Senior Associate - Cyber Security
Hanoi, Vietnam
ā ļø We'll shut down after Aug 1st - try fooš¦ for all jobs in tech ā ļø
PwC
We unite expertise and tech so you can outthink, outpace and outperformā.Line of Service
AssuranceIndustry/Sector
Not ApplicableSpecialism
Conduct and ComplianceManagement Level
Senior AssociateJob Description & Summary
We are PwC, a global professional services company and a Big Four firm. We are seeking candidates who have experience in penetration testing, red teaming or secure source-code review/development for the role of Senior Consultant/Penetration Tester within the Cybersecurity and Privacy team. The role may be based either at our Hanoi office or Ho Chi Minh City offices. Joining PwC, the successful candidate will have opportunities to collaborate with cybersecurity experts throughout the PwC global network and deliver cybersecurity services for clients in various sectors.Work in a highly innovative and transformative business
Work/life balance with access to flexible work arrangements
Salary packaging ā to suit your personal and financial circumstances
Professional certification sponsorship ā to develop your talent and enhance knowledge
What will your typical day look like?
Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cutting-edge products and services that deliver outstanding value and that are global in vision and scope? Work with other experts in your field? Work for a world-class organisation that provides an exceptional career experience with an inclusive and collaborative culture?
Responsibilities:Ā
Lead the team in cybersecurity assessments, covering web application and mobile application penetration testing in accordance with OWASP Top 10 framework and CWE Top 25 most dangerous software weaknessesĀ
Lead the team in network penetration tests and vulnerability assessments to identify potential issues against network access control and network segmentationĀ
Conduct source code reviews to identify potential logical errors in program flows, misconfigurations, and exploitable vulnerabilities in the applicationsĀ
Conduct red teaming engagement and cyber-attack simulation testing to assess clientsā cybersecurity strategiesĀ
Research, collect and analyse cyber threat intelligence from threat actorsĀ
Engage in establishing network infrastructure for red teaming activities, including but not limited to command & control ("C2") servers, SMTP relay mail servers, web servers, and reverse proxiesĀ
Design and launch phishing attacks to generate reports for increasing awareness of employees regarding different types of phishing techniquesĀ
Provide pragmatic recommendations on the identified risksĀ
Deliver both management-level and detailed technical reporting of observations, along with assisting in giving presentations to both technical and business stakeholdersĀ
Train, coach and mentor junior penetration testersĀ
Lead day-to-day penetration testing delivery activities, including client and internal communication management, as well as technical quality controlĀ
Work actively in supporting and following up on proposal processing in accordance with client expectations on a cross-border and global multinational basisĀ
Continuously research and follow up on the latest IT security challenges and technologies (mobile, digital trust, IoT, cloud, blockchain etc.)Ā
Ā
You are someone with:Ā
3+ years of proven experience in conducting either network and infrastructure or web/API or mobile application penetration testing and be able to independently manage engagement deliveryĀ
Experience in leading and supervising engagement teams in penetration testing and vulnerability assessment projectsĀ
Thorough understanding of common infrastructure and web application vulnerabilities and common vulnerability categorisations such as OWASP and CVSSĀ
Knowledge of common software security vulnerabilities (CWE Top 25 Most Dangerous Software Weaknesses)Ā Ā
Experience in penetration testing and vulnerability assessment across one of the several following domains: web and mobile applications, cloud and container security, reverse engineering, applied cryptography, networks infrastructure, etc.Ā
Ability to work under pressure and deliver quality work in tight timelinesĀ
Demonstrated experience of working with diverse stakeholdersĀ
Excellent communication and interpersonal skillsĀ
Willingness to take on new challenges, gain new skills and work collaboratively in a dynamic and rapidly growing teamĀ
One of the following industry certifications: OSCP, OSWA, eWPT, eCPPT, CRTP, PNPT, CREST CRT/CCT, or equivalentĀ
Ā
Preferred:Ā
Experience in conducting red teaming engagements and cyber-attack simulation testingĀ
Experience in developing hacking scripts/toolsĀ
Secure development and/or DevSecOps experience, including experience of securing code before deployment, code review, and vulnerability and dependency managementĀ
Ability to communicate strategic information security topics, policies, and standards as well as risk-related concepts to technical and non-technical audiencesĀ
Experience in bug bounty programs or CVE hunting is an advantageĀ
Preference will be given to candidates who hold relevant cloud certifications: AWS, Azure, GCPĀ
Strong preference will be given to candidates who hold one of the following industry certifications: OSWE, OSEP, OSCE, CRTO, CRTE, eCPTX, eWPTX, SANSĀ
Strong preference will be given to candidates who hold one of the following professional certifications: CISSP, CCSP, CSSLP, CISM, CRISC, PMPĀ
Education (if blank, degree and/or field of study not specified)
Degrees/Field of Study required:Degrees/Field of Study preferred:Certifications (if blank, certifications not specified)
Required Skills
Optional Skills
Accepting Feedback, Accepting Feedback, Active Listening, Agile Methodology, Analytical Thinking, Azure Data Factory, Communication, Creativity, Cybersecurity, Cybersecurity Framework, Cybersecurity Policy, Cybersecurity Requirements, Cybersecurity Strategy, Embracing Change, Emotional Regulation, Empathy, Encryption Technologies, Inclusion, Intellectual Curiosity, Learning Agility, Managed Services, Optimism, Privacy Compliance, Regulatory Response, Security Architecture {+ 8 more}Desired Languages (If blank, desired languages not specified)
Travel Requirements
Available for Work Visa Sponsorship?
Government Clearance Required?
Job Posting End Date
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index š°
Tags: Agile APIs AWS Azure Blockchain CCSP CISM CISSP Clearance Clearance Required Cloud Compliance CREST CRISC Cryptography CSSLP CVSS DevSecOps Encryption eWPT eWPTx GCP IoT OSCE OSCP OSWE OWASP Pentesting Privacy Red team Reverse engineering SANS SMTP Strategy Threat intelligence Vulnerabilities
Perks/benefits: Career development Flex hours
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.