Cyber Security Consultant (Pentest) - Associate/Senior Associate

Cyber Security Consultant (Pentest) - Associate/Senior Associate

Địa Điểm Làm Việc: Hà Nội
Thương lượng 45 lượt xem - Hết hạn trong 26 ngày

Các Phúc Lợi Dành Cho Bạn

13th month salary and bonus
Laptop, professional training international environment

Mô Tả Công Việc

We are PwC, a global professional services company and a Big4 firm, and are seeking candidates who have experience in penetration testing, red teaming or secure source-code review/development to work in the Cybersecurity and Privacy team as an Associate Consultant / Penetration Tester in Hanoi Office. Joining PwC, the candidates will have opportunities to collaborate with cybersecurity experts throughout PwC global network and deliver cybersecurity services for the clients in various sectors.
- Work in a highly innovative and transformative business
- Work/life balance with access to flexible work arrangements
- Salary packaging – to suit your personal and financial circumstances
- Professional certification sponsorship – to develop your talent and enhance knowledge

What will your typical day look like?
Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cutting-edge products and services that deliver outstanding value and that are global in vision and scope? Work with other experts in your field? Work for a world-class organisation that provides an exceptional career experience with an inclusive and collaborative culture?

Responsibilities (Associate):
- Conduct cybersecurity assessments, covering web application, mobile application penetration testing in accordance with OWASP Top 10 and CWE Top 25.
- Conduct internal/external network penetration testing to assess client’s network security risk and evaluate client’s cybersecurity controls.
- Perform network vulnerability assessments to identify potential issues against network access control and network segmentation.
- Engage in red teaming engagement projects and cyber-attack simulation testing to assess client’s cybersecurity strategy.
- Engage source code reviews to identify potential logical errors in program flows, misconfigurations, and exploitable vulnerabilities in the applications.
- Research, collect and analyse cyber threat intelligence from threat actors.
- Work actively in supporting and following up proposal processing with client expectations on a cross-border and global multi-national basis.
- Continuously research and follow up the latest IT security challenges and technologies (Mobile, Digital trust, IoT, Cloud, Blockchain etc).

Responsibilities (Senior Associate):
- Lead team in cybersecurity assessments, covering web application, mobile application penetration testing in accordance with OWASP Top 10 framework and CWE Top 25 most dangerous software weaknesses.
- Lead team in network penetration tests and vulnerability assessments to identify potential issues against network access control and network segmentation.
- Conduct source code reviews to identify potential logical errors in program flows, misconfigurations, and exploitable vulnerabilities in the applications.
- Conduct red teaming engagement and cyber-attack simulation testing to assess client’s cybersecurity strategy.
- Research, collect and analyse cyber threat intelligence from threat actors.
- Engage in establishing network infrastructure for red teaming activities, including but not limited to Command & Control ("C2") server, SMTP Relay mail server, web server, and reverse proxy.
- Design and launch Phishing attacks to generate reports for increasing awareness of employees regarding different types of phishing techniques.
- Provide pragmatic recommendations on the identified risks.
- Deliver both management and detailed technical reporting of observations, along with assisting presentations to both technical and business stakeholders.
- Training, coaching and mentoring junior Penetration Testers.
- Leading the day-to-day penetration testing delivery activities, including client and internal communication management, as well as technical quality control.
- Work actively in supporting and following up proposal processing with client expectations on a cross-border and global multi-national basis.
- Continuously research and follow up the latest IT security challenges and technologies (Mobile, Digital trust, IoT, Cloud, Blockchain etc).
Xem toàn bộ Mô Tả Công Việc

Yêu Cầu Công Việc

Requirements (Associate):
- Experience in web application development and software engineering
- Knowledge of common infrastructure and web application vulnerabilities and common vulnerability categorizations such as OWASP, CVSS
- Experience in security testing, including application testing, penetration testing, and vulnerability assessment
- Experience in implementing network systems and understanding deeply about common misconfigurations leading to security vulnerabilities in network systems
- Ability to work under pressure and deliver quality work in tight timelines
- Demonstrated experience working with diverse stakeholders
- Good communication and interpersonal skills
- Willingness to take on new challenges, gain new skills and work collaboratively in a dynamic and rapidly growing team
- Training on self-development platforms (TryHackMe, HackTheBox, PentesterLabs, PortSwigger Web Security Academy, etc.)
- Thorough understanding about common software security vulnerabilities (CWE Top 25 Most Dangerous Software Weaknesses).
- Knowledge of conducting red teaming engagements and cyber-attack simulation testing
- Demonstrated knowledge of penetration testing across several of the following domains: cloud and container security, applied cryptography, networks infrastructure, etc.
- Knowledge of developing hacking scripts/tools
- Knowledge of secure development and/or DevSecOps experience, including securing code before deployment, including code review, vulnerability and dependency management
- Experience in bug bounty programs or CVE hunting is an advantage
- Preferred to hold one of the following industry certifications: OSCP, OSWA, eWPT, eCPPT, CRTP, PNPT, CREST CRT/CCT, or equivalent.
- Preferred to hold relevant cloud certifications: AWS, Azure, GCP
- Strongly preferred to hold one of the following industry certifications: OSWE, OSEP, OSCE, CRTO, CRTE, eCPTX, eWPTX, SANS.

