Job Description

About the Team

KPMG’s Technology Risk and Cyber team is a nationally led, fast‑growing practice that helps organisations understand, prioritise and reduce complex technology and cyber risks. Within this practice, our Active Cyber (Offensive Security) capability delivers penetration testing, red and purple team exercises, application, AI and cloud security testing, and adversary‑led simulations across government, financial services, critical infrastructure and large enterprise environments.

The team operates in close partnership with broader Technology Risk, Assurance and Resilience specialists to connect deep technical findings with governance, regulatory expectations and operational resilience outcomes. You will join a collaborative, technically respected group where quality, trust and real‑world impact are central to how we work and how we grow our people.

About the Role

We are seeking an Offensive Security Manager (Technical Delivery Manager) to lead the delivery of complex offensive security engagements while remaining hands‑on in high‑risk and high‑value testing activities. This role is designed for experienced penetration testers or red/purple team operators who have progressed beyond individual delivery and are ready to take accountability for engagement outcomes, technical quality, and team development while still remaining relevant on technical toolset delivery.

The Manager will support in red and purple team operations, act as a technical authority across infrastructure, web, API and cloud testing, and work closely with senior testers, directors and clients to translate adversary‑led findings into meaningful cyber risk reduction. This role balances technical leadership, delivery oversight and people leadership, while remaining actively involved in offensive operations where it matters most.

Position Objectives

• Lead the end‑to‑end technical delivery of penetration testing and offensive security engagements, ensuring consistent quality, accuracy and impact.
• Reduce client cyber risk by applying real‑world attacker tradecraft and aligning findings to business‑critical assets and threat scenarios.
• Act as a technical authority and lead tester for complex testing activities across infrastructure, applications, APIs and cloud environments.
• Support and, where required, co‑lead red and purple team operations, contributing as an operator and tactical advisor.
• Strengthen client trust through clear, defensible and board‑ready reporting that connects technical issues to risk, resilience and regulatory expectations.
• Build and grow the capability of the offensive security team through business development initiatives and supporting with coaching, mentoring and technical leadership.

Key Responsibilities

• Lead and manage the delivery of penetration testing and offensive security engagements, ensuring scope, risk, quality, timelines and financials are effectively controlled end‑to‑end.
• Conduct and provide oversight on high‑complexity penetration testing across internal/external networks, web and mobile applications, APIs, AI and cloud platforms.
• Provide technical leadership and delivery support to red team and purple team exercises, including adversary simulation planning and execution.
• Operate with minimal oversight on complex engagements, acting as the escalation point for technical decision‑making and testing methodology.
• Review, assure and approve penetration testing and red/purple team reports to ensure technical accuracy, consistency and executive‑level clarity.
• Translate technical findings into actionable remediation guidance, mapped to recognised frameworks (e.g. OWASP, NIST, MITRE ATT&CK, D3FEND, ASD).
• Engage directly with client stakeholders to explain attack paths, business impact and prioritised remediation strategies.
• Manage engagement risk, including authorisations, legal approvals, testing constraints and client change control.
• Coach, mentor and performance‑manage Senior Consultants and Consultants, including capability uplift through training and knowledge‑sharing.
• Contribute to practice growth through proposals, service development, thought leadership and continuous improvement of testing methodologies.
• Support in end-to-end business development and/or sales activities, including proposal development, quotations and client presentations

Skills & Experience

• Strong background in offensive security with demonstrated experience delivering and leading penetration testing and red/purple team engagements.
• Advanced technical expertise across common attack paths, including identity, endpoint, network, application and cloud security.
• Proven ability to lead technical delivery while remaining hands‑on for complex or high‑risk testing activities.
• Strong consulting and stakeholder engagement skills, with the ability to communicate complex security issues in clear, business‑focused language.
• Solid understanding of cyber risk, control frameworks and threat‑informed defence in an Australian regulatory context.
• Experience coaching and developing junior offensive security testers.
• High standards of documentation, reporting quality and professional judgement.
• Continuous learning mindset, with awareness of emerging threats, attacker techniques and AI‑enabled attack vectors.

Qualifications

• Tertiary qualification in Information Security, Computer Science, Cyber Security or a related discipline (or equivalent practical experience).
• Mandatory: Offensive Security Certified Professional (OSCP) or equivalent hands‑on penetration testing certification.
• Highly desirable: CREST Registered Penetration Tester (CRT) or higher‑level CREST certifications.
• Additional certifications such as OSEP/OSCE, CRTO/CRTP, CISSP or CISM are advantageous and support broader leadership and risk‑based engagements
• Preferred for Active NV1 Australian Federal Government Security Clearance.

Additional Information

KPMG is a professional services firm with global outreach and deep sector experience. We work with clients across an array of industries to solve complex challenges, steer change and enable growth.

Our people are what make KPMG the thriving workplace that it is and what sets us apart is that we know great minds think differently. Collaborate with a team of passionate, highly skilled professionals who’ve got your back. You’ll build relationships with unique and diverse colleagues who will provide you with the support you need to be your best and produce meaningful and impactful work in an inclusive, equitable culture.

At KPMG, you’ll take control over how you work. We’re embracing a new way of working in many ways, from offering flexible hours and locations to generous paid parental leave and career breaks. Our people enjoy a variety of exciting perks, including retail discounts, health and wellbeing initiatives, learning and growth opportunities, salary packaging options and more.

Diverse candidates have diverse needs. During your recruitment journey, information will be provided about adjustment requests. If you require additional support before submitting your application, please contact the Talent Attraction Support Team.

At KPMG every career is different, and we look forward to seeing how you grow with us.

KPMG Australia: grow with us!