Job Description & Summary

About the team

Our global cyber security team focuses on securing applications, services, devices through penetration tests. You will be part of a growing team driving strategic programs, data analytics, innovation, cyber resiliency, response, and technical implementation activities. You will have access to not only the top professionals at Pw C, but also our clients and industry analysts across the globe.

Job description & summary

You will help clients understand the tangible risks they face from a variety of threat actors and what they target to include different postures, scenarios, or targeted assets. Working as a member of NIS also provides the opportunity to directly help clients enhance or tune their preventative, and detective controls.

• Performing web application penetration testing activities within a client’s environment, emphasizing manual OWASP testing techniques.
  
• Identifying security critical vulnerabilities without utilizing a vulnerability scanning tool, i.e., knowledge of exploitable vulnerabilities and ability to execute stealthy penetration testing engagements.
  
• Compromising web application environments and demonstrating business impact by identifying and obtaining access to business-critical assets/information;
  
• Participating actively in client discussions and meetings and communicating a broad range of potential add-on services based on identified weaknesses.
  
• Managing engagements with senior staff.
  
• Preparing accurate documents, leveraging and utilizing MS Office and Google Docs to complete related project deliverables, as necessary.
  
• Balancing project economics management with the occurrence of unanticipated issues
  
• Keeping leadership informed of progress and issues.
  

Requirements of the role

• Knowledge of web application and web services, platforms such as IIS, Apache flavors, Java, .NET, API, SOAP and more.
  
• Understanding of web application security frameworks, including OWASP Top 10 and SANS Top 25
  
• Ability to identify and mitigate common web application vulnerabilities such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF)
  
• Familiarity with automated application security scanning tools such as Burp Suite and OWASP testing guide techniques
  
• Understanding Windows and Linux Web Servers setup, Databases, WAF, Load balancers.