Job Description

Line of Service Advisory
Industry/Sector FS X-Sector
Specialism Risk
Management Level Senior Associate
& Summary At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls.
Those in internal audit at PwC help build, optimise and deliver end-to-end internal audit services to clients in all industries. This includes IA function setup and transformation, co-sourcing, outsourcing and managed services, using AI and other risk technology and delivery models. IA capabilities are combined with other industry and technical expertise, in areas like cyber, forensics and compliance, to address the full spectrum of risks. This helps organisations to harness the power of IA to help the organisation protect value and navigate disruption, and obtain confidence to take risks to power growth.
Why PWC
At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more .
At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm's growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations.
& Summary:
In-depth knowledge of application development processes and at least one programming and one scripting language (e.g., Java, Scala, C#, JavaScript, Angular, ReactJs, Ruby, Perl, Python, Shell). Knowledge on OS security (Windows, Unix/Linux systems, Mac OS, VMware), network security and cloud security.
Responsibilities:
Preferred Knowledge/Skills: Requirement Criteria: Graduation in EC or CS or IT or Information Security or Cyber Security or MCA. Working experience as a Penetration Testing Expert for 5 year(s) Hands on experience with security testing frameworks such as the PTES, OWASP, OSSTMM, SANS. In-depth knowledge of application development processes and at least one programming and one scripting language (e.g., Java, Scala, C#, JavaScript, Angular, ReactJs, Ruby, Perl, Python, Shell). Knowledge on OS security (Windows, Unix/Linux systems, Mac OS, VMware), network security and cloud security. Hands on experience in BurpSuite, Nessus, Checkmarx, Acunetix and Kali Linux penetration testing tools etc. Knowledge on Threat Modelling, Source Code Reviews, Secure Architecture Reviews One of the certifications - OSWE/OSCP/OSCE/eJPT/CPENT- ECCouncil /LPT(Licensed Penetration Tester-ECCouncil)/GPEN(GIAC Penetration Tester)/ GWAPT(GIAC Web Application Penetration Tester) is mandatory (preferably OSCP) High Level Responsibilities: Security testing of mobile applications, web applications, APIs etc. Perform SAST, DAST & VAPT with new standards from time to time. Review sufficient security controls are in place as per, but not limited to, client's policy, industry best practice/process and regulatory requirements. Identify the Individual Application security risk portfolio / threats. Gaps identified along with
recommendations to be submitted in Customized reports as requested by client. Review of API/middleware/SFTP etc. interfaces between applications. Develop/Review Baseline document for OS/Application Security/ API. Review the security architecture of various applications deployed/to be deployed (including cloud based) and assess risk associated and suggest mitigation & resolution. Evaluation/Security Assessment of open-source applications. Vetting of Network and data flow Diagrams, with respect to security aspect, for new applications, in co-ordination with the vendors and clients. Review application architecture, data flow diagram, network diagram, database configuration, crypto standards. Perform Application threat modeling. Gap assessment of the Cloud applications, solutions, platforms, process to fill the gaps. Education: Minimum Qualification: BE/ BTech/MBA/Mtech/MCA (Non Mechanical) Postgraduates in any stream would be preferred (not mandatory)
Mandatory skill sets:
"vapt" and ("oscp" or "EJPT" or "OSWE" or "CPENT" or "GPEN" or "GWAPT" or "OSCE") and security and "Penetration Testing" and mobile
Preferred skill sets:
ISO
Years of experience required:
5+ Years
Education qualification:
BE, B.tech, ME, M.tech, MCA, (non mechanical)
Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Master of Engineering, Bachelor of Engineering, Bachelor of Technology, Master Degree
Degrees/Field of Study preferred:
Certifications (if blank, certifications not specified)
Required Skills Penetration Testing
Optional Skills Accepting Feedback, Accepting Feedback, Accounting and Financial Reporting Standards, Active Listening, Analytical Thinking, Artificial Intelligence (AI) Platform, Auditing, Auditing Methodologies, Business Process Improvement, Communication, Compliance Auditing, Corporate Governance, Creativity, Data Analysis and Interpretation, Data Ingestion, Data Modeling, Data Quality, Data Security, Data Transformation, Data Visualization, Embracing Change, Emotional Regulation, Empathy, Financial Accounting, Financial Audit {+ 24 more}
Desired Languages (If blank, desired languages not specified)
Travel Requirements Not Specified
Available for Work Visa Sponsorship? No
Government Clearance Required? No
Job Posting End Date