IN_Associate_VAPT _Security Testing_Advisory _Mumbai

Line of Service

Advisory

Industry/Sector

Not Applicable

Specialism

Operations

Management Level

Associate

Job Description & Summary

A career within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. We play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats.

Why PWC

At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us.

At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations.

We are looking for an experienced cybersecurity professional with a comprehensive understanding of various security domains, including application security, network segregation, access controls, IDS/IPS devices, physical security, and information security risk management. The ideal candidate will possess expertise in security testing tools, networking protocols, operating systems, common programming and scripting languages, and cybersecurity frameworks. This role requires hands-on experience in performing penetration testing, executing stealthy red team engagements, and managing security operations and SIEM tools. The candidate should be adept at identifying critical vulnerabilities, compromising Active Directory environments, and conducting social engineering/phishing activities. Strong communication skills, the ability to manage junior staff, and proficiency in documenting and presenting findings are essential.

Responsibilities:

• Network Security Analysis: Conduct in-depth analyses of computer networks to identify vulnerabilities and gaps in security.
• Security Tools Management: Administer and manage a variety of security products, including firewalls, IDS/IPS, Firewall Analyzers, Azure Firewalls, NSGs, Application Gateways, and WAFs.
• Firewall and VPN Administration: Oversee the administration of firewalls, routers, VPNs, and other security tools to ensure robust network security.
• Scripting and Automation: Utilize scripting languages such as Python to automate security tasks and enhance operational efficiency.
• System and Network Management: Work with Linux and/or Windows Operating Systems, coding languages, and network environments to support and enhance security measures.
• Networking Knowledge Application: Apply knowledge of networking concepts, including LAN, WAN, TCP/IP, web protocols, and network-related cyber-attacks.
• Recon Tools Usage: Use network assessment and reconnaissance tools like nmap, Angry IP, and Metasploit for comprehensive security assessments.
• Penetration Testing: Perform penetration testing activities within client environments, emphasizing manual and stealthy techniques.
• Red Team Engagements: Execute stealthy penetration testing, advanced red team, or adversary simulation engagements using offensive security tools and utilities.
• Vulnerability Identification: Identify security-critical vulnerabilities without relying on vulnerability scanning tools.
• Active Directory Compromise: Compromise Active Directory environments and demonstrate business impact by accessing critical assets and information.
• Social Engineering and Phishing: Conduct social engineering and phishing activities, including reconnaissance, campaign development, and malicious payload creation.
• Client Interaction: Participate in client discussions, communicate potential add-on services based on identified weaknesses, and actively engage in meetings.
• Engagement Management: Manage engagements with junior staff, prepare concise and accurate project deliverables, and balance project economics with unexpected issues.
• Team Environment: Create a positive environment by monitoring team workloads, meeting client expectations, and respecting team members' work-life quality.
• Continuous Learning: Proactively seek guidance, clarification, and feedback, and keep leadership informed of progress and issues.

Mandatory skill sets:

• In-depth knowledge of technical concepts such as application security, network segregation, access controls, IDS/IPS devices, physical security, and information security risk management.
• Hands-on experience with networking protocols, TCP/IP stack, systems architecture, and operating systems.
• Ability to perform penetration testing activities using manual stealthy techniques and advanced red team engagements.
• Capability to identify security critical vulnerabilities without using a scanning tool.
• Experience in compromising Active Directory environments and demonstrating business impact.
• Skills in social engineering/phishing activities, including reconnaissance, developing phishing campaigns, and creating malicious payloads.
• Effective participation in client discussions and meetings, and communicating potential add-on services based on identified weaknesses.
• Proven record of preparing concise and accurate documents and project deliverables.
• Ability to balance project economics with unanticipated issues and create a positive work environment for the team.

Preferred skill sets:

• Expertise in security testing tools like BurpSuite, Mimikatz, Cobalt Strike, PowerSploit, Metasploit, Nessus, HP Web Inspect, and tools from Kali Linux.
• Proficiency in common programming and scripting languages such as Python, PowerShell, Ruby, Perl, Bash, JavaScript, or VBScript.
• Deep understanding of well-known cybersecurity frameworks and industry-leading practices such as OWASP, NIST CSF, PCI DSS, and NY-DFS.
• Experience with traditional security operations, event monitoring, and SIEM tools.
• Demonstrated ability to manage engagements, mentor junior staff, and balance project economics.
• Strong documentation skills and proficiency with MS Office and Google Docs.
• Ability to create a positive team environment and manage workloads effectively.
• Proactive in seeking guidance, clarification, and feedback, and keeping leadership informed of progress and issues.

Years of experience required:

3+ years

Education qualification:

B.Tech

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required: Bachelor of Engineering

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

JavaScript, Python (Programming Language)

Optional Skills

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Not Specified

Available for Work Visa Sponsorship?

No

Government Clearance Required?

No

Job Posting End Date