CD&E-Cyber Security- Penetration Testing-Manager- Bangalore

Line of Service

Advisory

Industry/Sector

Not Applicable

Specialism

Cybersecurity & Privacy

Management Level

Manager

Job Description & Summary

At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data.

Those in penetration testing at PwC will focus on penetration testing (or pen testing) which is a security exercise where a cybersecurity consultant attempts to find and exploit vulnerabilities in a computer system. The purpose of this simulated attack is to identify any weak spots in a system's defences which attackers could take advantage of.

Enhancing your leadership style, you motivate, develop and inspire others to deliver quality. You are responsible for coaching, leveraging team member’s unique strengths, and managing performance to deliver on client expectations. With your growing knowledge of how business works, you play an important role in identifying opportunities that contribute to the success of our Firm. You are expected to lead with integrity and authenticity, articulating our purpose and values in a meaningful way. You embrace technology and innovation to enhance your delivery and encourage others to do the same.

Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to:

• Analyse and identify the linkages and interactions between the component parts of an entire system.
• Take ownership of projects, ensuring their successful planning, budgeting, execution, and completion.
• Partner with team leadership to ensure collective ownership of quality, timelines, and deliverables.
• Develop skills outside your comfort zone, and encourage others to do the same.
• Effectively mentor others.
• Use the review of work as an opportunity to deepen the expertise of team members.
• Address conflicts or issues, engaging in difficult conversations with clients, team members and other stakeholders, escalating where appropriate.
• Uphold and reinforce professional and technical standards (e.g. refer to specific PwC tax and audit guidance), the Firm's code of conduct, and independence requirements.

As a Manager, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to:

• Pursue opportunities to develop existing and new skills outside of comfort zone.
• Act to resolve issues which prevent effective team working, even during times of change and uncertainty.
• Coach others and encourage them to take ownership of their development.
• Analyse complex ideas or proposals and build a range of meaningful recommendations.
• Use multiple sources of information including broader stakeholder views to develop solutions and recommendations.
• Address sub-standard work or work that does not meet firm's/client's expectations.
• Develop a perspective on key global trends, including globalisation, and how they impact the firm and our clients.
• Manage a variety of viewpoints to build consensus and create positive outcomes for all parties.
• Focus on building trusted relationships.
• Uphold the firm's code of ethics and business conduct.

Job Requirements and Preferences:
Basic Qualifications:
Minimum Degree Required:
Bachelor Degree
Minimum Years of Experience:
5 year(s)

Preferred Qualifications:
Preferred Fields of Study:
Computer and Information Science, Information CyberSecurity, Information Technology, Management Information Systems, Computer Applications, Computer Engineering

Certification(s) Preferred:

Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), Certified as GIAC Web Application Penetration Tester (GWAPT)

Preferred Knowledge/Skills:

Demonstrates extensive abilities and/or a proven record of success in the following areas: 

• Technical concepts such as application security, network segregation, access controls, IDS/IPS devices, physical security, and information security risk management; 
• Security testing tools, such as BurpSuite, Mimikatz, Cobalt Strike, PowerSploit, Metasploit, Nessus, HP Web Inspect, or other tools included within the Kali Linux distribution; 
• Networking protocols, TCP/IP stack, systems architecture, and operating systems; 
• Common programming and scripting languages, such as Python, PowerShell, Ruby, Perl, Bash, JavaScript, or VBScript; 
• Well-known Cybersecurity frameworks and industry-leading practices such as OWASP, NIST CSF, PCI DSS, and NY-DFS; and, 
• Traditional security operations, event monitoring, and Security Information and Event Management (SIEM) tools.

Demonstrates extensive abilities and/or a proven record of success in the following areas: 

• Performing penetration testing activities within a client’s environment, emphasizing manual stealthy testing techniques; 
• Presenting technical topics at conferences highlighting aspects of adversary attack simulations, technical attack techniques, risk management, custom malware design, or zero day attacks;
• Leading and executing stealthy penetration testing, advanced red team, or adversary simulation engagements using commercially / freely available offensive security tools and utilities built into operating systems; 
• Understanding Windows and Linux operating system setup, management, and power usage, e.g., cmd, bash, network troubleshooting, virtual machines; 
• Identifying security critical vulnerabilities without utilizing a vulnerability scanning tool, i.e., knowledge of exploitable vulnerabilities and ability to execute stealthy penetration testing engagements; 
• Compromising Active Directory environments and demonstrating business impact by identifying and obtaining access to business critical assets/information; 
• Performing social engineering / phishing activities such as reconnaissance of targets, developing phishing campaigns (e.g., emails and websites), web hosting administrator, developing malicious phishing payloads, or pivoting through phished systems; 
• Performing and supervising various workstreams of client engagements that emphasize identifying and addressing client needs; 
• Participating actively in client discussions and meetings and communicating a broad range of potential add-on services based on identified weaknesses; 
• Managing engagements with junior staff; 
• Preparing concise and accurate documents, leveraging and utilizing MS Office and Google Docs to complete related project deliverables, as necessary; 
• Balancing project economics management with the occurrence of unanticipated issues. 
• Creating a positive environment by monitoring workloads of the team while meeting client expectations and respecting the work-life quality of team members; 
• Proactively seeking guidance, clarification, and feedback; and, 
• Keeping leadership informed of progress and issues.

Job Requirements and Preferences:

Basic Qualifications:

Minimum Degree Required:
Bachelor Degree

Minimum Years of Experience:
5 year(s)

Preferred Qualifications:

Preferred Fields of Study:
Computer and Information Science, Information CyberSecurity, Information Technology, Management Information Systems, Computer Applications, Computer Engineering

Certification(s) Preferred:

Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), Certified as GIAC Web Application Penetration Tester (GWAPT)

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required:

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Optional Skills

Accepting Feedback, Accepting Feedback, Active Listening, Analytical Thinking, Bash (Programming Language), Coaching and Feedback, Common Vulnerability Scoring System (CVSS), Communication, Creativity, Cybersecurity, Embracing Change, Emotional Regulation, Empathy, Encryption, Ethical Hacking, Firewall (Network Security), Inclusion, Information Security, Information Security Management System (ISMS), Information Security Risk Assessments, Intellectual Curiosity, Intrusion Detection System (IDS), IT Infrastructure, Kali Linux, Learning Agility {+ 30 more}

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Not Specified

Available for Work Visa Sponsorship?

No

Government Clearance Required?

No

Job Posting End Date