About the Role
As part of the Deloitte Offensive Security team, you will be responsible for defining, carrying out, and overseeing penetration testing projects to uncover security vulnerabilities in clients' IT systems.
You will be required to report on identified vulnerabilities and provide recommendations for remediation. Additionally, you will play a crucial role in the team, with other members looking to you as a subject matter expert for guidance and mentorship.
Key Responsibilities:
* Respond to client requests, anticipating and meeting client problems and needs using innovative approaches when applicable.
* Be involved in all aspects of security and vulnerability management engagements, including:
1. Network and host layer penetration tests and vulnerability assessments
2. Firewall, networking, and security device reviews
3. Web application assessments
4. API assessments
5. Mobile application assessments
6. Red Teaming - targeting technical, physical, and human layers of an organisation's security controls.
7. Source code reviews using manual and automated tools.
8. Malware reverse engineering
9. Wireless Assessments
10. Closing meetings to present findings to the client.
11. Detailed reporting and proposal writing
About the Team
Deloitte is positioned first globally in Security Consulting Services for the 6th year in a row.
The cyberspace is constantly evolving, and so are the threats that it brings. That's why our work is more meaningful (and exciting) than ever.
We predict risks and safeguard our clients through end-to-end solutions, helping them unlock new opportunities through safer and more secure systems and policies.
Requirements
* Hold a current OSCP or CREST Certified Tester (CCT) in either Infrastructure or Web Applications or similar certification or be in a position and level to pass the exam for the certification
* For more senior roles, experience in Red Team engagements. With a capability in line with the CORIE framework or similar (e.g. CBEST, TIBER)
* Ability to understand and assess applications from both a technical and business function perspective
* Good experience in performing web application penetration testing and development of supporting business and technical-level reporting
* Innovative and analytical in your approach to performing penetration testing, particularly of novel devices and environments
* Capable of working to strict deadlines and prioritising work appropriately
* The ability to develop scripts or code to automate testing and develop bespoke attacks
* Good communication skills with an ability to explain complex technical issues to non-technical business clients
* Excellent written skills with demonstrated ability to write reports and proposals. Including the ability to discuss findings from a risk perspective with clear remediation advice specific to the client's environment.
Preferred Experience:
* Reverse engineering
* Web Applications
* APIs and Microservices
* Exploit Development
* Application vulnerability assessment
* Mainframe systems
* Mobile platforms (iOS/Android/Windows/etc)
* Social Engineering
* Endpoint protection
* Practical exposure to security appliances such as firewalls, proxies, NIPS/HIPS and network security applications
* Working knowledge of web concepts such as Ajax, XML, SOAP, and WS-Security
* Familiarity with the Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP) and National Institute of Standards and Technology (NIST) Special Publications.
Why Deloitte?
We focus our energy on interesting and impactful work, always learning, innovating, and setting the standard; making a positive difference to our clients and our society.
We put coaching at the heart of what we do, helping our people grow their careers in any direction – whether it be up, moving into something new, or even moving across the world.
We embrace diversity, equity, and inclusion, cultivating a safe space where everyone can belong.
We prioritise flexibility and choice, giving our people trust on Day 1 to design their work week around their client, team, and personal commitments.
We help you live and work well, offering a range of perks and benefits, including retail discounts, wellbeing leave, paid volunteering days, twelve flexible working options, market-leading parental leave, and return to work support package.