Mô tả công việc
Mô tả công việc
We are PwC, a global professional services company and a Big Four firm. We are seeking candidates who have experience in penetration testing, red teaming or secure source- code review/development for the role of Senior Consultant within the Cybersecurity and Privacy team. The role may be based either at our Ho Chi Minh City office. Joining PwC, the successful candidate will have opportunities to collaborate with cybersecurity experts throughout the PwC global network and deliver cybersecurity services for clients in various sectors. ● Work/life balance with access to flexible work arrangements ● Work in a highly innovative and transformative business ● Professional certification sponsorship – to develop your talent and enhance knowledge ● Salary packaging – to suit your personal and financial circumstances
What will your typical day look like?
Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next- generation, cutting- edge products and services that deliver outstanding value and that are global in vision and scope? Work with other experts in your field? Work for a world- class organisation that provides an exceptional career experience with an inclusive and collaborative culture?
Responsibilities:
Deliver both management- level and detailed technical reporting of observations, along with assisting in giving presentations to both technical and business stakeholders. Collaborate with clients, colleagues, and technology alliance partners on identifying and developing solutions for assessing and enhancing cyber security operations. Conduct red teaming engagement and cyber- attack simulation testing to assess clients’ cybersecurity strategies Lead the team in cybersecurity assessments, covering web application and mobile application penetration testing in accordance with OWASP Top 10 framework and CWE Top 25 most dangerous software weaknesses. Research, collect and analyse cyber threat intelligence from threat actors. Engage with threat intelligence, hunting, and incident response activities to keep up to date with trends in technology, security, and the threat landscape. Lead day- to- day delivery activities, including client and internal communication management, as well as technical quality control. Lead the team in network penetration tests and vulnerability assessments to identify potential issues against network access control and network segmentation. Work actively in supporting and following up on proposal processing in accordance with client expectations on a cross- border and global multinational basis. Provide pragmatic recommendations on the identified risks. Train, coach and mentor junior team members. Continuously research and follow up on the latest IT security challenges and technologies (mobile, digital trust, IoT, cloud, blockchain etc.). Deliver complex Cybersecurity consulting and engineering projects involving diverse technologies, and multidisciplinary delivery teams and stakeholder groups. Conduct source code reviews to identify potential logical errors in program flows, misconfigurations, and exploitable vulnerabilities in the applications. Design and launch phishing attacks to generate reports for increasing awareness of employees regarding different types of phishing techniques. Engage in establishing network infrastructure for red teaming activities, including but not limited to command & control (“C2”) servers, SMTP relay mail servers, web servers, and reverse proxies.
Yêu cầu công việc
Yêu cầu công việc
You are someone with:
Ability to work under pressure and deliver quality work in tight timelines. Thorough understanding of common infrastructure and web application vulnerabilities and common vulnerability categorisations such as OWASP and CVSS. Demonstrated experience of working with diverse stakeholders Experience in penetration testing and vulnerability assessment across one of the several following domains: web and mobile applications, cloud and container security, reverse engineering, applied cryptography, networks infrastructure, etc. Excellent communication and interpersonal skills. Willingness to take on new challenges, gain new skills and work collaboratively in a dynamic and rapidly growing team. Knowledge of common software security vulnerabilities (CWE Top 25 Most Dangerous Software Weaknesses). 2+ years of proven experience in conducting either network and infrastructure or web/API or mobile application penetration testing and be able to independently manage engagement delivery. Experience in leading and supervising engagement teams in penetration testing and vulnerability assessment projects.
One of the following industry certifications: OSCP, OSWA, eWPT, eCPPT, CRTP, PNPT, CREST CRT/CCT, or equivalent
Quyền lợi
Tại sao bạn sẽ yêu thích làm việc tại đây
Annual Leaves:
Birthday leave, Sick Leave without certificate, Flexible Holidays Senior/Manager level: 20 days ++ Junior Staff/Associate: 15 days ++
Bonus: 13th salary and performance review in July annually. Others: Digital upskilling program, professional & friendly working environment, team building, flex- wear, secondment opportunity to other countries…
Cập nhật gần nhất lúc: 2025-04-29 18:45:03
