Application Penetration Testing Manager
Share
Job Location:
Prague - Czech Republic
Monthly Salary:
Not Disclosed
Posted on:
6 hours ago
Vacancies:
1 Vacancy
Job Summary
Job Description & Summary
About the team
A career in our Network Information Security (NIS) team willprovideyouthe opportunity to solve our clients most critical application and data protection challenges. As a Manager in the Application Penetration Testing team you will lead complex testing engagements shape our service offerings and develop our people.Youllcombine deep technical tradecraft with strong client leadership to helporganizationsunderstand and manage realworld application security risk.
You will work closely with CISOs engineering leaders and product teams to scope deliver and explain application security assessments across web mobile API and cloudnative environments. You willbe responsible forquality timelines and risk management on your projects while also contributing to innovation in testing techniques and the way we use automation and AI to extend our capabilities.
Job description & summary
PwC Professional skills and responsibilities for this management level include but are not limited to:
Lead multiple concurrent application penetration testing engagements from planning to reporting ensuring quality timeliness andinternalclient satisfaction.
Scope and design testing approaches for complex applications (web mobile APIs microservices cloudnative) balancing risk coverage effort and client constraints.
Assist EMEA CISO/BISO teams on number of AppSecinitiativeswithinEMEA;
Apply advanced manual testing techniques (e.g.business logic abuse multistep workflows chained exploitsmust have) alongside targeted use of automated tools and AIassisted capabilities.
Review and challenge technical findings produced by theteam ensuring accuracy clear risk articulation and practical remediation guidance for engineering audiences.
Translate technical results into businessrelevant impact for senior stakeholders (e.g.data exposure fraud risk compliance impact) and lead readouts with client security and product leadership. must have
Coach and mentor junior and senior penetration testers providing structured feedback onthejob training and stretch opportunities to develop their tradecraft and consultingskills.must have
Use engagement reviews as an opportunity to systematically uplift team capabilitystandardizegood practices and drive consistency in testing depth and reporting quality.
Contribute to service development by enhancing methodologies checklists and tooling approaches (including AIaugmented testing workflows) and embedding them across the team.
Collaborate with account teams and leadership toidentifyfollowon or adjacent opportunities (e.g.secure SDLC threat modelling code review developer training) based onidentifiedweaknesses.
Support shapingupservice-relatedchallenges on complextechnical approaches effort estimates and risk mitigations for application security assessments.
Foster a positive and inclusive team environment by effectively managing workloads supporting work-life balance anddemonstratingopen respectful communication.
Use feedback and reflection to continuously refine your leadership technical and commercial skills and uphold the firms code of ethics and business conduct.
Requirements of the role
Bachelors Degree (Computer and Information Science Computer Applications Computer Engineering InformationCyberSecurity Information Technology Management InformationSystemsor equivalent experience.)
5 years of experience in application security / penetration testing including significant handson testing and at least 12 years in a lead or supervisory role.Good to have
Required Technical Skills and Knowledge
Demonstrates extensive knowledge and/or a proven record of success in the following areas:
Indepth understanding of web applications APIs and services including platforms and stacks such as IIS Apache variants Nginx modern frontend frameworks and common API technologies (REST SOAPGraphQL).must have
Strong understanding of web and application security frameworks and guidance including OWASP Top 10 OWASP API Top 10 OWASP MASVS and SANS/CWE Top 25.must have
Proven ability toidentifyand exploit application vulnerabilities such as SQL injection XSS CSRF SSTI IDORauthN/authZflaws and logic issues and todemonstraterealistic business impact.must have
Handson use of industrystandard testing tools (e.g.Burp Suite Pro ZAP proxy tools interception frameworks) and familiarity with SAST/DAST/IAST and API security testing tools.must have
Solid understanding of application hosting environments: Windows and Linux web servers application servers databases WAFs load balancers reverse proxies and common cloud platforms (AWS Azure GCP).- Good to have
Experience designing and executing tests for modern architectures (microservices containers serverless CI/CDdriven deployments) and integrating findings into secure SDLC practices.Good to have
Experience using or evaluating AIassisted techniques in security testing (e.g.AIaided recon test idea generation or report support) withappropriate validationand risk controls.Good to have
Required Professional Skills and Abilities
Demonstrates abilities and/or a proven record of success in the following areas:
Leading endtoend application penetration testing engagements including scoping planning execution oversight issue escalation and stakeholder communication.
Managing small to mediumsized teams of testers delegating effectively and ensuring consistent test coverage and quality.
Reviewing and refining technical reports for clarity accuracy risk rating and actionable remediation steps tailored to developers and architects.
Communicating complex technical concepts clearly and succinctly to both technical and nontechnical stakeholders adapting depth and style asappropriate.
Building andmaintainingstrong client relationshipsparticipatingactively in discussions and positioning relevant addon services aligned to client needs.
Balancing project economics (budget effort and scope) whilemaintainingagreed quality standards and addressing unanticipated issues constructively.
Creating a positive team climate bymonitoringworkloads providingtimelyfeedback and supporting the growth and wellbeing of team members.
Proactivelyseekingand incorporating guidance clarification and feedback from leadership and keeping stakeholders informed of progress risks and issues.
Our Benefits and Fun
Concentrated experience and rapid career growth. It may sound like a platitude but it really is.
Fair salary and time off in lieu (toil)
Paid time off 25 days 3 well being days and 1 extra day off from the company at the end of the year.
High-end Ultrabook and iPhone with unlimited data.
The possibility to set your work schedule flexibly. We also offer part-time work from home
Benefit program with 55.000 points that you can use for holidays education food vouchers sports health... Simply on what you enjoy.
Support for your education and development: we offer business and digital training and many other training and workshops to further develop your personal and professional skills. We pay for technical certifications and the time you spend studying them.
Regular feedback on your work also consultation with a coach with whom you can address your further development and career direction.
PwC is the largest audit team in the Czech Republic law tax consulting and technology data or forensic teams. Find out how easy it is to combine this knowledge when youre in the right place. With us you will get the opportunity to see how business is done in large companies. We are part of an international network of companies with more than 364000 colleagues in 151 countries. At PwC we create an inclusive work environment where everyone can be themselves and find their place and opportunity to develop.
This year we have successfully maintained the prestigious Equal Pay Certification making us one of only four companies in the Czech Republic (and the only one from the Big 4) that demonstrably implements fair compensation practices regardless of gender.
Are you interested in our offer Let us know about yourself and we will discuss more details together!
Ochrana osobních údajů pro žadatele o zaměstnání/Privacy Statement for Recruitment Applicants
#LI-PN
Required Experience:
Manager
Key Skills
- IT Experience
- Project Management Methodology
- Technical Project Management
- Data Collection
- Image Processing
- Waterfall
- ITIL
- Project Management
- Microsoft Project
- Health Information Management
- Epic
- SDLC
About Company
At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 155 countries with over 284,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by vis ... View more
