Senior Consultant | Cybersecurity and Threat Management

Voted the Most Desired Employer in Romania, in the Financial Services Industry, five consecutive times, in the Catalyst surveys, Deloitte Romania provides services in audit, tax, legal, consulting, financial advisory, risk advisory, business processes as well as technology services, through 2,000 professionals. The Regional Audit Delivery Center (RADC) provides Audit services to various Country Member Firms from Deloitte Central Europe and to their clients. The Tax & Legal Delivery Center (TLDC) offers services focused on 5 service lines: GES (Global Employer Services), Business Tax, Global Tax Center Europe, Global Trade Advisory (GTA) and Legal Center of Excellence (CoE).
Worldwide, Deloitte serves four out of five Fortune Global 500 companies through a globally connected network of member firms in more than 150 countries and territories, with over 330,000 professionals. The organization is recognized among “World’s Best Workplaces™” by Great Place to Work® and Fortune and among “World’s Most Attractive Employers”, by Universum, according to 2020 surveys.

We believe that innovation comes from contrasting disciplines, backgrounds and cultural perspectives and that the innovative solutions our people deliver have to always make an impact that matters. We celebrate individual strengths and we prioritize our people’s well-being.

You bring the ambition, we’ll provide the opportunities.

In the role of Senior Consultant Cyber Security and Threat Management you would participate in the research, analysis, design, testing and implementation of medium to complex computer network security/protection technologies for our clients’ information and network systems and applications. This position reports to the Senior Manager of Cyber Security Team, and works closely with our client’s teams in their internal information security programs.

The ideal candidate for this position is a professional ethical penetration tester that can perform relevant threat modeling on the clients designated ToE, and masters and executes the techniques of attackers to identify vulnerabilities, validate them, and associate them with the severity rating by deriving impact. This candidate must be able to utilize hacking tools and modify or create proof of concept exploits. He or she is passionate about security, keeps up to date on core tools, techniques and tactics, and furthers their knowledge every day.

Qualifications requirements:

• University degree ‑ preferably ASE - CSIE, UB - Mathematics & Informatics, or Polytechnic University;
• Any of OSCP, OSCE, GPEN or equivalent certification;
• Fluency in written/spoken English;
• At least 1-3 years relevant work experience in penetration testing engagements;
• Good knowledge of one of the main testing methodologies, e.g. OSSTMM, and familiarity with OWASP testing methodology;
• Workable familiarity with critical security controls and their validation, e.g. SANS top20, and with OWASP security controls and their validation;
• Very good familiarity with Windows and Linux operating systems;
• Good knowledge of Metasploit or similar exploitation frameworks, and familiarity with Kali Linux pentest tools;
• Practical hands-on experience with one of Nessus/Nexpose/CoreImpact or similar;
• Working experience with Burp Suite or similar;
• Ability for basic read/write in C/C++/Java;
• Good knowledge of shell scripting and one of Python/Ruby/Perl/PHP;
• Knowledge of exploitation techniques.

Nice to have:

• Some knowledge of fuzzing, reverse engineering and exploit development
• Some knowledge of malware analysis
• Some knowledge of cryptanalysis, cryptographic flaws

Extra credits:

• Solid networking skills, recognized certifications;
• Proof of experience in playing in CTF challenges and/or cyber exercises;
• SCADA / industrial systems management or security experience.

Responsibilities:

• Conduct threat modeling and attack modeling on the clients’ designated targets of evaluation;
• Plan pentest engagements and assess effort and stages according to internal Deloitte methodology;
• Conduct hardware, mobile, and wireless security assessments;
• Conduct infrastructure and server, desktop and web-based application penetration tests;
• Write PoC exploit code for vulnerabilities the team has discovered;
• Conduct social engineering assessments;
• Document the findings according to internal Deloitte methodology and principles;
• Analyze and summarize the findings in clear and actionable reports;
• Develop custom penetration testing tools;
• Conduct research in cyber security.
• Directly or indirectly managing junior staff that includes training, coaching and delegating to them.