A career in our Network Information Security (NIS) team will provide you the opportunity to solve our clients' most critical business and data protection related challenges. You will be part of a growing team driving strategic programs, data analytics, innovation, cyber resiliency, response, and technical implementation activities. You will have access to not only the top professionals at PwC, but also our clients and industry analysts across the globe. The NIS team focuses on securing applications, services, devices through penetration tests. You will help clients understand the tangible risks they face from a variety of threat actors and what they target to include different postures, scenarios, or targeted assets. Working as a member of NIS also provides the opportunity to directly help clients enhance or tune their preventative, and detective controls. Our team focuses on assessment and recommendation services that blend deep technical manual tradecraft with targeted automation to simulate real threats to a client’s environments. As a part of this center of excellence, you will drive change at PwC’s clients by providing risk outside of the theoretical while contributing to the technical acumen of the practice and amplifying your own personal capabilities.

Junior Penetration Tester

Warsaw/ Krakow/ remotely from PL

The Role

PwC Professional skills and responsibilities for this management level include but are not limited to

As a Junior Associate, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution.

• Use feedback and reflection to develop self awareness, personal strengths and address development areas.

• Delegate to others to provide stretch opportunities and coach to help deliver results.

• Develop new ideas and propose innovative solutions to problems.

• Use a broad range of tools and techniques to extract insights from current trends in the business area.

• Review your work and that of others for quality, accuracy, and relevance.

• Share relevant thought leadership.

• Use straightforward communication, in a structured way, when influencing others.

• Able to read situations and modify behavior to build quality, diverse relationships.

• Uphold the firm's code of ethics and business conduct.

The Candidate

Preferred Fields of Study:

Computer and Information Science, Computer Applications, Computer Engineering, Information CyberSecurity, Information Technology, Management Information Systems or relevant experience

Demonstrates thorough knowledge and/or a proven record of success in the following areas:

• Shows an ability to understand and explain complex and complicated ideas clearly and succinctly
• Demonstrated knowledge of web application and web services, platforms such as IIS, Apache flavors, Java, .NET, API, SOAP and more.
• Understanding of web application security frameworks, including OWASP Top 10 and SANS Top 25
• Ability to identify and mitigate common web application vulnerabilities such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF)
• Familiarity with automated application security scanning tools such as Burp Suite and OWASP testing guide techniques

Demonstrates abilities and/or a proven record of success in the following areas:

• Performing web application penetration testing activities within a client’s environment, emphasizing manual OWASP testing techniques.

• Understanding Windows and Linux Web Servers setup, Databases, WAF, Load balancers.

• Identifying security critical vulnerabilities without utilizing a vulnerability scanning tool, i.e., knowledge of exploitable vulnerabilities and ability to execute stealthy penetration testing engagements.

• Compromising web application environments and demonstrating business impact by identifying and obtaining access to business-critical assets/information;

• Participating actively in client discussions and meetings and communicating a broad range of potential add-on services based on identified weaknesses.

• Managing engagements with senior staff.

• Preparing accurate documents, leveraging and utilizing MS Office and Google Docs to complete related project deliverables, as necessary.

• Balancing project economics management with the occurrence of unanticipated issues

• Creating a positive environment by monitoring workloads of the team while meeting client expectations and respecting the work-life quality of team members.

• Proactively seeking guidance, clarification, and feedback.

• Keeping leadership informed of progress and issues.
   

Our offer: 

• work flexibility - openness for your preferences regarding contract form (B2B or employment contract), hybrid working model, flexible start of the day, workation, sabbatical leave and additional summer solutions (e.g. Slow Fridays)
• development and upskilling - our full support during onboarding process, mentoring from experienced colleagues, training sessions, workshops, certification co/financed by PwC e.g. Microsoft and Celonis and conversations with native speaker
• wide medical and wellbeing program - medical care package (incl. dental care, freedom of treatment, physiotherapy), various insurance packages (incl. foreign travel insurance), coaching, psychological consultations, concierge for young parents, sports groups and more
• access to an online cafeteria where you may find i.a. vouchers (e.g. Zalando, Ikea, Allegro, Frisco), discounts for IT devices (e.g. Apple, Lenovo, Orange) and car purchase, Multisport card,
• 3 paid hours for volunteering per month
• and when you start enjoying PwC as much as we do, you may get a financial bonus in exchange for recommending your friend to work with us.