Temat tygodnia
Sprawdźcie, jak zostać królem personal brandingu. Część 2.
Trwa ładowanie. Prosimy o chwilę cierpliwości.
PwC
Data aktualizacji: 2022-06-23
Penetration Tester
Nr ref. 336060WD
Aplikuj
Warszawa, mazowieckie
Konsulting, Analiza
Data aktualizacji: 2022-06-23 Aplikuj
PwC is a powerful network of over 250.000 people across 158 countries. All committed to deliver quality in Assurance, Tax, Advisory & Technology services. Match your curiosity with continuous opportunities to learn, grow and make an impact. Join PwC and be a game changer.

Job Description & Summary

We are looking for passionate and experienced individuals who are immersed in the offensive side of the information security industry. The ideal candidate will be self-motivated, have an eagerness and aptitude to learn in the challenging environment.

Penetration Tester

 

Responsibilities:

  • Identify and exploit vulnerabilities in commercial, open source, and custom software applications and underlying cloud infrastructure

  • Manage vulnerability and exploit data in large scale tests using collaboration tools across a global team

  • Knowledge of existing, emerging threats, web security principles and attack vectors

  • Ability to author detailed and articulate penetration test reports, including prescriptive recommendations for remediation options according to NIS standards.

  • Deliver technical debriefs to engineers and developers during report discussion meetings as required

  • Maintain testing tools, hardware, and equipment, creating new tools where appropriate

  • Provide guidance to application development groups on application security best practices

  • Support application security assessment result review and mitigation approval

  • Support remediation effort and track open issues and follow up to ensure remediation

  • Demonstration of continuous professional learning the latest and most advanced security testing techniques, development tools and frameworks

 

Qualifications:

Required Qualifications: 

  • Passion for penetration testing

  • 4-5 years Penetration Testing Experience

  • One minimum certification from desirable penetration certifications (e.g. Security+, CEH (including practical), ECSA(including practical), LPT(including practical))

  • Demonstrable experience identifying and exploiting vulnerabilities in commercial, open source, and custom software products

  • Automation experience

  • Python, Bash programming

  • Demonstrate capability of manually executing OWASP based of attacks

  • Demonstrable experience conducting post-exploitation lateral movements activities is required

  • Strong knowledge of common networking configurations, load balancing, firewalls, and security controls

  • Strong knowledge of authentication and SSO technologies

  • Strong Expertise with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications

  • Strong knowledge of applied cryptography and common implementation flaws

  • Strong Knowledge of virtualized infrastructures is preferred

 

Preferred Qualifications:

  • One minimum certification from desirable penetration certifications (e.g. OSCP, OSWE, GPEN, GWAPT, GXPN,  CREST CRT/CCT [certified web/infrastructure tester])

  • Demonstrable experience identifying and exploiting vulnerabilities APIs (JSON/REST/SOAP/XML/AJAX)

  • Demonstrable experience identifying and exploiting vulnerabilities in mobile applications (iOS, Android) is highly preferred

  • Demonstrable strong experience with penetration testing tools (e.g. Metasploit, Burp Suite, Appspider etc.)

  • Ability to write a code in python and ruby is highly preferred

  • Ability to understand Java, C#, JavaScript Frameworks such as C#, .Net, Python, node.js, jQuery, Bootstrap, Django, JavaScript, mobile app development, Go, and other common languages is a plus

  • Ability to build automation to eliminate recurring work

  • Demonstrable experience conducting code reviews is optional

  • Excellent written communication skills are plus

  • Excellent knowledge of common operating systems is required, knowledge of less popular and legacy operating systems is a plus

PwC Advisory spółka z ograniczoną odpowiedzialnością sp.k. or another PwC entity which runs a recruitment process - list of entities: https://www.pwc.com/gx/en/about/office-locations/poland.html, with its registered seat in Warsaw (00-633), Polna 11 Street, („PwC” or “we”) will be the controller of your personal data submitted in your application for a job. Your personal data will be processed for the purpose of performing a recruitment process for the job offered. If you give us explicit consent, your personal data will be also processed for participation in further recruitment processes conducted by PwC and sending notifications about job offers in PwC or job related events organized or with the participation of PwC such as career fair. A full information about processing your personal data is available in our Privacy Policy.