Job Profile Template / Last Updated: OCT 10th 2023 Page 1
Deloitte Global
Job title: Penetration Tester(Security Architect)
Global Career Level: 4
Are you energized by helping organizations protect their data and build client trust? Do you want to work in one of the world’s largest holistic internal cybersecurity organizations? If you’re interested in proactively preventing, detecting, and responding to cyber attacks across a complex global footprint, then Deloitte Global could be the perfect place for you. We’re looking for an analytical thinker passionate about cybersecurity to join our team.
Work you’ll do:
As part of the Global Cybersecurity team, responsibilities will be to work with customers to deliver technical assessments against a broad range of services, illustrative duties will include:
This roles is responsbile for providing manaual penetration testing services as part of the Global services organisation for member firms. Illustrative responsibilities;
• Assisting in technical scoping of security testing activities.
• Executing security testing;
o Web Application Penetration Testing
o Web Services / Application Programming Interface (API) Penetration Testing
o Network Penetration Testing
o Mobile Application Penetration Testing
o Thick Client Penetration Testing
• Conducting focused research when not deployed on an active project.
• Deliver necessary security findings and metrics details to business and technical leadership.
• Collaborate with cross functional teams to assess security risks in new projects and applications
• Coordinate vulnerability assessments and pentests on systems, applications, and networks
• Analyze and interpret test results, providing actionable recommendations for remediation
• Maintain and enhance the organizations pentesting tools and resources
• Stay up to date with the latest cybersecurity threats and trends
• Ensure compliance with industry standards and regulations related to pentesting and security
• Provide consultative guidance to customers on findings identified in a clear and actionable fashion both in writing and verbally.
• Enhancing and updating testing methodologies, processes and standards documentation
• Maintaining proficiency of knowledge through ongoing training paths
• Proficient at analyzing and understanding complex architecture designs.
• Ability to effectively communicate what services and capabilities our group can facilitate to our clients.
This Deloitte Global role requires limited to no travel.
Job Profile Template / Last Updated: OCT 10th 2023 Page 2
What you’ll be part of—our Deloitte Global culture:
At Deloitte, we expect results. Incredible—tangible—results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and lead global strategies and provide programs and services that unite our network.
In Deloitte Global, everyone has an opportunity to lead. We see the importance of your perspective and your ability to create value. We want you to fit in—with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out—with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.
Deloitte Global supports our talented professionals in answering the question: What impact will you make?
Who you’ll work with:
The Deloitte Global Cybersecurity function is responsible for enhancing data protection, standardizing and securing critical infrastructure, and gaining cyber visibility through security operations centers. The Cybersecurity organization delivers a comprehensive set of security services to Deloitte’s global network of firms around the globe.
Qualifications
To be considered for this role, there are certain qualifications you’ll have to have. And others that would be really, really nice.
Required:
The following skills are required for the role;
• Minimum 5 years’ experience working in a professional environment preferably as part of an operational security function (Penetration testing)
• Bachelor’s degree in a business or cyber security domain; or Candidates with relevant work experience in an appropriate field.
• Experiance using common testing tools like Burp, OWASP ZAP, Metasploit, Postman, Swagger, NMAP, Qualys, SQLMap, others.
• Experienced with Kali Linux or other dedicated Penetration Testing OS Platform is required.
• Advance Network penetration testing, Application Penetration Testing and architectural security principles is required.
• Familiarity with software security weakness and vulnerabilities
• Working knowledge of one scripting language
• Familiarity with at least one software programming language and framework
• Demonstrated experience working with diverse stakeholders, preferably on a global multi-national basis
• Ability to manage concurrent initiatives and use effective judgment in prioritization and time management
• Strong written and verbal communication skills
Job Profile Template / Last Updated: OCT 10th 2023 Page 3
Experience:
One or more following Cyber security related certifications/designations is mandatory, such as:
• Certified Ethical Hacker (CEH)
• Offensive Certified Security Professional (OSCP)
• Any GIAC Certification (GSEC, GWAB, GPEN, GMOB, GCPN)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA)
Preferred:
Knowledge or awareness of the following would be desirable
• OWASP Application Security Top 10
• OWASP API Security Top 10
• OWASP Thick Client Top 10
• MITRE ATT&CK Framework
• Cloud Service testing
• Reverse Engineering
• Static Application Software Testing (SAST)
• Dynamic Application Testing (DAST)
How you’ll grow:
Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible.
Benefits you’ll receive:
Deloitte’s Total Rewards program reflects our continued commitment to lead from the front in everything we do — that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.
Recruiting tips
Benefits
At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.
Our people and culture
Our purpose
Professional development