What will your typical day look like?
As part of the team, you’ll be responsible for shaping, executing and leading penetration testing engagements to identify security weaknesses within client’s IT environments, reporting on vulnerabilities and making recommendations for their remediation. You will be a key part of the team and looked to as a subject matter expert to help support and mentor other team members.
In this role you will respond to client requests, anticipating and meeting client problems and needs using innovative approaches when applicable. You will be involved in all aspects of security and vulnerability management engagements which include but are not limited to:
Network and host layer vulnerability assessments
Firewall, networking and security device reviews
Web application assessments
Social Engineering through targeting the physical security of the infrastructure or buildings.
Source code reviews using manual and automated tools, including:
Native application assessments
Mobile Application assessments
Malware reverse engineering
Closing meetings to present findings to the client
Detailed reporting and proposal writing
About the team
Positioned first globally in Security Consulting Services for the 6th year in a row? Yep, that’s Deloitte. The cyberspace is constantly evolving and so are the threats that it brings. That’s why our work is more meaningful (and exciting!) than ever. Always one step ahead, we predict risks and safeguard our clients through end-to-end solutions. More importantly, we help clients unlock new opportunities through safer and more secure systems and policies.
Enough about us, let’s talk about you.
We are currently looking for a Senior Penetration Tester with the below experience and qualification:
Hold a current CREST Certified Tester (CCT) in either Infrastructure or Web Applications or similar certification or be in a position and level to pass the exam for the certification
Experience in Red Team engagements. With a capability in line with CREST UK’s Certified Simulated Attack Specialist certification and CBEST assessments
Experience of working with applications that perform a wide range of business functions – ideally across multiple industries
Ability to understand and assess applications from both a technical and business function perspective
Good experience in performing web application penetration testing and development of supporting business and technical level reporting
Innovative and analytical in your approach to performing penetration testing, particularly of novel devices and environments
Capable of working to strict deadlines and prioritising work appropriately
The ability to develop scripts or code to automate testing and develop bespoke attacks
Good communication skills with an ability to explain complex technical issues to non-technical business clients
Excellent written skills with demonstrated ability to write reports and proposals. Including the ability to discuss findings in a risk perspective with clear remediation advice specific to the client’s environment.
Experience in one or more of the following:
API’s and Microservices
Application vulnerability assessment
Mobile platforms (iOS/Android/Windows/etc)
Practical exposure to security appliances such as firewalls, proxies, NIPS/HIPS and network security applications
Working knowledge of web concepts such as Ajax, XML, SOAP, WS-Security
Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP) and National Institute of Standards and Technology (NIST) Special Publications.
Familiarity with penetration testing and vulnerability tools such as backtrack, dsniff nessus, nmap, MetaSploit, CoreImpact, nCircle, Qualys, tcpdump, wireshark, Nikto, netstumbler, Hailstorm, WebInspect etc.
Strong programming experience with Visual Basic and C/C++ or Java languages
Networking: LAN, WAN, interworking technologies
Good understanding of IaaS environments like Azure, AWS and GCP