Penetration Tester

PwC ,
London, Greater London

Overview

Job Description

Line of Service Assurance Industry/Sector TMT X-Sector Specialism Cybersecurity & Privacy Management Level Manager Job Description & Summary About PwC A career at PwC is more than "just" a job. It's about being part of a purpose-led firm that builds trust in society and solve important problems. We help our clients to make informed decisions and operate effectively within them. At PwC, we are committed to making a difference for each other, our clients, and our community - by empowering you to be the best version of yourself and investing in your growth. You'll be able to develop as a leader, be well-connected, work in a great environment, explore our benefits and make a positive contribution. With PwC, you'll ignite a meaningful career while being supported by a strong coaching and people-oriented culture, our Flex policies (Flex Space, Flex Dress and Flex Time), innovative learning and development programs (training programs, digital upscaling) as well as mobility opportunities. If you would like to be connected to like-minded individuals outside of work, we highly encourage you to be part of our people clubs and committees such as the Sports and Recreational Club, Toastmasters Club and more! A career in our Risk and Security Controls practice, within Information Technology Risk Assurance services, will allow you to develop and apply strategies that help clients leverage enterprise technologies so they can get a higher return on their investment, mitigate risks, streamline processes, and find operational inefficiencies. We assist clients in understanding and challenging their current risk profiles and develop strategies to build digital confidence by embracing opportunities to stay competitive through building trust and resilience into their technology systems. We cover a wide range of disciplines, including risk evaluation, operational and strategic Information Technology processes, project governance, application implementation, data integrity, cyber security, and accounting/audit. Our team helps organizations analyses and assess the security environment and application of our client's information technology systems. You'll help develop strategies to increase the reliability of system outputs, enhancing systems security and integrity, and developing strategies for ongoing maintenance .Together we can build trust in society and solve important problems. How will you value-add? * Perform technical security assessments such as penetration testing, source code review, security system configuration on various cyber assets including web, mobile, network and Internet of Things devices. * Deliver client engagements effectively and efficiently as team member as well as team lead role. * Articulate and present security vulnerabilities fluently in both written and verbal forms to clients' stakeholders. About you * Being well-versed in performing penetration tests, secure design and code reviews. * Being skilful in using and interpreting results from common security tools including but not limited to Burp Suite, Nessus, OpenVAS, Yersinia, Scapy, Wireshark, Nmap (with advanced options), SQLMap, SSLyze, THC-IPV6, BeEF and other tools in PenToo or Kalinux distro. * Familiarity with industry standard classification schemes such as CVE, CVSS, CWE, CAPEC. * Familiarity with MAS TRM and ABS guidelines. * Experience with basic to intermediate working knowledge of Unix, Linux, Windows, network devices, firewalls, web and/or mobile application developments. * Be able to conduct and simulate manual penetration tests. * Be able to code at least in one scripting language: Ruby, Python, Perl or Burp Suite Plugin Scripting. * Willing to develop tools or scripts as necessary so as to create proof-of-concept in challenging engagements. * Possess strong analytical mind in analysing, and verifying findings from security tools. * Willing to conduct security research as necessary to discover critical hidden vulnerabilities. * Possess relentless self-motivation and passion to explore new technologies, learn new penetration testing techniques and tools, and circumvent security controls imposed in hardened applications. * Possess good interpersonal communication skills and helping mind in team-oriented environment. * Possess either Offensive Security Certified Professional (OSCP) or CREST certifications would be greatly beneficial. As the team experience high volume of applications, we regret to inform that only shortlisted candidates will be notified. Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Degrees/Field of Study preferred: Certifications (if blank, certifications not specified) Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? Yes Government Clearance Required? Yes Job Posting End Date