T&T Consultant - Application Security (Pentester) - PH

Deloitte

  • Manila City, Metro Manila
  • Permanent
  • Full-time
  • 1 month ago
Are you ready to unleash your potential?At Deloitte, our purpose is to make an impact that matters for our clients, our people, and the communities we serve.We believe we have a responsibility to be a force for good, and is our portfolio of initiatives focused on making a tangible impact on society's biggest challenges and creating a better future. We strive to advise clients on how to deliver purpose-led growth and embed more equitable, inclusive as well as sustainable business practices.Hence, we seek talented individuals driven to excel and innovate, working together to achieve our shared goals.We are committed to creating positive work experiences that foster a culture of respect and inclusion, where diverse perspectives are celebrated, and everyone is recognized for their contributions.Ready to unleash your potential with us? Join the winning team now!What you will doAs a AppSec Senior Associate / consultant at Deloitte, you take on the exciting challenge of simulating real-world cyberattacks to put an organization's security to the test. You and the team are the mastermind behind creative, sophisticated attack scenarios that push defenses to their limits, revealing hidden vulnerabilities and weaknesses. Working closely with security teams, you help them sharpen their skills and strengthen their defenses, providing actionable insights along the way.You will
  • Simulate real-world attacks using various tactics, techniques, and procedures.
  • Conduct penetration testing, vulnerability assessments, and social engineering exercises.
  • Identify and exploit vulnerabilities within the organization's infrastructure.
  • Perform threat modeling exercises to understand potential threats.
  • Document findings and provide comprehensive reports with recommendations.
  • Collaborate with security teams to improve incident response capabilities.
  • Stay updated with the latest attack vectors and threat landscapes.
Your role as a leaderAt Deloitte, we believe in the importance of empowering our people to be leaders at all levels. We expect our people to embrace and live our purpose and shared values, challenging themselves every day to identify issues that are most important to our clients, our people and the communities, and to make an impact that matters. Additionally, Consultants across our Firm are expected to:
  • Demonstrate a strong commitment to personal learning and development.
  • Understand how our daily work contributes to the priorities of the team and business.
  • Understand the set expectations and demonstrate accountability in keeping personal performance on track.
  • Actively focus on developing effective communications and relationship-building skills with stakeholders, clients and team.
  • Demonstrate an appreciation for working with others.
  • Demonstrate integrity and an awareness of strengths, differences, and personal impact.
Enough about us, let's talk about you.
  • Proven experience as a Red Team manager or similar role in cybersecurity.
  • Deep understanding of attacker tactics, techniques, and procedures (TTPs).
  • Ability to think like an adversary and uncover hidden vulnerabilities.
  • Relevant certifications (e.g., OSCP, CRTO) are a plus.
  • Excellent problem-solving and analytical skills.
  • Experience with various public cloud components and architectures.
  • Experience in evading security detection controls.
  • A passion for offensive security, Red Teaming and a drive to stay up-to-date with current attack techniques and new vulnerabilities.
  • Knowledge of security testing frameworks and standards such as OSSTMM, OWASP, NIST SP 800-115, Lockheed Martin's Kill Chain, and MITRE ATT&CK.
  • Experience with technologies like WMI, WinRM, (Azure) AD and ability to script/program using e.g. PowerShell, C#, C, Python, Go, Bash for offensive purposes.
  • Experience setting up and using C2, working with tools like Cobalt Strike, Impacket, Mimikatz, Kekeo, Rubeus, socat and Sysinternals suite.
Due to volume of applications, we regret that only shortlisted candidates will be notified.Please note that Deloitte will never reach out to you directly via messaging platforms to offer you employment opportunities or request for money or your personal information. Kindly apply for roles that you are interested in via official Deloitte website.
#LI-AA1Requisition ID: 109591In Philippines, the services are provided by Navarro Amper & Co and other related entities in Philippines ("Deloitte in Philippines"), which are affiliates of Deloitte Southeast Asia Ltd. Deloitte Southeast Asia Ltd is a member firm of Deloitte Touche Tohmatsu Limited. Deloitte in Philippines, which is within the Deloitte Network, is the entity that is providing this Website.

Deloitte