Website phew Cyber Security

Cyber Security Sorted

We have an exciting opportunity for an experienced Penetration Tester to join our successful and rapidly growing specialist cyber security organisation.

At phew we offer penetration testing, security assurance and related cyber security services to a range of NZ and international clients, from innovative SaaS start-ups to publicly listed and critical infrastructure providers. Due to a high level of demand for our services we are expanding our quality-focused and talented team.

What can we offer you at phew?

  • Real growth opportunities, with potential for equity in the business for superstars
  • A tight-knit team with a focus on collaborative working and knowledge sharing
  • Hands-on exposure to diverse targets and projects, with plenty of autonomy, and a real impact on the quality of the business solutions we deliver to our clients
  • Structured security research time that grows with seniority and experience
  • Strong focus on upskilling and certification, with support through study leave and course costs
  • Modern work culture, with flexibility for WFH plus face to face time with the team at our smart, well located, central Auckland offices
  • Assistance with immigration and relocation costs for strong overseas candidates who are prepared and able to join the team in New Zealand

Typical responsibilities of the role include:

  • Website, web and native application, and API penetration testing across a broad range of targets and clients
  • Testing public and private, wired and wireless, network and networked services
  • Mentoring junior members of the team
  • Contributing to security assurance strategies, tools and practices to maintain efficient and effective outcomes for clients
  • Integration of security assurance activities within various projects
  • Working with stakeholders to identify security vulnerabilities and provide remediation advice for resolution

What we’re looking for:

  • Smart, self-motivated and skilled individuals who really want to take the next step in developing their career, and shaping their future in cyber security
  • 3 to 5+ years of full-time penetration testing experience
  • A good track record with bug bounties, for example with one or more verifiable achievements such as:
    • CVE credits for high severity vulnerabilities such as RCE, SSRF, Deserialization, SQLi, etc
    • Participation in reputable CTFs and bug bounty programmes
  • Ability to self-manage and take responsibility for all aspects of penetration testing and reporting
  • Strong and clear communication skills – and the ability to communicate security and vulnerability concepts and findings with clarity to both internal and customer stakeholders
  • Knowledge of emerging security TTPs
  • Knowledge across a variety of operating systems, languages and frameworks, as well as security analysis and forensics
  • In-depth knowledge and experience with penetration testing frameworks, tools and methodologies, such as OWASP and NIST, Burp Suite and Kali Linux
  • Ideally you will have certifications in OSCP or equivalent (OSWE or equivalent preferred) and other certs from Offensive Security, GIAC, CREST, ECCouncil.

If you are an experienced Penetration Tester who is looking for a rare opportunity in an exciting and innovative Kiwi cyber security organisation, then please get in touch now for a confidential conversation.

To apply for this job email your details to