Senior Associate - Cyber Security Consultant

We are PwC, a global professional services company and a Big Four firm. We are seeking candidates who have experience in penetration testing, red teaming or secure source-code review/development for the role of Senior Consultant/Penetration Tester within the Cybersecurity and Privacy team. The role may be based either at our Hanoi office or Ho Chi Minh City offices. Joining PwC, the successful candidate will have opportunities to collaborate with cybersecurity experts throughout the PwC global network and deliver cybersecurity services for clients in various sectors.
● Work in a highly innovative and transformative business
● Work/life balance with access to flexible work arrangements
● Salary packaging - to suit your personal and financial circumstances
● Professional certification sponsorship - to develop your talent and enhance knowledge
What will your typical day look like?
Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cutting-edge products and services that deliver outstanding value and that are global in vision and scope? Work with other experts in your field? Work for a world-class organisation that provides an exceptional career experience with an inclusive and collaborative culture?
Responsibilities:
- Lead the team in cybersecurity assessments, covering web application and mobile application penetration testing in accordance with OWASP Top 10 framework and CWE Top 25 most dangerous software weaknesses.
- Lead the team in network penetration tests and vulnerability assessments to identify potential issues against network access control and network segmentation.
- Conduct source code reviews to identify potential logical errors in program flows, misconfigurations, and exploitable vulnerabilities in the applications.
- Conduct red teaming engagement and cyber-attack simulation testing to assess clients' cybersecurity strategies
Research, collect and analyse cyber threat intelligence from threat actors.
- Engage in establishing network infrastructure for red teaming activities, including but not limited to command & control ("C2") servers, SMTP relay mail servers, web servers, and reverse proxies.
- Design and launch phishing attacks to generate reports for increasing awareness of employees regarding different types of phishing techniques.
- Provide pragmatic recommendations on the identified risks.
- Deliver both management-level and detailed technical reporting of observations, along with assisting in giving presentations to both technical and business stakeholders.
- Train, coach and mentor junior penetration testers.
- Lead day-to-day penetration testing delivery activities, including client and internal communication management, as well as technical quality control.
- Work actively in supporting and following up on proposal processing in accordance with client expectations on a cross-border and global multinational basis.
- Continuously research and follow up on the latest IT security challenges and technologies (mobile, digital trust, IoT, cloud, blockchain etc.)