Vulnerability Assessment and Penetration testing Associate- Cyber Risk
- Full-time
- Service Line: Risk Advisory
Company Description
Deloitte is the largest private professional services network in the world. Every day, approximately 312,000 professionals in more than 150 countries demonstrate their commitment to a single vision: to be the standard of excellence, while working towards one purpose – to make an impact that matters.
Deloitte West Africa is a cluster of Deloitte offices that has joined together to provide seamless cross-border services to our clients in the region and to pass on the benefits of scale and access to resources that this organization can generate. Our West Africa practice serves multinationals, large national enterprises, small and medium-sized enterprises and the public sector across these regions: Nigeria and Ghana.
In Ghana, Deloitte is one of the leading professional services organisations, specialising in providing Audit, Tax & Regulatory, Business Process Solutions, Consulting, Risk Advisory and Financial Advisory services. We serve clients in a variety of industries from financial services, to consumer business and industrial products, telecommunications, energy and resources, manufacturing and the public sector.
Our professionals are unified by a collaborative culture that fosters integrity, outstanding value to markets and clients, commitment to each other, and strength from cultural diversity. They are dedicated to strengthening corporate responsibility, building public trust, and making a positive impact in their communities. We understand that our professionals hold interests outside of the work space and we aim to encourage work/life balance, supporting them in all aspects of their lives.
Our talented professionals and our clients understand the link between a strong learning and development programme and the ability for Deloitte to deliver on its promise of consistent, high-quality service delivery worldwide.
Whatever your age, gender or culture, take your career to the next level with the talents and capabilities you will develop at Deloitte.
Job Description
About the Role
We are seeking an elite Penetration Tester to join our elite security team. You will be a relentless hunter, identifying and exploiting critical vulnerabilities across our complex technological landscape. In this role, you'll be responsible for securing clients web applications, APIs, networks, infrastructure, Active Directory, and cloud environments. You will be a trusted advisor, working collaboratively to remediate vulnerabilities and continuously improve various client’s security posture.
Qualifications
Responsibilities:
- Design, execute, and document comprehensive penetration testing engagements encompassing:
- Web applications: Leverage advanced techniques to uncover critical vulnerabilities (SQL injection, XSS, CSRF, RCE) and assess their exploitability.
- APIs: Utilize various tools and methodologies to identify security misconfigurations, broken authentication, and authorization flaws in APIs.
- Networks and Infrastructure: Conduct in-depth network assessments to discover weaknesses in network segmentation, firewalls, and network devices. Employ pivoting, escalation of privileges, and lateral movement techniques to compromise systems.
- Active Directory: Assess the security posture of Active Directory, focusing on misconfigurations, insecure password policies, and privileged account controls.
- Cloud Environments: Perform cloud security assessments on platforms like AWS, Azure, or GCP, identifying insecure configurations, storage vulnerabilities, and potential access control issues.
- Exploit discovered vulnerabilities using advanced tools and techniques to demonstrate real-world impact.
- Create detailed penetration testing reports that clearly document findings, risks, proof-of-concepts, and recommended remediation strategies.
- Proactively stay ahead of the evolving threat landscape by researching emerging vulnerabilities, exploits, and offensive security tools.
- Collaborate effectively with development, IT, and security teams to prioritize vulnerabilities, remediate issues, and enhance security controls.
- Maintain an unwavering commitment to ethical hacking principles and best practices.
Requirements:
- Minimum of 2+ years of experience in penetration testing or a related security field, with a proven track record of success in identifying and exploiting high-impact vulnerabilities.
- In-depth understanding of penetration testing methodologies (e.g., OWASP methodologies, PTES) and a vast toolkit of industry-standard penetration testing tools (Burp Suite, Metasploit, Nessus, etc.).
- Extensive experience in scripting languages (Python, Bash, PowerShell) for automating tasks and developing custom exploits.
- Solid understanding of cloud security concepts and experience in securing cloud environments (AWS, Azure, GCP).
- Expertise in Active Directory security, including identification and exploitation of misconfigurations and privilege escalation techniques.
- Experience in API security testing methodologies and tools.
- Exceptional written and verbal communication skills with the ability to clearly articulate complex technical findings to both technical and non-technical audiences.
A passion for security and a relentless drive to push the boundaries of offensive security
Preferred Qualifications:
- Bachelor's degree in Cybersecurity, Information Security, Computer Science, or a related field.
- 2nd class Upper or better
- Proven experience in social engineering techniques.
- Certifications such as eJPT, CEH, CPENT, OSCP, OSCE, GCIH, GWAPT,CISSP and any cloud related certification.
- Experience in mobile application security testing.
- Experience in container security (Docker, Kubernetes).
Experience in building and utilizing custom security frameworks and tools
Additional Information
Key Recruiting Areas
- Risk Advisory
Living our Purpose - Acts as a role model, embracing and living our purpose and values, and recognizing others for the impact they make
Influence - Influences clients, teams, and individuals positively, leading by example and establishing confident relationships with increasingly senior people
Performance drive – Delivers exceptional client service; maximizes results and drives high performance from people while fostering collaboration across businesses and borders
Strategic direction – Understands key objectives for clients and Deloitte, aligns people to objectives and sets priorities and direction
Talent development – Develops high-performing people and teams through challenging and meaningful opportunities
How you’ll grow
At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help build world-class skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.
Our purpose
Deloitte is led by a purpose: to make an impact that matters. Every day, Deloitte people are making a real impact in the places they live and work. We pride ourselves on doing not only what is good for clients, but also what is good for our people and the communities in which we live and work—always striving to be an organization that is held up as a role model of quality, integrity, and positive change. Learn more about Deloitte’s impact on the world.
Closing date: 18 June 2024.
We are an equal opportunity employer and do not ask individuals to pay any fees or money as part of the recruitment process.
Recruiter Tips
We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you’re applying to.
NB: Please note that candidates that do not attach their resumes and academic credentials (Official Transcript etc) will not be considered and only shortlisted candidates will be contacted.
At Deloitte, we want everyone to feel they can be themselves and to thrive at work—in every country, in everything we do, every day. We aim to create a workplace where everyone is treated fairly and with respect, including reasonable accommodation for persons with disabilities. We seek to create and leverage our diverse workforce to build an inclusive environment across the African continent.