Requirements (Senior Associate):
- You will have 3+ years proven experience in conducting either network and infrastructure or web/api or mobile application penetration testing and be able to independently manage engagement delivery.
- Experience in leading and supervising engagement teams in penetration testing and vulnerability assessment projects.
- Thorough understanding about common infrastructure and web application vulnerabilities and common vulnerability categorizations such as OWASP, CVSS.
- Knowledge about common software security vulnerabilities (CWE Top 25 Most Dangerous Software Weaknesses).
- Experience in penetration testing and vulnerability assessment across one of several following domains: web and mobile application, cloud and container security, reverse engineering, applied cryptography, networks infrastructure, etc.
- Ability to work under pressure and deliver quality work in tight timelines.
- Demonstrated experience working with diverse stakeholders.
- Excellent communication and interpersonal skills.
- Willingness to take on new challenges, gain new skills and work collaboratively in a dynamic and rapidly growing team.
- Hold one of the following industry certifications: OSCP, OSWA, eWPT, eCPPT, CRTP, PNPT, CREST CRT/CCT, or equivalent.
- Experience in conducting red teaming engagements and cyber-attack simulation testing.
- Experience in developing hacking scripts/tools.
- Secure development and/or DevSecOps experience, including securing code before deployment, including code review, vulnerability and dependency management.
- Ability to communicate strategic information security topics, policies, and standards as well as risk-related concepts to technical and nontechnical audiences.
- Experience in bug bounty programs or CVE hunting is an advantage.
- Preferred to hold relevant cloud certifications: AWS, Azure, GCP
- Strongly preferred to hold one of the following industry certifications: OSWE, OSEP, OSCE, CRTO, CRTE, eCPTX, eWPTX, SANS.
- Strongly preferred to hold one of the following professional certifications: CISSP, CCSP, CSSLP, CISM, CRISC, PMP.

Địa Điểm Làm Việc

Hà Nội, Việt Nam
Xem toàn bộ hồ sơ công ty

PwC helps organisations and individuals create the value they’re looking for. We’re a network of firms in 157 countries with more than 208,000 people who are committed to delivering quality in assurance, tax and advisory services.
PwC Vietnam has been commercially present in Vietnam since 1994, with two offices in Ho Chi Minh City and Hanoi. We also have a foreign law company in Vietnam, licensed by the Ministry of Justice, so we can provide a large variety of comprehensive services to clients, including Assurance services, Deals, Restructuring, Performance Improvement Consulting, Corporate Finance, Risk Management, Tax, Legal services and other professional services.
Our team of nearly 800 local and expatriate staff has a thorough understanding of the business environment in Vietnam and a wide knowledge of policies and procedures covering investment, tax, legal, accounting and consulting matters throughout Vietnam. PwC Vietnam is the leading firm in auditing and consulting for joint stock companies, private companies, financial institutions, state-owned enterprises, etc. Our tax consulting services are highly valued for strategic investors and leading foreign companies in Vietnam.
Our services
• Assurance services
• Advisory services
• Legal services
• Tax services

Xem toàn bộ thông tin công ty
HCM Office: Saigon Tower, 29 Le Duan, District 1, Ho Chi Minh city.
1.000-4.999 nhân viên
HR Department
Chương trình THẠC SĨ QUẢN TRỊ & THƯƠNG MẠI - Chuyên ngành THƯƠNG MẠI QUỐC TẾ | ĐẠI HỌC THĂNG LONG | ĐẠI HỌC CÔTE D’AZUR (PHÁP)

Chương trình THẠC SĨ QUẢN TRỊ & THƯƠNG MẠI - Chuyên ngành THƯƠNG MẠI QUỐC TẾ | ĐẠI HỌC THĂNG LONG | ĐẠI HỌC CÔTE D’AZUR (PHÁP)

Bằng Thạc sỹ chính quy quốc tế từ Pháp, được bộ GD-ĐT VN công nhận

Mang tính ứng dụng cao và phát triển kỹ năng quản lý

Gia nhập cộng đồng Alumni (Doanh nhân, Chủ doanh nghiệp nhiều lĩnh vực)