A list of information security companies that offer penetration testing services and/or other offensive red side orientated services at any level.
Please feel free to submit pull requests to add in companies that may be missing from the list. The list currently doesn't include companies only offering managed services and/or blue side services which is probably a better fit for another list.
N/a - Represents an unknown, if you have information on this please create a pull request. Furthermore note that size represents the entire company and not just the penetration testing team size. Lastly the size and hiring status are not often updated.
This list details companies that are considered to be 'amalgamated' having been bought out by a parent company.
| Company Name | Website | Parent Company / Independent | Main Location | Size | Hiring? | Student Intake? | Notes |
|---|---|---|---|---|---|---|---|
| Alcorn Group | No longer exists (Redirects to CyberCx) | CyberCx | Brisbane | N/a | N/a | Yes | N/a |
| Assurance | No longer exists (Redirects to CyberCx) | CyberCx | Melbourne | N/a | N/a | Yes | N/a |
| Asterisk | No longer exists (Redirects to CyberCx) | CyberCx | Perth | N/a | N/a | Yes | N/a |
| CQR | No longer exists (Redirects to CyberCx) | CyberCx | Adelaide | N/a | N/a | Yes | N/a |
| Diamond Cyber | No longer exists (Redirects to CyberCx) | CyberCx | Perth | N/a | N/a | Yes | N/a |
| Foresight | https://foresight.security/ | CyberCx | Canberra | N/a | Yes | Yes | N/a |
| Insomnia | https://insomniasec.com | CyberCx | New Zealand | N/a | N/a | Yes | N/a |
| Sense of Security | No longer exists (Redirects to CyberCx) | CyberCx | Sydney | N/a | N/a | Yes | N/a |
| Shearwater | No longer exists (Redirects to CyberCx) | CyberCx | Sydney | N/a | N/a | Yes | N/a |
| TSS Cyber | No longer exists (Redirects to CyberCx) | CyberCx | Canberra | N/a | N/a | Yes | N/a |
| Yell IT | No longer exists (Redirects to CyberCx) | CyberCx | Brisbane | ~30 | N/a | Yes | N/a |
| CXO Security | https://www.cxosecurity.com.au | Sekuro | Sydney | N/a | N/a | N/a | N/a |
| Solista | https://solista.com.au/ | Sekuro | Sydney | N/a | N/a | N/a | N/a |
| Privasec | https://privasec.com/ | Sekuro | Sydney | ~50 | Yes | Yes, specific program for grads and interns | N/a |
| Ernst & Young (EY) | https://www.ey.com | Big Four | Global | N/a | N/a | N/a | N/a |
| PWC | https://www.pwc.com.au/ | Big Four | Global | N/a | N/a | N/a | N/a |
| Deloitte | https://www2.deloitte.com | Big Four | Global | N/a | N/a | N/a | N/a |
| KPMG | https://home.kpmg | Big Four | Global | N/a | N/a | N/a | N/a |
| Lateral Security | https://www.lateralsecurity.com/ | Tesserent | Sydney | N/a | N/a | N/a | N/a |
| Loop Secure | https://www.loopsec.com.au | Tesserent | Sydney | N/a | Yes | N/a | N/a |
| Ludus Cyber Security | https://luduscybersecurity.com/ | Tesserent | Canberra | ~8 | N/a | N/a | N/a |
| North | https://northsd.com.au/ | Tesserent | Canberra | N/a | Yes | N/a | N/a |
| Pure Security | https://pure.security/ | Tesserent | Melbourne | ~40 | Yes | N/a | Amalgamation of PureHacking, HackLabs, SecurusGlobal, and Certitude |
| Seer Security | https://www.seersec.com.au/ | Tesserent | Canberra | ~10 | N/a | N/a | N/a |
| Context IS | https://www.contextis.com | Accenture | Global (UK) | N/a | N/a | Yes, hires grads and interns | N/a |
| Trustwave | https://www.trustwave.com/ | Singtel | Global (USA) | N/a | Yes | Yes, hires grads/interns | N/a |
| eSecure | https://www.esecure.com.au | Orro | Melbourne | ~35 | Yes | Yes, hires graduates | N/a |
This list details companies that are considered to be 'independent' with no overarching parent company. Many of these include smaller boutique shops, and shops that only do penetration testing on the side. Although there are some notable big names in there.
