Experienced Associate - Cyber Security
Experienced Associate - Cyber Security
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Line of Service
AssuranceIndustry/Sector
Not ApplicableSpecialism
Conduct and ComplianceManagement Level
AssociateJob Description & Summary
We are PwC a global professional services company and a Big Four firm. We are seeking candidates who have experience in penetration testing red teaming or secure source-code review/development for the role of Associate Consultant/Penetration Tester within the Cybersecurity and Privacy team. The role may be based at either our Hanoi office or Ho Chi Minh City office. Joining PwC the successful candidate will have opportunities to collaborate with cybersecurity experts throughout the PwC global network and deliver cybersecurity services for clients in various sectors.Work in a highly innovative and transformative business
Work/life balance with access to flexible work arrangements
Salary packaging to suit your personal and financial circumstances
Professional certification sponsorship to develop your talent and enhance knowledge
What will your typical day look like
Do you thrive on developing creative and innovative insights to solve complex challenges Want to work on next-generation cutting-edge products and services that deliver outstanding value and that are global in vision and scope Work with other experts in your field Work for a world-class organisation that provides an exceptional career experience with an inclusive and collaborative culture
Responsibilities:
Conduct cybersecurity assessments covering web application and mobile application penetration testing in accordance with OWASP Top 10 and CWE Top 25
Conduct internal/external network penetration testing to assess clients network security risks and evaluate clients cybersecurity controls
Perform network vulnerability assessments to identify potential issues against network access controls and network segmentation
Engage in red teaming engagement projects and cyber-attack simulation testing to assess clients cybersecurity strategies
Engage source code reviews to identify potential logical errors in program flows misconfigurations and exploitable vulnerabilities in applications
Research collect and analyse cyber threat intelligence from threat actors
Work actively in supporting and following up on proposal processing in accordance with client expectations on a cross-border and global multinational basis
Continuously research and follow up on the latest IT security challenges and technologies (mobile digital trust IoT cloud blockchain etc.)
You are someone with:
Experience in web application development and software engineering
Knowledge of common infrastructure and web application vulnerabilities and common vulnerability categorisations such as OWASP CVSS
Experience in security testing including application testing penetration testing and vulnerability assessment
Experience in implementing network systems and deep understanding of common misconfigurations leading to security vulnerabilities in network systems
Ability to work under pressure and deliver quality work in tight timelines
Demonstrated experience of working with diverse stakeholders
Good communication and interpersonal skills
Willingness to take on new challenges gain new skills and work collaboratively in a dynamic and rapidly growing team
Training on self-development platforms (TryHackMe HackTheBox PentesterLabs PortSwigger Web Security Academy etc.)
Preferred:
Thorough understanding of common software security vulnerabilities (CWE Top 25 Most Dangerous Software Weaknesses)
Experience of conducting red teaming engagements and cyber-attack simulation testing
Demonstrated knowledge of penetration testing across several domains such as cloud and container security applied cryptography networks infrastructure etc.
Knowledge of developing hacking scripts/tools
Knowledge of secure development and/or DevSecOps experience including experience in securing code before deployment code review and vulnerability and dependency management
Experience in bug bounty programs or CVE hunting is an advantage
Preference will be given to candidates who hold one of the following industry certifications: OSCP OSWA eWPT eCPPT CRTP PNPT CREST CRT/CCT or equivalent
Preference will be given to candidates who hold relevant cloud certifications: AWS Azure GCP
Strong preference will be given to candidates who hold one of the following industry certifications: OSWE OSEP OSCE CRTO CRTE eCPTX eWPTX SANS
Education (if blank degree and/or field of study not specified)
Degrees/Field of Study required:Degrees/Field of Study preferred:Certifications (if blank certifications not specified)
Required Skills
Optional Skills
Accepting Feedback Accepting Feedback Active Listening Agile Methodology Azure Data Factory Communication Cybersecurity Cybersecurity Framework Cybersecurity Policy Cybersecurity Requirements Cybersecurity Strategy Emotional Regulation Empathy Encryption Technologies Inclusion Intellectual Curiosity Managed Services Optimism Privacy Compliance Regulatory Response Security Architecture Security Compliance Management Security Control Security Incident Management Security Monitoring 3 moreDesired Languages (If blank desired languages not specified)
Travel Requirements
Available for Work Visa Sponsorship
Government Clearance Required
Job Posting End Date
Required Experience:
Senior IC
Employment Type
Full-Time
