Manager – Offensive Security (Penetration Testing & RedPurple Team)

About the Team

KPMGs Technology Risk and Cyber team is a nationally led fastgrowing practice that helps organisations understand prioritise and reduce complex technology and cyber risks. Within this practice our Active Cyber (Offensive Security) capability delivers penetration testing red and purple team exercises application AI and cloud security testing and adversaryled simulations across government financial services critical infrastructure and large enterprise environments.

The team operates in close partnership with broader Technology Risk Assurance and Resilience specialists to connect deep technical findings with governance regulatory expectations and operational resilience outcomes. You will join a collaborative technically respected group where quality trust and realworld impact are central to how we work and how we grow our people. 

About the Role

We are seeking an Offensive Security Manager (Technical Delivery Manager) to lead the delivery of complex offensive security engagements while remaining handson in highrisk and highvalue testing activities. This role is designed for experienced penetration testers or red/purple team operators who have progressed beyond individual delivery and are ready to take accountability for engagement outcomes technical quality and team development while still remaining relevant on technical toolset delivery.

The Manager will support in red and purple team operations act as a technical authority across infrastructure web API and cloud testing and work closely with senior testers directors and clients to translate adversaryled findings into meaningful cyber risk reduction. This role balances technical leadership delivery oversight and people leadership while remaining actively involved in offensive operations where it matters most.

Position Objectives

• Lead the endtoend technical delivery of penetration testing and offensive security engagements ensuring consistent quality accuracy and impact.
• Reduce client cyber risk by applying realworld attacker tradecraft and aligning findings to businesscritical assets and threat scenarios.
• Act as a technical authority and lead tester for complex testing activities across infrastructure applications APIs and cloud environments.
• Support and where required colead red and purple team operations contributing as an operator and tactical advisor.
• Strengthen client trust through clear defensible and boardready reporting that connects technical issues to risk resilience and regulatory expectations.
• Build and grow the capability of the offensive security team through business development initiatives and supporting with coaching mentoring and technical leadership.

Key Responsibilities

• Lead and manage the delivery of penetration testing and offensive security engagements ensuring scope risk quality timelines and financials are effectively controlled endtoend.
• Conduct and provide oversight on highcomplexity penetration testing across internal/external networks web and mobile applications APIs AI and cloud platforms.
• Provide technical leadership and delivery support to red team and purple team exercises including adversary simulation planning and execution.
• Operate with minimal oversight on complex engagements acting as the escalation point for technical decisionmaking and testing methodology.
• Review assure and approve penetration testing and red/purple team reports to ensure technical accuracy consistency and executivelevel clarity.
• Translate technical findings into actionable remediation guidance mapped to recognised frameworks (e.g. OWASP NIST MITRE ATT&CK D3FEND ASD).
• Engage directly with client stakeholders to explain attack paths business impact and prioritised remediation strategies.
• Manage engagement risk including authorisations legal approvals testing constraints and client change control.
• Coach mentor and performancemanage Senior Consultants and Consultants including capability uplift through training and knowledgesharing.
• Contribute to practice growth through proposals service development thought leadership and continuous improvement of testing methodologies.
• Support in end-to-end business development and/or sales activities including proposal development quotations and client presentations

Skills & Experience

• Strong background in offensive security with demonstrated experience delivering and leading penetration testing and red/purple team engagements.
• Advanced technical expertise across common attack paths including identity endpoint network application and cloud security.
• Proven ability to lead technical delivery while remaining handson for complex or highrisk testing activities.
• Strong consulting and stakeholder engagement skills with the ability to communicate complex security issues in clear businessfocused language.
• Solid understanding of cyber risk control frameworks and threatinformed defence in an Australian regulatory context.
• Experience coaching and developing junior offensive security testers.
• High standards of documentation reporting quality and professional judgement.
• Continuous learning mindset with awareness of emerging threats attacker techniques and AIenabled attack vectors.

Qualifications :

• Tertiary qualification in Information Security Computer Science Cyber Security or a related discipline (or equivalent practical experience).
• Mandatory: Offensive Security Certified Professional (OSCP) or equivalent handson penetration testing certification.
• Highly desirable: CREST Registered Penetration Tester (CRT) or higherlevel CREST certifications.
• Additional certifications such as OSEP/OSCE CRTO/CRTP CISSP or CISM are advantageous and support broader leadership and riskbased engagements
• Preferred for Active NV1 Australian Federal Government Security Clearance.

Additional Information :

KPMG is a professional services firm with global outreach and deep sector experience. We work with clients across an array of industries to solve complex challenges steer change and enable growth. 

Our people are what make KPMG the thriving workplace that it is and what sets us apart is that we know great minds think differently. Collaborate with a team of passionate highly skilled professionals whove got your back. Youll build relationships with unique and diverse colleagues who will provide you with the support you need to be your best and produce meaningful and impactful work in an inclusive equitable culture.

At KPMG youll take control over how you work. Were embracing a new way of working in many ways from offering flexible hours and locations to generous paid parental leave and career breaks. Our people enjoy a variety of exciting perks including retail discounts health and wellbeing initiatives learning and growth opportunities salary packaging options and more.

Diverse candidates have diverse needs. During your recruitment journey information will be provided about adjustment requests. If you require additional support before submitting your application please contact the Talent Attraction Support Team.

At KPMG every career is different and we look forward to seeing how you grow with us.

KPMG Australia: grow with us!

Remote Work :

No

Employment Type :

Full-time