IN_Associate_VAPT _Security Testing_Advisory _Mumbai

2 Months ago • 3 Years + • Cyber Security

About the job

Job Description

This is a full-time cybersecurity professional role, requiring at least 3 years of experience in penetration testing, vulnerability identification, and Active Directory compromise. Must have in-depth knowledge of security domains like application security and network segregation, and hands-on experience with networking protocols and operating systems.
Must have:
  • Penetration Testing
  • Vulnerability Identification
  • Active Directory
  • Application Security
Good to have:
  • Security Testing Tools
  • Cybersecurity Frameworks
  • Scripting Languages
  • SIEM Tools
Perks:
  • Vibrant Community
  • Inclusive Benefits
Not hearing back from companies?
Unlock the secrets to a successful job application and accelerate your journey to your next opportunity.

Line of Service

Advisory

Industry/Sector

Not Applicable

Specialism

Operations

Management Level

Associate

Job Description & Summary

A career within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. We play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats.

Why PWC

At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us.

At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations.

We are looking for an experienced cybersecurity professional with a comprehensive understanding of various security domains, including application security, network segregation, access controls, IDS/IPS devices, physical security, and information security risk management. The ideal candidate will possess expertise in security testing tools, networking protocols, operating systems, common programming and scripting languages, and cybersecurity frameworks. This role requires hands-on experience in performing penetration testing, executing stealthy red team engagements, and managing security operations and SIEM tools. The candidate should be adept at identifying critical vulnerabilities, compromising Active Directory environments, and conducting social engineering/phishing activities. Strong communication skills, the ability to manage junior staff, and proficiency in documenting and presenting findings are essential.

Responsibilities:

  • Network Security Analysis: Conduct in-depth analyses of computer networks to identify vulnerabilities and gaps in security.
  • Security Tools Management: Administer and manage a variety of security products, including firewalls, IDS/IPS, Firewall Analyzers, Azure Firewalls, NSGs, Application Gateways, and WAFs.
  • Firewall and VPN Administration: Oversee the administration of firewalls, routers, VPNs, and other security tools to ensure robust network security.
  • Scripting and Automation: Utilize scripting languages such as Python to automate security tasks and enhance operational efficiency.
  • System and Network Management: Work with Linux and/or Windows Operating Systems, coding languages, and network environments to support and enhance security measures.
  • Networking Knowledge Application: Apply knowledge of networking concepts, including LAN, WAN, TCP/IP, web protocols, and network-related cyber-attacks.
  • Recon Tools Usage: Use network assessment and reconnaissance tools like nmap, Angry IP, and Metasploit for comprehensive security assessments.
  • Penetration Testing: Perform penetration testing activities within client environments, emphasizing manual and stealthy techniques.
  • Red Team Engagements: Execute stealthy penetration testing, advanced red team, or adversary simulation engagements using offensive security tools and utilities.
  • Vulnerability Identification: Identify security-critical vulnerabilities without relying on vulnerability scanning tools.
  • Active Directory Compromise: Compromise Active Directory environments and demonstrate business impact by accessing critical assets and information.
  • Social Engineering and Phishing: Conduct social engineering and phishing activities, including reconnaissance, campaign development, and malicious payload creation.
  • Client Interaction: Participate in client discussions, communicate potential add-on services based on identified weaknesses, and actively engage in meetings.
  • Engagement Management: Manage engagements with junior staff, prepare concise and accurate project deliverables, and balance project economics with unexpected issues.
  • Team Environment: Create a positive environment by monitoring team workloads, meeting client expectations, and respecting team members' work-life quality.
  • Continuous Learning: Proactively seek guidance, clarification, and feedback, and keep leadership informed of progress and issues.

Mandatory skill sets:

  • In-depth knowledge of technical concepts such as application security, network segregation, access controls, IDS/IPS devices, physical security, and information security risk management.
  • Hands-on experience with networking protocols, TCP/IP stack, systems architecture, and operating systems.
  • Ability to perform penetration testing activities using manual stealthy techniques and advanced red team engagements.
  • Capability to identify security critical vulnerabilities without using a scanning tool.
  • Experience in compromising Active Directory environments and demonstrating business impact.
  • Skills in social engineering/phishing activities, including reconnaissance, developing phishing campaigns, and creating malicious payloads.
  • Effective participation in client discussions and meetings, and communicating potential add-on services based on identified weaknesses.
  • Proven record of preparing concise and accurate documents and project deliverables.
  • Ability to balance project economics with unanticipated issues and create a positive work environment for the team.

Preferred skill sets:

  • Expertise in security testing tools like BurpSuite, Mimikatz, Cobalt Strike, PowerSploit, Metasploit, Nessus, HP Web Inspect, and tools from Kali Linux.
  • Proficiency in common programming and scripting languages such as Python, PowerShell, Ruby, Perl, Bash, JavaScript, or VBScript.
  • Deep understanding of well-known cybersecurity frameworks and industry-leading practices such as OWASP, NIST CSF, PCI DSS, and NY-DFS.
  • Experience with traditional security operations, event monitoring, and SIEM tools.
  • Demonstrated ability to manage engagements, mentor junior staff, and balance project economics.
  • Strong documentation skills and proficiency with MS Office and Google Docs.
  • Ability to create a positive team environment and manage workloads effectively.
  • Proactive in seeking guidance, clarification, and feedback, and keeping leadership informed of progress and issues.

Years of experience required:

3+ years

Education qualification:

B.Tech

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required: Bachelor of Engineering

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

JavaScript, Python (Programming Language)

Optional Skills

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Not Specified

Available for Work Visa Sponsorship?

No

Government Clearance Required?

No

Job Posting End Date

View Full Job Description

Add your resume

80%

Upload your resume, increase your shortlisting chances by 80%

About The Company

At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 152 countries with over 327,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity.


Content on this page has been prepared for general information only and is not intended to be relied upon as accounting, tax or professional advice. Please reach out to your advisors for specific advice.

View All Jobs

Get notified when new jobs are added by PWC

Similar Skill Jobs

Get notifed when new similar jobs are uploaded

Jobs in Mumbai, Maharashtra, India

Nisum - UI Developer - G6357

Nisum, India (Hybrid)

Alcon - DevOps Engineer

Alcon, India (Hybrid)

Hire Phoenix Consulting - Ludo Game Developer needed (Freelance opportunity)

Hire Phoenix Consulting, India (Remote)

Head Digital Works - Sub Editor (Hindi)

Head Digital Works, India (On-Site)

dentsu - Talent Acquisition Advisor

dentsu, India (On-Site)

Tentworks Interactive - UI/UX Designer for Video games (Project/contract Bases)

Tentworks Interactive, India (Remote)

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

Trellix - Senior Solution Consultant

Trellix, Indonesia (On-Site)

brightline - Information Systems Security Engineer

brightline, United States (On-Site)

ION - Cloud Engineer

ION, Hungary (On-Site)

Postman - Senior Security Engineer, Detection & Response

Postman, United States (On-Site)

Fanatics - Offensive Security Engineer III

Fanatics, India (Hybrid)

Intel Corporation - Government Cloud Engineer

Intel Corporation, United States (Hybrid)

Get notifed when new similar jobs are uploaded