DRSC T&T: VAPT, Director

Title: DRSC T&T: VAPT (based in KL) – Director

Are you ready to unleash your potential?

At Deloitte, our purpose is to make an impact that matters for our clients, our people, and the communities we serve. 

We believe we have a responsibility to be a force for good, and WorldImpact is our portfolio of initiatives focused on making a tangible impact on society’s biggest challenges and creating a better future. We strive to advise clients on how to deliver purpose-led growth and embed more equitable, inclusive as well as sustainable business practices.

Hence, we seek talented individuals driven to excel and innovate, working together to achieve our shared goals.

We are committed to creating positive work experiences that foster a culture of respect and inclusion, where diverse perspectives are celebrated, and everyone is recognized for their contributions.

 Ready to unleash your potential with us? Join the winning team now!

What you will do

As a VAPT Director, you take on a pivotal leadership role, spearheading comprehensive vulnerability assessments and penetration testing strategies to safeguard organizations against ever-evolving cyber threats. You are the visionary leader behind developing and executing testing frameworks that uncover security weaknesses across infrastructure, applications, and processes. Collaborating with cross-functional teams, you provide critical insights and solutions that enhance clients' security posture while ensuring compliance with industry standards. Your expertise extends beyond technical execution—you inspire, mentor, and develop a high-performing team, fostering innovation and continuous improvement in cybersecurity practices.

You will:

• Lead and manage the end-to-end execution of vulnerability assessments and penetration testing (VAPT) engagements.
• Develop and implement VAPT methodologies in line with industry standards (e.g., OWASP, OSSTMM, NIST).
• Oversee the identification, exploitation, and analysis of vulnerabilities across networks, systems, and applications.
• Provide strategic guidance and actionable recommendations to mitigate identified risks.
• Collaborate with clients to understand their security requirements, ensuring tailored solutions that address their specific needs.
• Present comprehensive reports and deliver technical findings in a clear, business-oriented manner to senior stakeholders.
• Stay ahead of emerging security threats, tools, and techniques to enhance service offerings.
• Mentor and lead a team of security professionals, fostering knowledge sharing and career development.
• Ensure VAPT services comply with regulatory standards and client expectations.
• Drive continuous improvement initiatives within the VAPT practice to improve efficiency, accuracy, and value delivery.

Requirements 

• 10+ years of experience in cybersecurity with a focus on Vulnerability Assessment and Penetration Testing (VAPT), including at least 3-5 years in a leadership role.
• Strong expertise in penetration testing tools (e.g., Burp Suite, Metasploit, Nmap, Nessus, Kali Linux) and scripting languages (e.g., Python, Bash, PowerShell).
• In-depth understanding of security frameworks and standards (e.g., OWASP, OSSTMM, NIST, PCI-DSS, ISO 27001).
• Proven track record of conducting and leading assessments across web applications, networks, cloud environments, and mobile platforms.
• Experience in threat modeling, risk assessment, and developing mitigation strategies.
• Solid understanding of exploit development, reverse engineering, and advanced attack techniques.
• Familiarity with cloud security (AWS, Azure, GCP) and securing DevSecOps environments is a plus.

• Demonstrated ability to lead, mentor, and develop high-performing teams of security professionals.
• Strong project management skills, capable of overseeing multiple complex engagements simultaneously.
• Excellent communication and presentation skills—able to translate technical findings into actionable business recommendations.
• Ability to build client relationships and work collaboratively with cross-functional teams, including senior executives.
• Proven problem-solving skills with a proactive approach to identifying and addressing challenges.

• Industry-recognized certifications such as:
  • OSCP, OSCE, OSEP (Offensive Security certifications)
  • CISSP, CISM (for broader cybersecurity leadership and management)
  • CREST, CEH, GPEN, GWAPT or equivalent certifications

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Security, or a related field.
• Equivalent experience and certifications may be considered in place of a formal degree.

Due to volume of applications, we regret that only shortlisted candidates will be notified.

Please note that Deloitte will never reach out to you directly via messaging platforms to offer you employment opportunities or request for money or your personal information. Kindly apply for roles that you are interested in via official Deloitte website.