Job Description

Title: Global Technology Junior / Senior Analyst - Manual Penetration Tester Cybersecurity

What impact will you make?

At Deloitte, we offer a unique and exceptional career experience to inspire and empower talents like you to make an impact that matters for our clients, people and community. Whatever your aspirations, Deloitte offers you a highly inclusive, collaborative workplace and unrivalled opportunities to realize your full potential. We are always looking for people with the relentless energy to push themselves further, and to find new avenues and unique ways to reach our shared goals.

So what are you waiting for? Join the winning team now.

Work you\'ll do

The Deloitte Global Cybersecurity function is responsible for enhancing data protection, standardizing and securing critical infrastructure, and gaining cyber visibility through security operations centers. The Cybersecurity organization delivers a comprehensive set of security services to Deloitte\'s global network of firms around the globe.

As the Security Tester - Manual Assessment you will evolve and enhance the approach for managing customer requests and queries for technical testing. you will bring your expertise to support the development and maintenance of testing methodologies.

Other Illustrative Duties:

• Assist in technical scoping of security testing activities
• Curation and assessment of vulnerability data (across multiple platforms/tools) from a manual penetration perspective, to focus on true exploitation
• Typical security testing activities;

• Software/Web Application/Web Services penetration testing
• Network Penetration Testing
• Mobile Application Penetration Testing
• Thick Client Penetration Testing
• Conducting focused research when not deployed on an active project
• Provide consultative guidance to customers on findings identified in a clear and actionable fashion both in writing and verbally
• Architecture Security Analysis and Threat Modeling as required
• Curation and assessment of vulnerability data (across multiple platforms/tools) from a code assessment perspective, to ensure false positive review and analysis to provide target results to customers
• Provide technical guidance in supporting member firms in conducting necessary remedial actions and responding to client vulnerability questions or disclosures
• Develop tooling deployment and relevant scanning configurations to enhance practical testing processes
• Escalate key risks and issues to the relevant Regional Operations Manager which need special attention or hold urgency
• Operate in the wider organisation to drive risk reduction goals and in the continuous improvement vulnerability related services
• As needed to meet customer requests support code assessment and network infrastructure Relationship Management
• Act as a SME for member firms in receiving client queries regarding vulnerability disclosures
• Providing customer management level support for member firms required to conduct remedial activities
• As needed support to all service delivery manages where required on ad hoc project related activities
• Develop a deep understanding of DGSL and Member Firm IT operations and remediation capabilities

Your role as a leader

At Deloitte, we believe in the importance of empowering our people to be leaders at all levels. We expect our people to embrace and live our purpose and shared values, challenging themselves everyday to identify issues that are most important to our clients, our people and the communities, and to make an impact that matters. In addition to living our purpose, Associates / Analysts / Consultants across our Firm are expected to:

• Understand the expectations set and demonstrates personal accountability for keeping own performance on track.
• Understand how our daily work contributes to the priorities of the team and the business.
• Demonstrate strong commitment to personal learning and development.
• Actively focus on developing effective communication and relationship-building skills, with stakeholders, clients and team.
• Work effectively in diverse teams within a highly inclusive team culture where everyone is supported, respected and recognized for their contribution.

Requirements

• Minimum of 1 years\' experience working in a professional environment preferably as part of an operational security function (application testing, penetration testing,)
• Proven experience working with variety of cultures across the globe and have the patience, understanding and empathy to work collaboratively and effectively
• Experience in any of the following platforms would be highly beneficial; Burp, Kauli Linux, Nmap, ServiceNow, Qualys, Kenna, Fortify
• Capable of thinking creatively and analytically to prioritise tasks effectively
• Must be able to work under pressure and produce content to tight timelines
• Credible stakeholder management and relationship building skill
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences
• Sound knowledge of common infrastructure and web application vulnerabilities and common vulnerability categorizations such as OWASP, CVSS

Education:

• Bachelor\'s degree in a business or cyber security domain; or Candidates with relevant work experience in an appropriate field

Preferred:

• Secure DevOps experience would be a plus
• Knowledge of ticketing and tracking tools such as Service Now - Security Operations

Due to volume of applications, we regret only shortlisted candidates will be notified. Candidates will only be contacted by authorized Deloitte Recruiters via firm\'s business contact number or business email address.

Requisition ID: 98921

In Malaysia, the services are provided by Deloitte and other related entities in Malaysia ("Deloitte in Malaysia"), which are affiliates of Deloitte Southeast Asia Ltd. Deloitte Southeast Asia Ltd is a member firm of Deloitte Touche Tohmatsu Limited. Deloitte in Malaysia, which is within the Deloitte Network, is the entity that is providing this Website.

Deloitte