Cybersecurity – Penetration Testing – Senior Associate at PwC
Location: Los Angeles
*Specialty/Competency:* Cybersecurity & Privacy.Industry/Sector:* Not Applicable.Time Type:* Full time.
Travel Requirements:* Up to 60% A career in our Cybersecurity, Privacy and Forensics will provide you the opportunity to solve our clients most critical business and data protection related challenges. You will be part of a growing team driving strategic programs, data analytics, innovation, deals, cyber resilency, response, and technical implementation activities. You will have access to not only the top Cybersecurity, Privacy and Forensics professionals at PwC, but at our clients and industry analysts across the globe.
The Cyber Penetration Testing (CPT2) team focuses on delivering threat actor simulation services, device or application assessments, and penetration tests. You will help clients understand the tangible risks they face from a variety of threat actors and what they target to include different postures, scenarios, or targeted assets. Working as a member of CPT2 also provides the opportunity to directly help clients enhance or tune their preventative, and detective controls on a proactive basis.
Our team focuses on assessment and recommendation services that blend deep technical manual tradecraft with targeted automation to simulate real threats to a client’s environments. As a part of this center of excellence, you will drive change at PwC’s clients by providing risk outside of the theoretical while contributing to the technical acumen of the practice and amplifying your own personal capabilities. To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be an authentic and inclusive leader, at all grades/levels and in all lines of service.
To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future. As a Senior Associate, you’ll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution.
PwC Professional skills and responsibilities for this management level include but are not limited to: + Use feedback and reflection to develop self awareness, personal strengths and address development areas. + Delegate to others to provide stretch opportunities and coach to help deliver results. + Develop new ideas and propose innovative solutions to problems.
+ Use a broad range of tools and techniques to extract insights from from current trends in business area. + Review your work and that of others for quality, accuracy and relevance. + Share relevant thought leadership.
+ Use straightforward communication, in a structured way, when influencing others. + Able to read situations and modify behavior to build quality, diverse relationships. + Uphold the firm’s code of ethics and business conduct Job Requirements and Preferences* :.Basic Qualifications* :.
Minimum Degree Required* : Bachelor Degree.Minimum Years of Experience* : 3 year(s).Preferred Qualifications* :.
Demonstrates thorough abilities and/or a proven record of success in the following areas: + Performing penetration testing activities within a client’s environment, emphasizing manual stealthy testing techniques; + Executing stealthy penetration testing, advanced red team, or adversary simulation engagements using commercially/freely available offensive security tools and utilities built into operating systems; + Understanding Windows and Linux operating system setup, management, and power usage, eg, cmd, bash, network troubleshooting, virtual machines; + Identifying security critical vulnerabilities without utilizing a vulnerability scanning tool, ie, knowledge of exploitable vulnerabilities and ability to execute stealthy penetration testing engagements; + Compromising Active Directory environments and demonstrating business impact by identifying and obtaining access to business critical assets/information; + Performing social engineering/phishing activities such as reconnaissance of targets, developing phishing campaigns (eg, emails and websites), web hosting administrator, developing malicious phishing payloads, or pivoting through phished systems; + Participating actively in client discussions and meetings and communicating a broad range of potential add-on services based on identified weaknesses; + Managing engagements with junior staff; + Preparing accurate documents, leveraging and utilizing MS Office and Google Docs to complete related project deliverables, as necessary; + Balancing project economics management with the occurrence of unanticipated issues; + Creating a positive environment by monitoring workloads of the team while meeting client expectations and respecting the work-life quality of team members; + Proactively seeking guidance, clarification, and feedback; and, + Keeping leadership informed of progress and issues. At PwC, our work model includes three ways of working: virtual, in-person, and flex (a hybrid of in-person and virtual). Visit the following link to learn more: https://pwc.to/ways-we-work.
