A career in our Cyber Security practice, within the Ethical Hacking team, will provide you with the opportunity to assist clients in testing the effectiveness of their security controls in both the technology and human process spaces. No technology based solution can prevent human error so we work closely with our clients to become their trusted advisors offering far more than commodity penetration testing. Using blended teams of experts from across our Threat Intelligence, Incident Response, Software Assurance and Ethical Hacking teams we provide customised solutions that meet the business objectives of our clients.
The Ethical Hacking team include individuals with a variety of backgrounds, software development, computer networking, systems administration, hardware testing, reverse engineering, RF engineering and those that have spent their entire careers working in the cyber security industry. Our strength lies in our continuing expansion of our capabilities and our investment in training and research to ensure we develop our staff in to become truly world class experts in their chosen specialisms.
About the role
A Senior Associate in our Ethical Hacking team will be an expert in their field and will already be working at a level in line with CREST or CHECK industry standards in order to support our clients’ businesses. PWC support staff with training and revision time to enable them to progress through industry exams with a view to becoming part of the CHECK scheme to enable deployment on government and military projects. Staff will be required to undertake an SC level clearance as part of this role.
You will be a generalist with experience across both infrastructure and application testing but specialities in specific areas can be developed and honed as your career develops. This role would suit someone who is comfortable working across the hands on cyber security spectrum and disciplines. We will offer you opportunities to develop your skills in different areas of cyber security.
Duties and Responsibilities
In this role, you can expect to perform any of the following client delivery work
Infrastructure testing, both internal and external
Application testing of both web and proprietary applications and protocols
Mobile systems testing including RF and WiFi solutions
Hardware research and IoT attacks
Research into cryptography techniques and implementations
Research into novel techniques and capabilities
Report writing and customer delivery meetings
Training and mentoring of junior team members
Supporting other business teams such as Incident Response and Threat Intelligence
You can also expect to perform the following business development activities
Meet with clients to understand their needs and help produce proposals to address them
Develop toolkits and methodologies to enhance our sales and delivery capability
Contribute to research, public blogs and whitepapers to improve our public profile
Attend and speak at conferences within the Information Security community
Contribute to recruitment campaigns to identify future staff members
Collaborate to develop new and innovative security services for our clients
Essential skills and experience
As a minimum, candidates for this role must have the following
Some (however limited) practical experience of delivering ethical hacking services to customers
Strong academic background such as a Bachelor’s or Master’s degree in a science, technology or maths related subject (candidates without academic degrees must be able to demonstrate professional development and supporting vocational and industry qualification)
Excellent business writing skills, particularly report writing skills
A good understanding of IT infrastructure fundamentals such as networks, operating systems and databases
Knowledge of infrastructure and application security testing requirements and techniques
While not prerequisites, the following will be advantageous
Any cyber/information security certification (e.g. CREST, TIGER, Cyber Scheme, SANS, CISSP, CISA, CISM, GIAC)
Experience of internal or external consulting or audit engagements
Exposure to multi-tier, web based and cloud based IT architectures
Knowledge of security technologies (e.g. AV, SIEM, IDM, IPS, F/W, SSO, DLP)
Who we’re looking for
We are looking for individuals that thrive in a high tech, entrepreneurial environment such that they are comfortable working independently with little supervision and have a strong desire to learn and a willingness to share knowledge. We are looking for individuals who thrive in a team environment and who understand that we are far more than the sum of our parts when working collaboratively both with colleagues and also with clients and third parties.
People that succeed in our business have a passion for cyber security, are naturally inquisitive and get a buzz from solving complex problems. Furthermore, they have a good attention to detail allied with exceptional analytical and technical aptitude. Most of all, they are or have as a desire to be excellent communicators as we are in a business founded on strong relationships.