| Company Name | Website | Parent Company / Independent | Main Location | Size | Hiring? | Student Intake? | Notes |
|---|---|---|---|---|---|---|---|
| AirGlow Security | https://airglowsecurity.com.au | Independent | Melbourne | N/a | N/a | N/a | N/a |
| Aurian Security | https://www.aurian.com.au | Independent | Sydney, Brisbane | ~2 | N/a | N/a | N/a |
| Content Security | https://www.contentsecurity.com.au/ | Independent | Sydney | ~40 | N/a | N/a | N/a |
| Cyber Partners | https://cyberpartners.com.au/ | Independent | Brisbane | ~5 | N/a | N/a | N/a |
| Elttam | https://www.elttam.com/ | Independent | Melbourne | ~20 | N/a | N/a | N/a |
| Fireeye (Mandiant) | https://www.fireeye.com/mandiant.html | Independent | Global (USA) | N/a | N/a | N/a | N/a |
| GridWave | https://www.gridware.com.au | Independent | Sydney | ~10 | N/a | Yes, Internship program | N/a |
| Hacktive | https://hacktive.io/ | Independent | Sydney | ~8 | N/a | N/a | N/a |
| IBM (X-Force Red) | https://www.ibm.com/au-en/security/services/offensive-security-services | Independent | Global (USA) | N/a | N/a | N/a | N/a |
| InfoTrust | https://infotrust.com.au/ | Independent | Sydney | ~30 | Yes | N/a | N/a |
| Intalock | https://www.intalock.com.au/ | Independent | Brisbane | ~20 | N/a | N/a | N/a |
| Ionize | https://ionize.com.au | Independent | Sydney | ~20 | Yes | N/a | N/a |
| Mercury Infosec | https://mercuryiss.com.au | Independent | Sydney | ~10 | Yes | N/a | N/a |
| NCC Group | https://www.nccgroup.com | Independent | Global (UK) | N/a | Yes | Yes, hires grads and interns | N/a |
| Pulse Security | https://pulsesecurity.co.nz/ | Independent | New Zealand | N/a | N/a | N/a | N/a |
| Quantum Security Services | https://www.quantumsecurity.co.nz/ | Independent | New Zealand | N/a | N/a | N/a | N/a |
| RedCursor | https://www.redcursor.com.au/ | Independent | Sydney | ~4 | N/a | Yes, hires grads/interns | N/a |
| Rightsec | https://www.rightsec.com.au | Independent | Brisbane | ~3 | N/a | N/a | N/a |
| Secolve | https://www.secolve.com/ | Independent | Sydney | ~2 | N/a | N/a | N/a |
| Security Centric | https://www.securitycentric.com.au/ | Independent | Sydney | ~8 | N/a | N/a | N/a |
| Sentaris | https://www.sentaris.com.au/ | Independent | Melbourne | ~6 | N/a | N/a | N/a |
| Shea Security | https://sheasecurity.com.au/ | Independent | Melbourne | ~3 | N/a | N/a | N/a |
| Silent Grid | https://www.silentgrid.com/ | Independent | Sydney | N/a | N/a | N/a | N/a |
| Skylight Cyber | https://skylightcyber.com/ | Independent | Sydney | N/a | N/a | N/a | N/a |
| Stickman | https://www.stickman.com.au | Independent | Sydney | ~30 | N/a | N/a | N/a |
| Themissinglink (TML) | https://www.themissinglink.com.au | Independent | Sydney | ~100 | Yes | N/a | N/a |
| Triskele Labs | https://triskelelabs.com/ | Independent | Melbourne | ~20 | N/a | Yes | N/a |
| Threat Intelligence | https://www.threatintelligence.com | Independent | Sydney | ~10 | Yes | No | N/a |
| Vertex Security | https://www.vtxsecurity.com.au/ | Independent | Sydney | ~5 | N/a | N/a | N/a |
| Volkis | https://www.volkis.com.au/ | Independent | Sydney, Brisbane | ~3 | N/a | W.I.P | 🐺 |
| Zerosource | https://www.zerosource.io/ | Independent | Sydney, Canberra | ~5 | N/a | N/a | N/a |
| ZX Security Ltd | https://zxsecurity.co.nz/ | Independent | New Zealand | ~20 | N/a | Summer of Tech | N/a |