Penetration Tester

We’re Civica and we make software that helps deliver critical services for citizens all around the world. From local to state government, to education, to health and care, over 5,000 public bodies across the globe use our software to help provide critical services to over 100 million citizens.

Our aspiration is to be a GovTech champion everywhere we work around the globe, supporting the needs of citizens and those that serve them every day. Building on 21 years of continuous growth and success, we're at a pivotal point on our journey to realise that aspiration.

As a company, we’re passionate about what we do and the citizens we help to serve. If you too would like to help champion the use of technology in public services, to improve outcomes for citizens and public sector organisations, then Civica is the right place for you. We will help you unlock the best version of yourself, achieve growth in your career whilst making a real difference to people and communities.

Why will you love this opportunity as Penetration Tester at Civica?

Step into a lead role where your expertise drives high‑impact penetration testing projects across web applications, APIs, mobile platforms, and network infrastructure. You’ll work independently with confidence, applying frameworks like OWASP Top 10 and SANS/CWE Top 25 to uncover, exploit, and clearly document vulnerabilities that matter.

Take ownership of comprehensive security assessments by blending manual and automated techniques — from deep enumeration and exploitation to thorough follow‑up validation. Your skills will shape mobile security reviews on Android and iOS, as well as cloud security evaluations on AWS and Azure.

You’ll craft reports that don’t just highlight issues but tell a clear story — accessible to both technical teams and non‑experts, with actionable recommendations that drive real change. Collaboration is key: you’ll partner closely with development and infrastructure teams to ensure patches are applied, tested, and validated.

Most importantly, you’ll stay ahead of the curve — continuously sharpening your knowledge with the latest CVEs, attack methods, and cutting‑edge tools. This role isn’t just about testing systems; it’s about being a trusted guardian of Civica’s digital resilience.

We’re excited to connect with you if you bring the following skills to the table!

• 3+ years of hands-on penetration testing or offensive security experience. 
• Solid understanding of OWASP Top 10 and SANS/CWE Top 25, with the ability to manually identify and exploit common vulnerability classes. 
• Experience in web application and network security testing using tools such as Burp Suite Pro, OWASP ZAP, Nmap, Nessus, Metasploit, and Wireshark. 
• Exposure to mobile (Android/iOS), API, and cloud security (AWS, Azure) testing methodologies. 
• Understanding of CVSS v4.0 for vulnerability scoring and risk communication. 
• Basic scripting ability in Python, Bash, or PowerShell, with good communication skills to present findings clearly.

Why you'll love working with us.

We know that when our people are happy, they will work better and have greater work satisfaction. Here's what you can expect:

We're all different - and we love this about us.

We provide an inclusive, safe, and welcoming environment to all Civicans - there are heaps of opportunities to enable you to grow and be your best.   

Giving culture - we encourage you to "give back" with benefits such as our Days of Difference leave where you can volunteer for a charity of your choice.

Flexible Work - we have comprehensive flexibility options including part-time work, adjusted hours, staggered shifts, and hybrid or remote working, supporting work–life balance based on individual needs.

Apply for this job - Become part of something special Do you see yourself in this role? If so, then we would love to hear from you.