Line of Service AssuranceIndustry/Sector Not ApplicableSpecialism Conduct and ComplianceManagement Level AssociateJob Description & Summary We are PwC, a global professional services company and a Big Four firm. We are seeking candidates who have experience in penetration testing, red teaming or secure source-code review/development for the role of Associate Consultant/Penetration Tester within the Cybersecurity and Privacy team. The role may be based at either our Hanoi office or Ho Chi Minh City office. Joining PwC, the successful candidate will have opportunities to collaborate with cybersecurity experts throughout the PwC global network and deliver cybersecurity services for clients in various sectors.Work in a highly innovative and transformative businessWork/life balance with access to flexible work arrangementsSalary packaging – to suit your personal and financial circumstancesProfessional certification sponsorship – to develop your talent and enhance knowledgeWhat will your typical day look like?Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cutting-edge products and services that deliver outstanding value and that are global in vision and scope? Work with other experts in your field? Work for a world-class organisation that provides an exceptional career experience with an inclusive and collaborative culture?Responsibilities:Conduct cybersecurity assessments, covering web application and mobile application penetration testing in accordance with OWASP Top 10 and CWE Top 25Conduct internal/external network penetration testing to assess clients’ network security risks and evaluate clients’ cybersecurity controlsPerform network vulnerability assessments to identify potential issues against network access controls and network segmentationEngage in red teaming engagement projects and cyber-attack simulation testing to assess clients’ cybersecurity strategiesEngage source code reviews to identify potential logical errors in program flows, misconfigurations, and exploitable vulnerabilities in applicationsResearch, collect and analyse cyber threat intelligence from threat actorsWork actively in supporting and following up on proposal processing in accordance with client expectations on a cross-border and global multinational basisContinuously research and follow up on the latest IT security challenges and technologies (mobile, digital trust, IoT, cloud, blockchain etc.)You are someone with:Experience in web application development and software engineeringKnowledge of common infrastructure and web application vulnerabilities and common vulnerability categorisations such as OWASP, CVSSExperience in security testing, including application testing, penetration testing, and vulnerability assessmentExperience in implementing network systems and deep understanding of common misconfigurations leading to security vulnerabilities in network systemsAbility to work under pressure and deliver quality work in tight timelinesDemonstrated experience of working with diverse stakeholdersGood communication and interpersonal skillsWillingness to take on new challenges, gain new skills and work collaboratively in a dynamic and rapidly growing teamTraining on self-development platforms (TryHackMe, HackTheBox, PentesterLabs, PortSwigger Web Security Academy, etc.)Preferred:Thorough understanding of common software security vulnerabilities (CWE Top 25 Most Dangerous Software Weaknesses)Experience of conducting red teaming engagements and cyber-attack simulation testingDemonstrated knowledge of penetration testing across several domains such as cloud and container security, applied cryptography, networks infrastructure, etc.Knowledge of developing hacking scripts/toolsKnowledge of secure development and/or DevSecOps experience, including experience in securing code before deployment, code review, and vulnerability and dependency managementExperience in bug bounty programs or CVE hunting is an advantagePreference will be given to candidates who hold one of the following industry certifications: OSCP, OSWA, eWPT, eCPPT, CRTP, PNPT, CREST CRT/CCT, or equivalentPreference will be given to candidates who hold relevant cloud certifications: AWS, Azure, GCPStrong preference will be given to candidates who hold one of the following industry certifications: OSWE, OSEP, OSCE, CRTO, CRTE, eCPTX, eWPTX, SANSEducation (if blank, degree and/or field of study not specified) Degrees/Field of Study required:Degrees/Field of Study preferred:Certifications (if blank, certifications not specified)Required SkillsOptional Skills Accepting Feedback, Accepting Feedback, Active Listening, Agile Methodology, Azure Data Factory, Communication, Cybersecurity, Cybersecurity Framework, Cybersecurity Policy, Cybersecurity Requirements, Cybersecurity Strategy, Emotional Regulation, Empathy, Encryption Technologies, Inclusion, Intellectual Curiosity, Managed Services, Optimism, Privacy Compliance, Regulatory Response, Security Architecture, Security Compliance Management, Security Control, Security Incident Management, Security Monitoring {+ 3 more}Desired Languages (If blank, desired languages not specified)Travel RequirementsAvailable for Work Visa Sponsorship?Government Clearance Required?Job Posting End Date
