Cyber Security Intern

Employer: Deloitte Romania
Domain:
  • IT Software
  • Management - Consulting
  • Job type: full-time
    Job level: 0 - 1 years of experience
    Location:
  • BUCHAREST
  • Updated at: 19.09.2020
    Short company description

    Deloitte is the brand under which tens of thousands of dedicated professionals in independent firms throughout the world collaborate to provide audit, consulting, financial advisory, risk management, and tax services to selected clients.

    With access to the intellectual capital of approximately 200,000 people worldwide, member firms focus on client service through a global strategy executed locally in nearly 150 countries. The Romanian office was established in 1992 and nowadays it employs over 600 professionals and provides services to diverse range of local and international clients.

    As the firm of choice professional services clients, Deloitte is also the firm of choice for for outstanding professional talent. To uphold our first class reputation and sustain our rapid growth, we are constantly seeking people who can meet the challenges of our working environment.

    At Deloitte we value innovative thinking, diverse insights and we strive to offer an exceptional level of customer service through our expertise and professionalism. From the supportive and collaborative culture to the progressive learning and development, you'll experience from day one why Deloitte is a place thousands enjoy working.

    Visit now our career website https://jobs2.deloitte.com/ro/en/ to find more about career opportunities, working with us, benefits & culture, and Learning & Development programs.

    Requirements

    This position provides a good opportunity for specialists to establish themselves in their careers quickly. It’s a great opportunity for those who are skilled hackers, but perhaps still early in their career or looking for their first full time penetration tester role. We have a highly skilled team and hence there is an opportunity to learn and be involved in a wide variety of projects.

    The Intern will support the daily operation of the Cyber Risk Advisory department. You will have the opportunity to assist with conducting risk assessments security audits vulnerability/penetration tests with commercial open-source and self-developed tools and techniques. As an intern we will help you out in getting better at:
    o Web and mobile application penetration testing.
    o Application source code review
    o Network penetration testing (external & internal), to include vulnerability exploitation and pivoting to gain remote system access.
    o Documenting technical issues identified during security assessments
    o Vulnerability research and exploit development

    Nice to have:
    o Some knowledge of fuzzing, reverse engineering and exploit development
    o Some knowledge of malware analysis
    o Some knowledge of cryptanalysis, cryptographic flaws
    o Knowledge of a scripting language such as Python (preferred), Ruby, PowerShell, or Bash, for the development of new, or editing existing, tools.
    o Evidence of rapidly and confidently gaining knowledge of, and applying knowledge of, emerging technologies, vulnerabilities, and penetration testing tools and techniques.
    o Excellent time management including setting priorities and goals to complete assigned and arising tasks.

    Desirable
    o Knowledge of Open Source Intelligence gathering techniques. Including but not limited to use of Google dorks, DNS, domain registration, certificate transparency, and other public sources of information.
    o Experience with live bug bounties, particularly where automation has been implemented.
    o Knowledge of security considerations in the cloud (AWS, Azure, and GCP), particularly identifying vulnerable configurations through management and API access along with exploitation of web/infrastructure vulnerabilities specific to cloud environments.
    o Knowledge of mobile application vulnerability identification and exploitation including but not limited to Android and iOS app structure, decompliation, code signing, and traffic interception.


    Extra credits:
    o Solid networking skills, recognized certifications;
    o Proof of experience in playing in CTF challenges and/or cyber exercises;
    o GitHub repository of own developed tools or starred projects;
    o Security blog or list of online security resources (websites, RSS feeds, twitter lists);
    o SCADA / industrial systems management or security experience;

    Responsibilities

    • Researching on testing, vulnerabilities and remediation
    • Build and break internal/external CTF challenges
    • Manual identification and exploitation of vulnerabilities
    • Manual verification and exploitation of scanner findings
    • Detailed analysis of issues identified and exposure for the customer including proof of concept, reproduction steps, and recommended remediation
    • Assisting in the continual development of the team and service through research and development activities. This includes the development of in-house tools the implementation of tools released to the community, and design and documentation of new and existing internal systems and processes.
    • Continual professional development to maintain and develop knowledge and technical competencies
    • Contributing to the writing and publishing of whitepapers and advisories
    • Undertaking projects and support tasks as appropriate to the role