Associate - Security Testing/VAPT

Line of Service

Advisory

Industry/Sector

FS X-Sector

Specialism

Risk

Management Level

Associate

Job Description & Summary

Exclusive hiring - Inviting candidates with differing abilities to apply

A career within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. We play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats.

VAPT

A career within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. We play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats.

Preferred Knowledge/Skills

Demonstrates thorough knowledge and/or a proven record of success in the following areas:

• Technical concepts such as application security, network segregation, access controls, IDS/IPS devices, physical security, and information security risk management.

• Security testing tools, such as Burp Suite, Mimikatz, Cobalt Strike, PowerSploit, Metasploit, Nessus, HP Web Inspect, or other tools included within the Kali Linux distribution;

• Networking protocols, TCP/IP stack, systems architecture, and operating systems;

• Common programming and scripting languages, such as Python, PowerShell, Ruby, Perl, Bash, JavaScript, or VBScript;

• Well-known Cybersecurity frameworks and industry-leading practices such as OWASP, NIST CSF, PCI DSS, and NY-DFS; and,

• Traditional security operations, event monitoring, and Security Information and Event Management (SIEM) tools.
  

Demonstrates thorough abilities and/or a proven record of success in the following areas:

• Performing penetration testing activities within a client’s environment, emphasizing manual stealthy testing techniques;

• Executing stealthy penetration testing, advanced red team, or adversary simulation engagements using commercially / freely available offensive security tools and utilities built into operating systems;

• Understanding Windows and Linux operating system setup, management, and power usage, e.g., cmd, bash, network troubleshooting, virtual machines; .

• Identifying security critical vulnerabilities without utilizing a vulnerability scanning tool, i.e., knowledge of exploitable vulnerabilities and ability to execute stealthy penetration testing engagements;

• Compromising Active Directory environments and demonstrating business impact by identifying and obtaining access to business critical assets/information;

• Performing social engineering / phishing activities such as reconnaissance of targets, developing phishing campaigns (e.g., emails and websites), web hosting administrator, developing malicious phishing payloads, or pivoting through phished systems;

• Participating actively in client discussions and meetings and communicating a broad range of potential add-on services based on identified weaknesses;

• Managing engagements with junior staff;

• Preparing concise and accurate documents, leveraging and utilizing MS Office and Google Docs to complete related project deliverables, as necessary;

• Balancing project economics management with the occurrence of unanticipated issues.

• Creating a positive environment by monitoring workloads of the team while meeting client expectations and respecting the work-life quality of team members;

• Proactively seeking guidance, clarification, and feedback; and,

• Keeping leadership informed of progress and issues.

Educational Qualifications

B.E./B.Tech, B.Sc., Data Analytics/Mathematics background graduates

Job Location

Novus Tower-Udyog Vihar Office, Gurgaon (Work from office)

Years of Experience

1-5 years

Eligibility Criteria

• The job role requires document interpretation & monitoring color coded alerts on big screens

• Candidates to submit Government-issued disability certificate with disability percentage being 40% and above at the time of joining

PwC is committed to provide equal employment opportunities and fostering an inclusive workplace where all employees are treated with respect and dignity regardless of gender, ethnic background, disabilities, age, gender identity or expression, transgender people, pregnancy, religion or other beliefs, sexual orientation or any other status protected by law.

We encourage eligible job seekers with different disabilities to apply. PwC India adopts a transparent selection process and our decision of employment, training and career progression is solely based on merit, skills, and criteria set forth in the job description. We provide reasonable adjustments based on individual needs to attend the selection process and excel at work.

Education(if blank, degree and/or field of study not specified)

Degrees/Field of Study required: Degrees/Field of Study preferred:

Certifications(if blank, certifications not specified)

Required Skills

Ethical Hacking, Security Testing

Optional Skills

Application Security Testing

Desired Languages(If blank, desired languages not specified)

Travel Requirements

Available for Work Visa Sponsorship?

Government Clearance Required?

Job Posting End Date