Application Security Engineer | Senior Associate [tag01]

Job Description & Summary

The GTSEC organization is seeking a skilled and experienced to join our
organization. The will be responsible for working with vendors and application development teams to assess compliance with the firm's Information Security standards via application security review programs to ensure the confidentiality, integrity, and availability of our organization's information assets and reduce
the possibility of information breaches. The ideal candidate will possess a strong technical background, risk-based mindset, planning expertise, and exceptional relationship building skills.
If you are seeking an exciting career with the scope to grow your cyber security through major change on a global scale, then GTSEC will empower you to do so. Our mission protects 375,000 PwC members across 152 member firms worldwide as well as our global clients.
You'll work from day one as part of an international team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to:

Experience progressively responsible roles in information security and/or IT 
management.
Penetration Test Report Analysis:

• Conduct thorough analysis and interpretation of penetration testing reports to identify security vulnerabilities.
• Evaluate the severity and potential impact of identified vulnerabilities on the organization's security posture.

Vulnerability Assessment:

• Perform detailed vulnerability assessments to detect and prioritize security weaknesses.
• Utilize various tools and methodologies to ensure comprehensive coverage of potential threats.

Risk Evaluation:

• Assess the risk associated with identified vulnerabilities and provide actionable recommendations to mitigate these risks.
• Collaborate with cross-functional teams to develop and implement effective remediation strategies.

Documentation and Reporting:

• Prepare clear and concise reports summarizing the findings of vulnerability assessments and penetration tests.
• Ensure documentation is accurate, comprehensive, and accessible to relevant stakeholders.

Continuous Improvement:

• Stay updated with the latest security trends, vulnerabilities, and threat landscapes.
• Contribute to the continuous improvement of vulnerability management processes and practices.

Communication and Collaboration:

• Work closely with internal teams and external partners to ensure a coordinated approach to vulnerability management.
• Provide expert guidance and support to stakeholders in understanding and addressing security vulnerabilities.

Compliance and Standards:

• Ensure all activities comply with relevant security standards, regulations, and best practices.
• Support the organization in maintaining a robust security posture and achieving compliance objectives.

Training and Awareness:

• Assist in developing and delivering training programs to raise awareness of security vulnerabilities and best practices among employees.
• Promote a culture of security awareness across the organization.
• Demonstrable experience in stakeholder management including and influencing others through leadership interactions across a broad structure to build and maintain relationships across a network to effectively deliver security activities;
• Demonstrable abilities, and/or proven record of success, supporting and/or coordinating 
• Information Security Governance to enhance to decrease repeat findings and issues, and make other process efficiency improvements; 
• Developing team building skills that foster an inclusive and collaborative environment for stakeholders and team members;
• Writing, communicating, facilitating and presenting cogently; to and/or for all levels of audiences, and internal staff and management;
• Network Information Security concepts, principles and standards and their application in a large enterprise environment, preferably for a multi-national or global firm.

Graduation

• Bachelor’s degree in IT, IS, or Risk and Compliance related field. In addition, industry certifications are welcome; and Must speak, read.

Language

• Advanced English for conversation

#LI-DNI