Penetration Tester


About our team
Risk Advisory help our clients identify, manage and elevate their preparedness for risk, driving the risk agenda across key areas of the Australian economy.

Deloitte is the largest consulting firm in the world, and the largest provider of information security consulting services, as confirmed in the recent Gartner Market Share Analysis: Information Security Consulting, Worldwide, 2014, Published 21 April 2015

Furthermore, as per The Forrester Wave™: Information Security Consulting Services, Q1 2013 by Ed Ferrara and Andrew Rose, February 1, 2013: “Deloitte’s ability to execute rated the highest of all the participants. Deloitte still has the largest practice globally, and like last year, the firm shows a passionate commitment to client success. Deloitte’s client references were exceptional”.

Deloitte Australia is investing heavily in building its Cyber Security capability nationally. As part of this we are looking for skilled penetration testers across all levels to deliver innovative, security solutions to a range of clients.

About the role
In a rapidly changing world where information has a significant value, supply chains are interconnected and there is uncertainty when doing business on a global basis, the security and resilience of operations has become a board level issue.

As part of the team, you'll be responsible for leading attack and penetration testing engagements to identify security weaknesses within client's IT environments, reporting on issues and making recommendations for their remediation. You will be a key part of the team and looked to as a subject matter expert to help support and mentor other team members.

In this role you will respond to client requests, anticipating and meeting client problems and needs using innovative approaches when applicable. You will be involved in all aspects of security and vulnerability management engagements which include but are not limited to:

  • Network and host layer vulnerability assessments
  • Firewall, networking and security device reviews
  • Web application assessments
  • Social Engineering through targeting the physical security of the infrastructure or buildings.

Source code reviews using manual and automated tools, including

  • Native application assessments
  • Mobile Application assessments
  • Malware reverse engineering
  • Closing meetings to present findings to the client
  • Detailed reporting and proposal writing

About your experience

We are currently looking for experienced Penetration Testers at all levels with the below experience and qualification:

  • Hold a current CREST Certified Tester (CCT) in either Infrastructure or Web Applications or similar certification or be in a position and level to pass the exam for the certification.
  • For more senior roles, experience in Red Team engagements. With a capability in line with CREST UK’s Certified Simulated Attack Specialist certification and CBEST assessments.
  • Experience of working with applications that perform a wide range of business functions - ideally across multiple industries
  • Ability to understand and assess applications from both a technical and business function perspective
  • Prior experience of performing web application penetration tests, to identify weaknesses in security controls and the business risks associated with these.

Subject matter expertise in one or more of the following:

  • Networking: LAN, WAN, interworking technologies
  • Security Appliances: Firewalls (Cisco ASA, Check Point), Proxies, IDS/IPS
  • Reverse engineering
  • Web Applications
  • Exploit Development
  • Application vulnerability assessment
  • Mainframe systems
  • Mobile platforms (iOS/Android/Windows/etc)
  • Other devices
  • Social Engineering
  • Malware and Red Teaming
  • Innovative and analytical in your approach to performing penetration testing, particularly of novel devices and environments
  • Capable of working to strict deadlines and prioritising work appropriately
  • Relevant tertiary qualifications
  • The ability to develop scripts or code to automate testing and develop bespoke attacks
  • Good communication skills with an ability to explain complex technical issues to non-technical business clients
  • Excellent written skills with demonstrated ability to write reports and proposals. Including the ability to discuss findings in a risk perspective with clear remediation advice specific to the client’s environment.

Next Step
If you have questions regarding this role the Talent Acquisition Team is available to have a confidential discussion. Regarding this role, you can contact James Francis.

Are you viewing this job on LinkedIn? Click here to apply