PwC does not intend to hire experienced or entry level job seekers who will need, now or in the future, PwC sponsorship through the H-1B lottery, except as set forth within the following policy: https://pwc.to/H-1B-Lottery-Policy. All qualified applicants will receive consideration for employment at PwC without regard to race; creed; color; religion; national origin; sex; age; disability; sexual orientation; gender identity or expression; genetic predisposition or carrier status; veteran, marital, or citizenship status; or any other status protected by law. PwC is proud to be an affirmative action and equal opportunity employer.
For positions based in San Francisco, consideration of qualified candidates with arrest and conviction records will be in a manner consistent with the San Francisco Fair Chance Ordinance. For positions in Colorado, visit the following link for information related to Colorado’s Equal Pay for Equal Work Act: https://pwc.to/coloradoadvisoryseniorassociate. \.
Web Reference : AJF/412120897-764
Posted Date : Sun, 11 Sep 2022
To apply for this position you will complete an application form on another website provided by or on behalf of PwC. Please note IT Jobs for ColU Fans is not responsible for the application process on any external website.
For Remote Cybersecurity – Penetration Testing – Senior Associate roles, visit Remote Cybersecurity – Penetration Testing – Senior Associate Roles
Security Engineer II, Offensive Security Penetration Testing at Amazon
Location: Los Angeles
Amazon’s Information Security Penetration Testing Team is seeking a Security Engineer to help keep Amazon secure for its customers. In this role, you will attack Amazon’s services, applications, and websites to discover security issues and report them to our internal technology teams. This position will provide you with challenging opportunities, both technologically and as a leader, but will also be a great deal of fun if hacking Amazon alongside a team of highly skilled individuals sounds exciting to you.
A Security Engineer at Amazon is expected to be strong in multiple domains. Engineers in this role work closely with teams throughout Information Security, as well as provide technical leadership and advice to teams and leaders throughout Amazon. You will be in direct contact with teams in a variety of business verticals, giving you first hand knowledge about how Amazon is built and how it operates at a deep, technical level. Additionally, you will leverage the knowledge you gain about Amazon to find new ways to break services, processes, and technologies throughout the company.
Engineers in this role must show exemplary judgment in making technical trade-offs between short-term fixes and long-term security and business goals. You will demonstrate resilience and navigate ambiguous situations with composure and tact. You will be expected to provide thought leadership for the organization as you discover, invent, and innovate throughout the course of your duties. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Amazon and its customers secure.
Key job responsibilities
• Conducting high quality application penetration tests independently, or as part of a team
• Creating detailed engagement plans and thoroughly documenting findings, gaps, and remediation recommendations
• Contributing to team tooling, innovation, and improvements
• Communicating and collaborating with partner teams, service owners, Information Security, and senior leadership to influence, prioritize, and drive the resolution of discovered security findings
• 3+ years of experience in a penetration testing or similar offensive security role
• 3+ years of professional experience with security engineering practices, including: web application security, network security, authentication and authorization protocols, cryptography, automation, and other software security disciplines
• 3+ years of experience with dynamic and manual code auditing to identify security issues
• 3+ years of experience with interpreted or compiled languages (e.g. Python, Ruby, C/C++, Java, .NET)
• Experience with threat modeling, design review, or other threat analysis techniques
• Bachelor’s degree in Computer Science or related field, or equivalent industry experience
• Experience with mobile application penetration testing
• Knowledge of cloud service providers and their offerings, preferably AWS, and its various technologies and services
• Experience in various security domains (e.g. system and network security, authentication and security protocols, cryptography, application security, incident response)
• Experience in developing security tooling and automation
• Experience in CTF competitions, CVE research, and/or Bug Bounty recognition
• Advanced degree in Computer Science or related field
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Pursuant to the Los Angeles Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Workers in New York City who perform in-person work or interact with the public in the course of business must show proof they have been fully vaccinated against COVID or request and receive approval for a reasonable accommodation, including medical or religious accommodation.
For Remote Security Engineer II, Offensive Security Penetration Testing roles, visit Remote Security Engineer II, Offensive Security Penetration Testing Roles