Senior Associate Cyber Security Consultant (GRCPentest)

Hanoi - Vietnam

Monthly Salary: Not Disclosed

Posted on: 30+ days ago

Vacancies: 1 Vacancy

Job Summary

Line of Service

Assurance

Industry/Sector

Not Applicable

Specialism

Cybersecurity & Privacy

Management Level

Senior Associate

Job Description & Summary

We are PwC a global professional services company and a Big Four firm. We are seeking candidates who have experience in penetration testing red teaming or secure source-code review/development for the role of Consultant/ Senior Consultant within the Cybersecurity and Privacy team. The role may be based either at our Ho Chi Minh City office. Joining PwC the successful candidate will have opportunities to collaborate with cybersecurity experts throughout the PwC global network and deliver cybersecurity services for clients in various sectors.
Work in a highly innovative and transformative business
Work/life balance with access to flexible work arrangements
Salary packaging to suit your personal and financial circumstances
Professional certification sponsorship to develop your talent and enhance knowledge

Responsibilities:

Lead the team in cybersecurity assessments covering web application and mobile application penetration testing in accordance with OWASP Top 10 framework and CWE Top 25 most dangerous software weaknesses
Lead the team in network penetration tests and vulnerability assessments to identify potential issues against network access control and network segmentation
Conduct source code reviews to identify potential logical errors in program flows misconfigurations and exploitable vulnerabilities in the applications
Conduct red teaming engagement and cyber-attack simulation testing to assess clients cybersecurity strategies
Research collect and analyse cyber threat intelligence from threat actors
Engage in establishing network infrastructure for red teaming activities including but not limited to command & control (C2) servers SMTP relay mail servers web servers and reverse proxies
Design and launch phishing attacks to generate reports for increasing awareness of employees regarding different types of phishing techniques
Provide pragmatic recommendations on the identified risks
Deliver both management-level and detailed technical reporting of observations along with assisting in giving presentations to both technical and business stakeholders
Deliver complex Cybersecurity consulting and engineering projects involving diverse technologies and multidisciplinary delivery teams and stakeholder groups
Collaborate with clients colleagues and technology alliance partners on identifying and developing solutions for assessing and enhancing cyber security operations
Engage with threat intelligence hunting and incident response activities to keep up to date with trends in technology security and the threat landscape
Train coach and mentor junior team members
Lead day-to-day delivery activities including client and internal communication management as well as technical quality control
Work actively in supporting and following up on proposal processing in accordance with client expectations on a cross-border and global multinational basis
Continuously research and follow up on the latest IT security challenges and technologies (mobile digital trust IoT cloud blockchain etc.)

You are someone with:

3 years of proven experience in conducting either network and infrastructure or web/API or mobile application penetration testing and be able to independently manage engagement delivery
Experience in leading and supervising engagement teams in penetration testing and vulnerability assessment projects
Thorough understanding of common infrastructure and web application vulnerabilities and common vulnerability categorisations such as OWASP and CVSS
Knowledge of common software security vulnerabilities (CWE Top 25 Most Dangerous Software Weaknesses)
Experience in penetration testing and vulnerability assessment across one of the several following domains: web and mobile applications cloud and container security reverse engineering applied cryptography networks infrastructure etc.
Ability to work under pressure and deliver quality work in tight timelines
Demonstrated experience of working with diverse stakeholders
Excellent communication and interpersonal skills
Willingness to take on new challenges gain new skills and work collaboratively in a dynamic and rapidly growing team
One of the following industry certifications: OSCP OSWA eWPT eCPPT CRTP PNPT CREST CRT/CCT or equivalent

Preferred:

Experience in conducting red teaming engagements and cyber-attack simulation testing
Experience in developing hacking scripts/tools
Secure development and/or DevSecOps experience including experience of securing code before deployment code review and vulnerability and dependency management
Ability to communicate strategic information security topics policies and standards as well as risk-related concepts to technical and non-technical audiences
Experience in bug bounty programs or CVE hunting is an advantage
Preference will be given to candidates who hold relevant cloud certifications: AWS Azure GCP
Strong preference will be given to candidates who hold one of the following industry certifications: OSWE OSEP OSCE CRTO CRTE eCPTX eWPTX SANS
Strong preference will be given to candidates who hold one of the following professional certifications: CISSP CCSP CSSLP CISM CRISC PMP

Education (if blank degree and/or field of study not specified)

Degrees/Field of Study required:

Degrees/Field of Study preferred:

Certifications (if blank certifications not specified)

Required Skills

Optional Skills

Accepting Feedback Accepting Feedback Active Listening Agile Methodology Analytical Thinking Azure Data Factory Communication Creativity Cybersecurity Cybersecurity Framework Cybersecurity Policy Cybersecurity Requirements Cybersecurity Strategy Embracing Change Emotional Regulation Empathy Encryption Technologies Inclusion Intellectual Curiosity Learning Agility Managed Services Optimism Privacy Compliance Regulatory Response Security Architecture 8 more

Desired Languages (If blank desired languages not specified)

Travel Requirements

Available for Work Visa Sponsorship

Government Clearance Required

Job Posting End Date

December 29 2025

Required Experience:

Senior IC

Line of ServiceAssuranceIndustry/SectorNot ApplicableSpecialismCybersecurity & PrivacyManagement LevelSenior AssociateJob Description & SummaryWe are PwC a global professional services company and a Big Four firm. We are seeking candidates who have experience in penetration testing red teaming or se...