Penetration Tester, Cyber Risk Services – Risk Advisory

• Point of contact for our clients regarding all service management related aspects

• Stakeholder management, including presentations to management and reporting

• Perform quality reviews of penetration testing reports

• Lead manual infrastructure, web & mobile application and IoT penetration test assignments

• Support/lead vulnerability management programs to help clients with their Secure Software Development Lifecycle

• Perform offensive and defensive security (Red and Blue teaming) assessments.

• Be responsible for performing security configuration reviews

• Conduct manual and automated security code reviews

• Perform large security assessments such as Red Teaming

• Train clients or colleagues in conducting penetration testing

• Present assessment results to management and explain the steps required for remediation

• Multi-year experience in leading penetration testing managed services

• Experience in leading penetration testing teams and in training junior penetration testers

• Experience in reviewing penetration test reports and quality assurance

• Experienced with malware reverse engineering and code review

• Exposure to a variety of industries inclusive but not exhaustive to; FSI and HCLS

• Experience with Red teaming exercises. Experience in Blue/Purple teaming is advantageous

• At least ten years of experience in penetration testing (including Web, Mobile and Thick client applications and infrastructure), reverse engineering or Red teaming

• At least one of the following certifications such as OSCP, SANS GWAPT, SANS GPEN, SANS GMOB or SANS GXPN.

• Strong interpersonal skills as well as the proven ability to develop long-lasting relationships, influence stakeholders, and negotiate agreements are expected.

• Proven ability to communicate with senior management

• You will have strong analytical and problem solving skills and the ability to articulate complex concepts in a clear and concise manner.

• Fluent English, both written and verbal are mandatory; German or French skills are strongly desired. One of these three languages ought to be native level.

In a rapidly changing world where information is the new currency, the corresponding information security and privacy have become a board level challenge. Deloitte has the largest Cyber capability of the Big 4 in the European marketplace with over 600 Cyber Risk Specialists staffing thousands of client engagements. The team combines a wealth of deep industry knowledge and technical expertise.

Within the Cyber team, we provide our clients a full spectrum of security and privacy services, from strategy to large-scale transformation programmes, fixing security issues and delivering tangible benefits.

Leading security and privacy experts with the right level of intellectual curiosity drive our business. You will be continuously challenged, build leadership skills and long lasting relationships with a team that respects you and is fun to work with. In addition, you can drill deep and become a specialist within an industry sector or grow as a generalist.

The environment at Deloitte is made up of intellectually curious, smart people; including world class security and privacy experts. Your mix of work will help foster your leadership skills and you’ll develop relationships with a team that you respect and have fun with. In addition, you will have the opportunity to identify areas of work which are of particular interest to you. You can drill deep and become an expert, grow as a generalist or develop a specialism within an industry sector.