safe execution of Red-Blue Team exercises. In-depth understanding and experience on Cyber Risk Management. Sound understanding of network/server infrastructure and web applications
• Proven experience in conducting penetration tests on various systems (e.g., web applications, networks, APIs).
• Strong skills in scripting languages such as Python and PowerShell.
• Ability to solve complex security issues and effectively communicate technical findings to both technical and non-technical stakeholders.
• Possessing OSCP or equivalent is a must, with other offensive security certificates highly favourable
• Ability to acquire NV1/ Baseline clearance highly favourable

Toll Group is proud to be a Women 4 Stem Corporate member -
Toll Group – Women 4 STEM
What moves you?
At Toll, you can help play a vital role in delivering what matters. From food, fuel, medicine and rescue services, we keep businesses and communities thriving. Every day brings change. We see that as an opportunity. To be curious. To ask the right questions. And build meaningful connections. Because finding new ways to solve problems is what we do. With a bold vision to expand our global reach, our 16,000+ people bring a passion for progress. We collaborate in friendly, caring teams, supported by approachable leaders who give us the autonomy to quickly make decisions with impact. Learn and grow with industry-leading training, alongside talented experts. Feel empowered to take on diverse challenges and new responsibilities to move you, our customers, and our world further.
Are you excited about this role but are concerned you don’t meet all the requirements? If you have similar skills and are willing to learn then we encourage you to apply anyway. We know that some people hesitate to apply for jobs unless they meet every single qualification. At Toll, we value a diverse, inclusive and authentic workplace, so if you’re interested in this role but your past experience doesn’t align perfectly then please talk to us – you may be just the right candidate for this or other roles we have coming up.
At Toll everyone is welcome including those of all ages, ethnicities, genders and abilities.
To find out more about us visit www.careers.tollgroup.com
You must be entitled to work in Australia and be prepared to undertake pre-employment checks including a criminal history check and medical.

• Minimum 3 years’ experience as a Cyber Security Specialist/Penetration Tester
• Excellent knowledge and experience in risk management strategies for safe execution of Red-Blue Team exercises. In-depth understanding and experience on Cyber Risk Management. Sound understanding of network/server infrastructure and web applications
• Proven experience in conducting penetration tests on various systems (e.g., web applications, networks, APIs).
• Strong skills in scripting languages such as Python and PowerShell.
• Ability to solve complex security issues and effectively communicate technical findings to both technical and non-technical stakeholders.
• Possessing OSCP or equivalent is a must, with other offensive security certificates highly favourable
• Ability to acquire NV1/ Baseline clearance highly favourabl