Trusted Services For What Matters.

elttam is an independent security boutique providing research-driven security assessment services. We combine pragmatism and deep technical insight to help our customers secure their most important assets.

Security Assessment Services.

We offer premium independent security assessment services that's tailored to meet the requirements of each project we undertake.

Services Overview

We offer premium product security assessment, assumed breach simulation, and applied research services.

For each project, we understand the goals, scope, and priorities, then tailor the end-to-end engagement to meet delivery requirements.

Use the tabs above to read a summary about each service and the technologies that we cover. For inquiries, please click here.

Product Security Assessment

We specialise in white-box security assessments of products at all layers of the technology stack, providing customers a collaborative, code-assisted, and threat-driven approach to security assessments.

This service helps organisations identify vulnerabilities and weaknesses, gain insights into software security maturity, and iteratively evolve security assurance practices to fortify products against likely threats.

If you are responsible for product security and seeking a thorough assessment with tangible outcomes, please contact us.

Assumed Breach Simulation

Our assumed breach service is a scenario driven simulation using the Tactics Techniques and Procedures (TTPs) of modern threat actors leveraging compromised applications, systems, or users.

This service helps organisations prioritise their security roadmap and engineering efforts to incrementally mature security controls and incident response readiness.

If you are responsible for infrastructure security and interested in assumed breach testing, please contact us.

Applied Research

Our applied research service provides customers with independent, technical third-party expertise related to vulnerability research and security engineering.

This service helps organisations understand and respond to relevant security threats and weaknesses in supply chain dependencies and emerging technologies.

If you're responsible for projects with nuanced security requirements that requires deep expertise, please contact us.


We have extensive experience assessing a range of technologies, from applications down to low-level firmware. Our team has skill-sets at different layers, languages, and system types, so we're versatile at tackling multi-component systems.

By seeing such a wide variety of technologies in the field, it allows us to continuously evolve our internal processes, research new trends, and bring useful insight for identifying weaknesses and providing guidance.

Examples of the types of technologies we cover include:

Application Security

Modern web frameworks & languages, enterprise web applications, thick-clients, and mobile applications.

Cloud Infrastructure

Environments built on Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).

Systems Security

Client/server applications and libraries down to OS kernels and drivers, hypervisors and firmware.

Embedded Security

Devices ranging from consumer Internet of Things (IOT) through to specialised security hardware.

About Us.

Founded in 2015, elttam was created with the mission to provide independent high-quality technical security services. Today, our team works closely with dozens of customers across numerous sectors and geographic regions that trust us to help protect their most important assets.

As technology continues to evolve and intertwine in our lives, we aim to keep on the forefront to manage security and privacy threats of key technologies we all use and depend on. We do this via an agile way of operating that ensures our work aligns with our values, while also prioritising our teams well-being.

Follow us.

Twitter   LinkedIn

Research & Development.

We perform research and development to stay on top of industry trends and investigate technologies and novel problems observed in the field.

Research Blog

Published blog posts from the team on security research.

Read More

Conference papers, slides, and public advisories.

Read More

A library of capture-the-flag levels we've shared for others to play.

Read More
Semgrep Rules

A collection of semgrep rules developed by our team.

Read More

Talkback is a smart infosec resource aggregator.

Read More

Media Coverage

Our Careers.

We always have an eye out for folks who identify with what we do and our ethos, and believe they may have something to contribute to our team.

Senior Security Consultant - Remote

We're looking for a senior level security consultant to join our team who specialises in software security. This person will have a solid background in technical security assessments, with experience performing code auditing to find security flaws. Read more.

Why Work With Us?

We work with companies who share our values and care about improving their security. You will have a lot of independence and be a part of a flexible work environment with exposure to a diverse range of technologies in a variety of industries. We place a strong focus on self-development, collaboration, and well-being of our team, and foster a supportive workplace to learn and grow.

Perks & Benefits

  • Dedicated research time
  • Professional development budget
  • Performance based bonuses
  • Flexible work location

  • Flexible work hours
  • Travel opportunities
  • Health and wellness programme
  • Annual off-site team get together

Application Process

We grow our team organically and every new joiner is important to us. We're up for a casual chat with any folks who follow the process below so we can learn more about each other and see if there's a fit and suitable role, in which we'd kick-off a technical interview process.

If you're an Australian citizen or have a suitable work visa and would like a friendly chat about potential opportunities, please complete a level of your choice at and e-mail with a solution write-up and CV.

Contact Us.

Service Inquiries

Office Hours
Email Inquiry

Office Locations.