Risk Advisory - Cyber Technology Risk - Specialist Opportunities Penetration Testers
- Sandton, Johannesburg, South Africa
Deloitte is the largest private professional services network in the world. Every day, approximately 220,000 professionals in more than 150 countries demonstrate their commitment to a single vision: to be the standard of excellence, while working towards one purpose – to make an impact that matters.
In South Africa, Deloitte is one of the leading professional services organisations, specialising in providing Audit, Tax, Consulting, Risk Advisory and Corporate Finance services. We serve clients in a variety of industries from financial services, to consumer business, energy, mining and manufacturing, tourism and the public sector, and we provide powerful business solutions to some of the world's most well-known and respected companies, including more than 80 percent of the Fortune 100.
Our professionals are unified by a collaborative culture that fosters integrity, outstanding value to markets and clients, commitment to each other, and strength from cultural diversity. They are dedicated to strengthening corporate responsibility, building public trust, and making a positive impact in their communities. We understand that our professionals hold interests outside of the work space and we aim to encourage work/life balance, supporting them in all aspects of their lives.
Our talented professionals and our clients understand the link between a strong learning and development programme and the ability for Deloitte to deliver on its promise of consistent, high-quality service delivery worldwide.
Whatever your age, gender or culture, take your career to the next level with the talents and capabilities you'll develop at Deloitte.
About the Division
Our complex, disruptive, ever-more technology-reliant and interconnected world is leaving businesses more exposed than ever. Failure and exploitation, theft, fraud and abuse, are all knocking at the door, every minute of every day. And our visionary people are crafting new ways to keep them out; addressing the biggest issue facing organisations to.
Deloitte helps organisations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. We help our clients to embed cyber risk at the start of strategy development for more effective management information and technology risks.
Our teams include:
· Cyber Strategy– We help executives develop a cyber risk program in line with the strategic objectives and risk appetite of the organisation.
· Secure– We focus on establishing effective controls around the organisation’s most sensitive assets and balancing the need to reduce risk, while enabling productivity, business growth, and cost optimisation objectives.
· Vigilant– We integrate threat data, IT data, and business data to equip security teams with context-rich intelligence to proactively detect and manage cyber threats and respond more effectively to cyber incidents.
· Resilient– We combine proven proactive and reactive incident management processes and technologies to rapidly adapt and respond to cyber disruptions whether from internal or external forces.
In the penetration testing role, you would participate in the research, analysis, design, testing and implementation of medium to complex computer network security/protection technologies for our clients’ information and network systems and applications. This position reports to the Senior Manager of Cyber Security Team, and works closely with our client’s teams in their internal information security programs.
The ideal candidate for this position is a professional ethical penetration tester that can perform relevant threat modeling on the clients designated systems, and masters and executes the techniques of attackers to identify vulnerabilities, validate them, and associate them with the severity rating by deriving impact. This candidate must be able to utilize hacking tools and modify or create proof of concept exploits. He or she is passionate about security, keeps up to date on core tools, techniques and tactics, and furthers their knowledge every day.
The position requires at least one year of targeted experience in computer network security, including application attack and defense, web services, operating system security, privacy, storage network security or malicious application analysis.
· Conduct threat modeling and attack modeling on the clients’ designated targets of evaluation;
· Plan penetration testing engagements and assess effort and stages according to internal Deloitte methodology;
· Conduct hardware, mobile, and wireless network security assessments;
· Conduct infrastructure and server, desktop and web-based application penetration tests;
· Write PoC exploit code for vulnerabilities the team has discovered;
· Thoroughly document exploit chain/proof of concept scenarios for client consumption and internal knowledgebase;
· Conduct social engineering assessments;
· Document the findings according to internal Deloitte methodology and principles;
· Analyze and summarize the findings in clear and actionable reports;
· Develop custom penetration testing tools;
· Conduct research in cyber security.
· Directly or indirectly manage junior staff that includes training, coaching and delegating to them.
· Hands-on experience in at least one of the following: security testing, web application development/testing, system administration, networking, software development;
· Able to express your findings in very good technical and business English (oral and written);
· Fluency in written/spoken English;
· At least 1-3 years relevant work experience in penetration testing engagements;
· Good knowledge of one of the main testing methodologies, e.g. OSSTMM, and familiarity with OWASP testing methodology;
· Workable familiarity with critical security controls and their validation, e.g. SANS top20, and with OWASP security controls and their validation;
· Very good familiarity with Windows and Linux operating systems;
· Good knowledge of Metasploit or similar exploitation frameworks, and familiarity with Kali Linux pentest tools;
· Practical hands-on experience with one of Nessus/Nexpose/CoreImpact/Qualys;
· Practical hands-on experience with one of Cobalt Strike / Empire / PowerSploit or similar;
· Working experience with Burp Suite, ZAP Proxy or similar;
· Ability for basic read/write in C/C++/Java;
· Programming experience in Python, PHP, Perl, Ruby, .NET or other interpreted or compiled languages;
· Knowledge of exploitation techniques.
Nice to have:
· Some knowledge of fuzzing, reverse engineering and exploit development;
· Some knowledge of malware analysis;
· Some knowledge of cryptanalysis, cryptographic flaws;
· University degree, Technical college or Polytechnic certificate;
· Any of OSCP, OSCE, CISSP, CEH or equivalent certification;
· Solid networking skills, recognized certifications;
· Proof of experience in participating in CTF challenges and/or cyber exercises;
· GitHub repository of own developed tools or starred projects;
· Security blog or list of online security resources (websites, RSS feeds, twitter lists);
· SCADA / industrial systems management or ICS security experience.
How you’ll grow
At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help build world-class skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. Explore Deloitte University, The Leadership Center. https://deloitte.zoomforth.com/du
At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. https://www2.deloitte.com/global/en/pages/careers/articles/benefits.html
Deloitte is led by a purpose: to make an impact that matters. Every day, Deloitte people are making a real impact in the places they live and work. We pride ourselves on doing not only what is good for clients, but also what is good for our people and the communities in which we live and work—always striving to be an organization that is held up as a role model of quality, integrity, and positive change. Learn more about Deloitte’s impact on the world. https://www2.deloitte.com/global/en/pages/about-deloitte/articles/impact-that-matters.html