Home·Specialisms·Cyber Security Engineering

04 / Discipline - Specialist Search

Cyber Engineering

Security architects, application security engineers and platform-side defenders - for teams where compliance and resilience are board-level concerns.

What We Place

The roles we run, by level.

  • Senior Security & AppSec Engineers
  • Security Architecture Leads
  • Heads of Security / CISOs
  • Cloud Security & DevSecOps Engineers
  • GRC and compliance-track senior hires
  • Compliance: SOC2, ISO27001, IRAP, Essential 8, PCI-DSS

Where The Talent Sits

The pools we actually source from.

  • Security consultancies (Mandiant, NCC, Sense of Security, CyberCX)
  • Big-four cyber practices (Deloitte, KPMG, EY, PwC)
  • Government-cleared talent pools (NV1, NV2, PV)
  • Product-security teams at ASX-listed and Series-D scale-ups
  • Specialist AppSec engineers from product-led companies

Geographies

Sydney, Melbourne, Canberra (cleared work). Remote-Australia common at senior IC.

Comp Bands (2026)

Senior IC: $200k - $300k base. Architecture Leads: $260k - $370k base. CISOs / Heads of Security: $350k+ base + executive package.

Median Brief - Signed

21 days. 90% of mandates filled in ≤3 CVs.

How We Run The Search

Four steps. Twenty-one days.

01

Brief

90 minute working session. Scorecard signed off before any outreach.

02

Search

Direct outreach across APAC, EMEA and US. 200-400 named engineers per mandate.

03

Shortlist

3-5 calibrated candidates, each with a one-page technical memo.

04

Close

Pre-closed comp, counter-offer coaching, replacement guarantee.

Recent Cyber Searches

Indicative of where we run.

Indicative samples drawn from recent and active mandates. Specific clients available under NDA on request.

Further reading

Related insights.

Market Signals

Tech Hiring in Australia: Q1 2026 Monthly Snapshot

Hiring Process

What a Structured Intake Call Should Actually Cover

Founder Notes

What CTOs Are Optimising for in 2026

Common questions

Frequently asked.

What cyber security engineering roles do you recruit?

Application security engineers, security architects, platform-side defenders, GRC managers, CISOs and security engineering leadership. Both individual contributor and leadership levels.

Do you recruit for compliance-heavy industries like banking and government?

Yes. Re:Sourced runs cyber search for tier-1 banks, payment processors, government and government-adjacent organisations where compliance and resilience are board-level concerns.

Can you place CISOs and senior security architects?

Yes. CISO and head-of-security search are part of our executive cyber bookings. Typical search runs 4-8 weeks for executive levels.

What cyber salary bands should I expect for senior individual contributors?

Senior cyber engineers sit at AUD 170-200k base in Sydney for 2026, base only, 25th-75th percentile of accepted offers. Security architects at principal level reach AUD 200-220k. AppSec profiles price at the top of the senior band.

Do you support contractor placements for security teams?

Yes. Day-rate contractor and statement-of-work placements are common in cyber, especially for project-bounded work like SOC 2/ISO27001 build-outs and pen-test programs. Senior day rates run AUD 950-1,200 excluding GST.

How much more do security-cleared engineers cost?

NV1 clearance adds 15-20 per cent over uncleared bands; NV2 and TS extend to 20-25 per cent. Cleared searches also run longer - 30-45 days median versus the 21-day general benchmark - because the pool is a fraction of the size.

Which cyber profile is hardest to hire in 2026?

Application security engineers who can read code and threat-model in the same session. AppSec demand at listed financial services outstrips supply more than any other cyber profile.

How do you screen cyber engineers before shortlisting?

A live conversation covering systems they have defended or assessed, how they communicate risk to non-security stakeholders, and clearance status where relevant. Strong cyber hires are as much about judgement as tooling - we screen for both.

Can you run a confidential CISO search?

Yes. Executive cyber searches run retained and confidential by default, with anonymised briefs until mutual interest is established.

Submit a brief

Run a structured Cyber search.

30 minute working session. No fee until placement. Replacement inside 90 days.

Submit a brief Back to all specialisms