We’re Civica and we make software that helps deliver critical services for citizens all around the world. From local to state government, to education, to health and care, over 5,000 public bodies across the globe use our software to help provide critical services to over 100 million citizens.
Our aspiration is to be a GovTech champion everywhere we work around the globe, supporting the needs of citizens and those that serve them every day. Building on 21 years of continuous growth and success, we're at a pivotal point on our journey to realise that aspiration.
As a company, we’re passionate about what we do and the citizens we help to serve. If you too would like to help champion the use of technology in public services, to improve outcomes for citizens and public sector organisations, then Civica is the right place for you. We will help you unlock the best version of yourself, achieve growth in your career whilst making a real difference to people and communities.
Why you’ll love this opportunity as Junior Penetration Tester at Civica
Step into a dynamic role where you’ll assist in penetration testing across web, mobile, API, and network environments, working closely under the guidance of senior experts. You’ll gain hands‑on exposure to industry‑standard frameworks like OWASP Top 10 and SANS/CWE Top 25, helping identify and understand common vulnerabilities that shape modern security practices.
Your contributions will include documenting findings with clear reproduction steps and actionable remediation recommendations, ensuring teams can resolve issues effectively. You’ll actively participate in real‑world security testing engagements across applications and networks, building confidence and technical depth.
Most importantly, you’ll stay at the forefront of cybersecurity by continuously learning about the latest vulnerabilities, exploits, and research — developing the skills that will make you a trusted security professional and future leader in the field.
Requirements
Apply if you have:
- 0–1 year of penetration testing experience — lab work, CTF challenges, or internship experience welcome.
- Basic understanding of OWASP Top 10 and common vulnerabilities (SQLi, XSS, CSRF, IDOR).
- Foundational knowledge of web application security with exposure to tools such as Burp Suite, OWASP ZAP, or similar.
- Basic grasp of network security concepts — TCP/IP, DNS, firewalls — and familiarity with tools like Nmap or Wireshark.
- Awareness of CVSS for understanding vulnerability severity ratings (preferred but not mandatory).
- Basic scripting knowledge in Python, Bash, or PowerShell (a plus).
It would be good if you have:
- Certifications such as CEH or eJPT.
- Hands‑on experience with Capture the Flag (CTF) platforms, Hack The Box, or TryHackMe.
- Personal lab setups, bug bounty participation, or academic security projects that showcase initiative and curiosity.
Benefits
Why you'll love working with us.
We know that when our people are happy, they will work better and have greater work satisfaction. Here's what you can expect:
We're all different - and we love this about us.
We provide an inclusive, safe, and welcoming environment to all Civicans - there are heaps of opportunities to enable you to grow and be your best.
Giving culture - we encourage you to "give back" with benefits such as our Days of Difference leave where you can volunteer for a charity of your choice.
Flexible Work - we have comprehensive flexibility options including part-time work, adjusted hours, staggered shifts, and hybrid or remote working, supporting work–life balance based on individual needs.
Apply for this job - Become part of something special Do you see yourself in this role? If so, then we would love to hear from you.
