PricewaterhouseCoopers

Line of Service

Assurance

Industry/Sector

Not Applicable

Specialism

Cybersecurity & Privacy

Management Level

Senior Associate

Job Description & Summary

A career in our Cyber Security practice, within Risk Assurance Compliance and Analytics services, will provide you with the opportunity to assist clients in developing analytics and technology solutions that help them detect, monitor, and predict risk. Using advanced technology, we’re able to focus on establishing the right controls, processes and structures for our clients to ensure that decisions are based on accurate information and assure that information provided to third parties is accurate, complete, and can be trusted.

Our team helps business leaders protect and manage their risk related to information regarding technology, people, systems, processes, culture, and physical surroundings. We help clients’ understand their current capability and develop a plan to target cyber security investment, helping to respond to actual cyber incidents, and advising on legal issues related to breaches, data privacy, and protection.

Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cutting-edge products and services that deliver outstanding value and that are global in vision and scope? Work with other experts in your field? Work for a world-class organisation that provides an exceptional career experience with an inclusive and collaborative culture?

Responsibilities:

• Lead team in cybersecurity assessments, covering web application, mobile application penetration testing in accordance with OWASP Top 10 framework and CWE Top 25 most dangerous software weaknesses.
• Lead team in network penetration tests and vulnerability assessments to identify potential issues against network access control and network segmentation.
• Conduct source code reviews to identify potential logical errors in program flows, misconfigurations, and exploitable vulnerabilities in the applications.
• Conduct red teaming engagement and cyber-attack simulation testing to assess client’s cybersecurity strategy.
• Research, collect and analyse cyber threat intelligence from threat actors.
• Engage in establishing network infrastructure for red teaming activities, including but not limited to Command & Control ("C2") server, SMTP Relay mail server, web server, and reverse proxy.
• Design and launch Phishing attacks to generate reports for increasing awareness of employees regarding different types of phishing techniques.
• Provide pragmatic recommendations on the identified risks.
• Deliver both management and detailed technical reporting of observations, along with assisting presentations to both technical and business stakeholders. 
• Training, coaching and mentoring junior Penetration Testers. 
• Leading the day-to-day penetration testing delivery activities, including client and internal communication management, as well as technical quality control.
• Work actively in supporting and following up proposal processing with client expectations on a cross-border and global multi-national basis.
• Continuously research and follow up the latest IT security challenges and technologies (Mobile, Digital trust, IoT, Cloud, Blockchain etc).

You are someone with:

• You will have 3+ years proven experience in conducting either network and infrastructure or web/api or mobile application penetration testing and be able to independently manage engagement delivery.
• Experience in leading and supervising engagement teams in penetration testing and vulnerability assessment projects.
• Thorough understanding about common infrastructure and web application vulnerabilities and common vulnerability categorizations such as OWASP, CVSS.
• Knowledge about common software security vulnerabilities (CWE Top 25 Most Dangerous Software Weaknesses).
• Experience in penetration testing and vulnerability assessment across one of several following domains: web and mobile application, cloud and container security, reverse engineering, applied cryptography, networks infrastructure, etc.
• Ability to work under pressure and deliver quality work in tight timelines.
• Demonstrated experience working with diverse stakeholders.
• Excellent communication and interpersonal skills.
• Willingness to take on new challenges, gain new skills and work collaboratively in a dynamic and rapidly growing team.
• Hold one of the following industry certifications: OSCP, OSWA, eWPT, eCPPT, CRTP, PNPT, CREST CRT/CCT, or equivalent.

Preferred:

• Experience in conducting red teaming engagements and cyber-attack simulation testing.
• Experience in developing hacking scripts/tools.
• Secure development and/or DevSecOps experience, including securing code before deployment, including code review, vulnerability and dependency management.
• Ability to communicate strategic information security topics, policies, and standards as well as risk-related concepts to technical and nontechnical audiences.
• Experience in bug bounty programs or CVE hunting is an advantage.
• Preferred to hold relevant cloud certifications: AWS, Azure, GCP
• Strongly preferred to hold one of the following industry certifications: OSWE, OSEP, OSCE, CRTO, CRTE, eCPTX, eWPTX, SANS.
• Strongly preferred to hold one of the following professional certifications: CISSP, CCSP, CSSLP, CISM, CRISC, PMP.

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required:

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Optional Skills

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Up to 40%

Available for Work Visa Sponsorship?

No

Government Clearance Required?

No

Job Posting End Date

March 31, 2024