Logo of Huzzle

IN_Associate _ VAPT _S&G_ Advisory _Chennai

image

PwC

Jan 23

  • Job
    Full-time
    Senior Level
  • Software Engineering
    IT & Cybersecurity
  • Chennai
  • Quick Apply

AI generated summary

  • You must have a degree in EC, CS, IT, Cyber Security, or MCA, 5 years of penetration testing experience, knowledge of security frameworks, programming, and certifications like OSCP.
  • You will conduct security testing on applications, perform assessments, identify risks, review architectures, and recommend mitigation strategies while ensuring compliance with industry standards.

Requirements

  • Graduation in EC or CS or IT or Information Security or Cyber Security or MCA.
  • Working experience as a Penetration Testing Expert for 5 year(s)
  • Hands on experience with security testing frameworks such as the PTES, OWASP, OSSTMM, SANS.
  • In-depth knowledge of application development processes and at least one programming and one scripting language (e.g., Java, Scala, C#, JavaScript, Angular, ReactJs, Ruby, Perl, Python, Shell).
  • Knowledge on OS security (Windows, Unix/Linux systems, Mac OS, VMware), network security and cloud security.
  • Hands on experience in BurpSuite, Nessus, Checkmarx, Acunetix and Kali Linux penetration testing tools etc.
  • Knowledge on Threat Modelling, Source Code Reviews, Secure Architecture Reviews
  • One of the certifications – OSWE/OSCP/OSCE/eJPT/CPENT- ECCouncil /LPT(Licensed Penetration Tester-ECCouncil)/GPEN(GIAC Penetration Tester)/ GWAPT(GIAC Web Application Penetration Tester) is mandatory (preferably OSCP)
  • Minimum Qualification: BE/ BTech/MBA/Mtech/MCA (Non Mechanical)
  • Postgraduates in any stream would be preferred (not mandatory)
  • "vapt" and ("oscp" or "EJPT" or "OSWE" or "CPENT" or "GPEN" or "GWAPT" or "OSCE") and security and "Penetration Testing" and mobile
  • 5+ Years
  • BE, B.tech, ME, M.tech, MCA, (non mechanical)
  • Master of Engineering, Bachelor of Engineering

Responsibilities

  • Security testing of mobile applications, web applications, APIs etc.
  • Perform SAST, DAST & VAPT with new standards from time to time. Review sufficient security controls are in place as per, but not limited to, client's policy, industry best practice/process and regulatory requirements.
  • Identify the Individual Application security risk portfolio / threats. Gaps identified along with recommendations to be submitted in Customized reports as requested by client.
  • Review of API/middleware/SFTP etc. interfaces between applications.
  • Develop/Review Baseline document for OS/Application Security/ API.
  • Review the security architecture of various applications deployed/to be deployed (including cloud based) and assess risk associated and suggest mitigation & resolution.
  • Evaluation/Security Assessment of open-source applications.
  • Vetting of Network and data flow Diagrams, with respect to security aspect, for new applications, in co-ordination with the vendors and clients.
  • Review application architecture, data flow diagram, network diagram, database configuration, crypto standards.
  • Perform Application threat modeling.
  • Gap assessment of the Cloud applications, solutions, platforms, process to fill the gaps.

FAQs

What is the job title for this position?

The job title is IN_Associate_VAPT_S&G_Advisory_Chennai.

What are the minimum educational qualifications required for this position?

The minimum qualification required is a BE, B.Tech, ME, M.Tech, or MCA in a non-mechanical discipline.

How many years of experience are required for this position?

A minimum of 5 years of experience as a Penetration Testing Expert is required.

What certifications are mandatory for this role?

One of the following certifications is mandatory: OSWE, OSCP, OSCE, eJPT, CPENT, LPT (Licensed Penetration Tester - ECCouncil), GPEN (GIAC Penetration Tester), or GWAPT (GIAC Web Application Penetration Tester), preferably OSCP.

What programming and scripting languages should candidates be familiar with?

Candidates should have in-depth knowledge of at least one programming language (e.g., Java, Scala, C#, JavaScript, Angular, ReactJs, Ruby) and one scripting language (e.g., Perl, Python, Shell).

What security-related knowledge is necessary for this position?

Knowledge of OS security (Windows, Unix/Linux systems, Mac OS, VMware), network security, and cloud security is essential.

What types of tasks will be performed in this role?

Tasks include security testing of mobile applications, web applications, APIs, performing SAST, DAST & VAPT, identifying application security risks, and reviewing security architecture.

Is experience with specific tools required?

Yes, hands-on experience with security testing frameworks and tools such as BurpSuite, Nessus, Checkmarx, Acunetix, and Kali Linux is required.

What additional skills are preferred for this role?

Preferred skills include knowledge in ISO standards and familiarity with advanced cybersecurity concepts.

Is there an opportunity for career development and growth within PwC?

Yes, PwC offers mentorship, inclusive benefits, and a vibrant community that supports personal and professional growth.

Are there opportunities for equal employment and diversity at PwC?

Yes, PwC is committed to providing equal employment opportunities without discrimination and strives to create an inclusive environment.

Accounting
Industry
10,001+
Employees
1998
Founded Year

Mission & Purpose

PricewaterhouseCoopers (PwC) is one of the Big 4 accounting firms and a leading professional services organisation. PwC offers a broad range of services, including audit and assurance, tax consulting, advisory, and legal services. They work with clients across various industries, from multinational corporations to startups, providing insights, expertise, and solutions to help them address complex challenges and achieve their goals. PwC's ultimate mission is to build trust in society and solve important problems. They strive to enhance transparency, integrity, and accountability in financial reporting, while also supporting sustainable business practices and societal advancement. PwC's purpose is to contribute to creating trust and value for their clients, people, and wider stakeholders, driving confidence and fostering innovation in a rapidly changing world.

Culture & Values

  • Act with integrity

    Speak up for what is right, especially when it feels difficult. Expect and deliver the highest quality outcomes. Make decisions and act as if our personal reputations were at stake.

  • Make a difference

    Stay informed and ask questions about the future of the world we live in. Create impact with our colleagues, our clients and society through our actions. Respond with agility to the ever changing environment in which we operate.

  • Care

    Make the effort to understand every individual and what matters to them. Recognise the value that each person contributes. Support others to grow and work in the ways that bring out their best.

  • Work together

    Collaborate and share relationships, ideas and knowledge beyond boundaries. Seek and integrate a diverse range of perspectives, people and ideas. Give and ask for feedback to improve ourselves and others.

  • Reimagine the possible

    Dare to challenge the status quo and try new things. Innovate, test and learn from failure. Have an open mind to the possibilities in every idea.