PwC

Senior Associate - Cyber Security Consultant, GRC/Pentest

PwC

full-time

Posted on:

Location Type: Office

Location: Ho Chi Minh City • 🇻🇳 Vietnam

Visit company website
AI Apply
Apply

Job Level

Senior

Tech Stack

AWSAzureCloudCyber SecurityGoogle Cloud PlatformIoTPMPSMTP

About the role

  • Lead the team in cybersecurity assessments, covering web application and mobile application penetration testing in accordance with OWASP Top 10 framework and CWE Top 25
  • Lead the team in network penetration tests and vulnerability assessments to identify potential issues against network access control and network segmentation
  • Conduct source code reviews to identify potential logical errors, misconfigurations, and exploitable vulnerabilities
  • Conduct red teaming engagement and cyber-attack simulation testing to assess clients’ cybersecurity strategies
  • Research, collect and analyse cyber threat intelligence from threat actors
  • Establish network infrastructure for red teaming activities (C2 servers, SMTP relay, web servers, reverse proxies)
  • Design and launch phishing attacks to generate awareness reports for employees
  • Provide pragmatic recommendations on identified risks
  • Deliver both management-level and detailed technical reporting and present to technical and business stakeholders
  • Deliver complex cybersecurity consulting and engineering projects involving diverse technologies and multidisciplinary teams
  • Collaborate with clients, colleagues, and technology partners to identify and develop assessment and remediation solutions
  • Engage with threat intelligence, hunting, and incident response activities to stay current with threat landscape
  • Train, coach and mentor junior team members
  • Lead day-to-day delivery activities including client and internal communication management and technical quality control
  • Support and follow up on proposal processing for cross-border and multinational clients
  • Continuously research and follow up on latest IT security challenges and technologies (mobile, digital trust, IoT, cloud, blockchain)

Requirements

  • 3+ years of proven experience in conducting either network and infrastructure or web/API or mobile application penetration testing and be able to independently manage engagement delivery
  • Experience in leading and supervising engagement teams in penetration testing and vulnerability assessment projects
  • Thorough understanding of common infrastructure and web application vulnerabilities and common vulnerability categorisations such as OWASP and CVSS
  • Knowledge of common software security vulnerabilities (CWE Top 25 Most Dangerous Software Weaknesses)
  • Experience in penetration testing and vulnerability assessment across domains: web and mobile applications, cloud and container security, reverse engineering, applied cryptography, networks infrastructure
  • Ability to work under pressure and deliver quality work in tight timelines
  • Demonstrated experience of working with diverse stakeholders
  • Excellent communication and interpersonal skills
  • Willingness to take on new challenges, gain new skills and work collaboratively
  • One of the following industry certifications: OSCP, OSWA, eWPT, eCPPT, CRTP, PNPT, CREST CRT/CCT, or equivalent
  • Preferred: Experience in conducting red teaming engagements and cyber-attack simulation testing
  • Preferred: Experience in developing hacking scripts/tools
  • Preferred: Secure development and/or DevSecOps experience, including securing code before deployment, code review, and vulnerability and dependency management
  • Preferred: Experience in bug bounty programs or CVE hunting is an advantage
  • Preference for relevant cloud certifications: AWS, Azure, GCP
  • Strong preference for advanced offensive/security certifications: OSWE, OSEP, OSCE, CRTO, CRTE, eCPTX, eWPTX, SANS
  • Strong preference for professional certifications: CISSP, CCSP, CSSLP, CISM, CRISC, PMP
  • Travel Requirements: 0%
  • Available for Work Visa Sponsorship? No
  • Government Clearance Required? No
Benefits
  • Work/life balance with access to flexible work arrangements
  • Salary packaging – to suit your personal and financial circumstances
  • Professional certification sponsorship – to develop your talent and enhance knowledge

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
penetration testingvulnerability assessmentsource code reviewred teamingcyber threat intelligencephishing attackscloud securityreverse engineeringapplied cryptographyDevSecOps
Soft skills
leadershipcommunicationinterpersonal skillscollaborationproblem-solvingmentoringtime managementadaptabilityteam managementstakeholder engagement
Certifications
OSCPOSWAeWPTeCPPTCRTPPNPTCREST CRTOSWECISSPPMP