Senior Manager-Penetration Tester at PricewaterhouseCoopers (PwC)

Required candidate skillset
People who love to push limits and solve technologically challenging problems make good penetration testers.  PwC is looking for candidates who are experts in information technology, have experience hacking, and possess the following skills:

• Advanced computer skills – extensive computer skills and an understanding of networking are the most important fundamental skills penetration testers possess. They are, but not limited to, experience with cryptography, reverse engineering, web applications, databases and wireless technologies
• Computer and information security – penetration testers use their exceptional computer skills to attempt to hack into systems. They keep up to date on security software packages and are always learning new security protocols and computer technologies that could be exploited
• Scripting and programming – a variety of computer programming and scripting skills are important for penetration testers because some employers require knowledge of a specific programming language or operating system (e.g. UNIX, Linux, etc.)
• Data analytics – penetration testers review technical data and analyze the processes needed to correct security issues
• Problem-solving skills – to protect networks and data from potential serious risks, penetration testers use problem-solving skills to determine the most effective way to correct issues that arise
• Report writing – penetration testers utilize strong written and oral communication skills to write reports on their assessments to communicate potential weaknesses to clients
   

Duties / Responsibilities
Technical
Our penetration service offerings to our clients and in line with your current and future skillsets, you “may play a role” delivering one of more of the following technical client type engagements:

• Good understanding of infrastructure fundamentals, e.g. networks, operating systems and databases
• Infrastructure testing, both internal and external
• Application testing of both web and proprietary applications and protocols
• Mobile systems testing, including RF and Wifi solutions
• Vulnerability management, access governance, incident response
• Red and blue teaming
• Threat landscape testing
• Cloud security testing
• Breach indicator assessments
• Advanced threat protection
• SIEM and SOC assessments
• Threat hunting
• Advanced threat protection
• Report writing and customer delivery meetings
   

Business development and R&D
You can also expect to perform some of the following business development activities in line with your career aspirations:

• Lead a team of currently available junior staff on client engagements
• Meet with clients to understand their needs and help produce proposals to address them
• Develop toolkits and methodologies to enhance our sales and delivery capability
• Contribute to research, public blogs and whitepapers to improve our public profile
• Attend and speak at both internal and external conferences within the Information Security community
• Contribute to recruitment campaigns to identify future staff members
• Collaborate to develop new and innovative security services for our clients
• Research into new hardware risks
• Research into IoT, 4th industrial revolution, etc.
• Research into cryptography techniques and implementations
• Research into novel techniques and capabilities
• Building a team, training and mentoring of junior team members
• Supporting other business teams such as Incident Response and Threat Intelligence
• Growing your own internal network within PwC’s three lines of service, i.e. Assurance, Advisory and Tax
   

International exposure

Through PwC’s Global Mobility Program, PwC’s cybersecurity professionals will have access to short and long secondments around the world.  This is event driven / dependent.
Working for PwC South Africa’s cyber security practice also provides staff with opportunities to conduct client engagements locally, within Africa and internationally.  This is event driven / dependent.
Internationally, PwC has center of excellence pockets around the world for different types of skillsets and capabilities.  Depending on the candidate’s current or target skillset, candidates will be required to travel to other local and international PwC offices to gain insight or contribute in thought leadership, attend conferences and/or develop global training or methodology collateral.


Tools of the Trade
Penetration testers work with computer systems and web applications and are comfortable using the following software and programs:

• Security assessment tools (such as Aircrack-ng, Burp Suite, SQLmap, Nmap, Nessus, Nexpose, etc.)
• Operating systems (such as Linux, Unix, Windows)
• Programming languages (such as SQL, C ++, JavaScript, Ruby, and Python)
• Security frameworks (such as NIST, SOX, HIPPA, ISO 27001)
   

Penetration Tester Education
As a minimum, candidates for this role must have the following:

• Some (however limited) practical experience of delivering ethical hacking services to clients
• Strong academic background such as a Bachelor’s or Master’s degree (candidates without academic degrees must be able to demonstrate professional development and supporting vocational and industry qualification)
• Business writing skills, particularly report writing skills

Useful degree subjects include:

• Computer science
• Cyber security
• Forensic computing
• Computing and information systems
• Network management
• Computer systems engineering
• Information systems security

Other useful certification:

• Offensive Security Certified Professional (OSCP)
• Certified Ethical Hacker (CEH) Certification
• Certified Information Systems Security Professional (CISSP)
• Company certification schemes from major vendors and equipment providers like Microsoft (MCP, MCSE) or CISCO (CCNA Security).