Senior Consultant | Cybersecurity and Pentest

Voted the Most Desired Employer in Romania, in the Financial Services Industry, five consecutive times, in the Catalyst surveys, Deloitte Romania provides services in audit, tax, legal, consulting, financial advisory, risk advisory, business processes as well as technology services, through 2,000 professionals. The Regional Audit Delivery Center (RADC) provides Audit services to various Country Member Firms from Deloitte Central Europe and to their clients. The Tax & Legal Delivery Center (TLDC) offers services focused on 5 service lines: GES (Global Employer Services), Business Tax, Global Tax Center Europe, Global Trade Advisory (GTA) and Legal Center of Excellence (CoE).
Worldwide, Deloitte serves four out of five Fortune Global 500 companies through a globally connected network of member firms in more than 150 countries and territories, with over 330,000 professionals. The organization is recognized among “World’s Best Workplaces™” by Great Place to Work® and Fortune and among “World’s Most Attractive Employers”, by Universum, according to 2020 surveys.

We believe that innovation comes from contrasting disciplines, backgrounds and cultural perspectives and that the innovative solutions our people deliver have to always make an impact that matters. We celebrate individual strengths and we prioritize our people’s well-being.

You bring the ambition, we’ll provide the opportunities.

Deloitte's Enterprise Risk Services has a risk-based approach, experienced professionals, comprehensive methodologies, and technical resources for serving our client in the areas of cyber security, IT and internal audit, risk management, and compliance. We are constantly looking for experienced security professionals, with experience across a range of information security disciplines.

In the role of Senior Consultant, you would participate in the research, analysis, design, testing and implementation of medium to complex computer network security/protection technologies for our clients’ information and network systems and applications. This position reports to the Senior Manager of Cyber Security Team, and works closely with our client’s teams in their internal information security programs.

The ideal candidate for this position is a professional ethical penetration tester that can perform relevant threat modeling on the clients designated ToE, and masters and executes the techniques of attackers to identify vulnerabilities, validate them, and associate them with the severity rating by deriving impact. This candidate must be able to utilize hacking tools and modify or create proof of concept exploits. He or she is passionate about security, keeps up to date on core tools, techniques and tactics, and furthers their knowledge every day.

The position requires at least a BS in Computer Science, Information Security, Information Technology, or Computer Engineering or a related degree plus at least one year of targeted experience in computer network security, including application attack and defense, web services, operating system security, privacy, storage network security or malicious application analysis.

Qualifications:

• University degree – preferably ASE - CSIE, UB - Mathematics & Informatics, or Polytechnic University;
• Hands-on experience in at least one of the following: security testing, web application development/testing, system administration, networking, software development;
• Able to express your findings in very good technical and business English (oral and written);
• Any of OSCP, OSCE, GPEN, GXPN or equivalent certification;
• Fluency in written/spoken English;
• At least 1-3 years relevant work experience in penetration testing engagements;
• Good knowledge of one of the main testing methodologies, e.g. OSSTMM, and familiarity with OWASP testing methodology;
• Workable familiarity with critical security controls and their validation, e.g. SANS top20, and with OWASP security controls and their validation;
• Very good familiarity with Windows and Linux operating systems;
• Good knowledge of Metasploit or similar exploitation frameworks, and familiarity with Kali Linux pentest tools;
• Practical hands-on experience with one of Nessus/Nexpose/CoreImpact/
• Practical hands-on experience with one of Cobalt Strike / Empire / PowerSploit or similar;
• Working experience with Burp Suite, ZAP Proxy or similar;
• Ability for basic read/write in C/C++/Java;
• Programming experience in Python, PHP, Perl, Ruby, .NET or other interpreted or compiled languages;
• Knowledge of exploitation techniques.

Nice to have:

• Some knowledge of fuzzing, reverse engineering and exploit development
• Some knowledge of malware analysis
• Some knowledge of cryptanalysis, cryptographic flaws

Extra credits:

• Solid networking skills, recognized certifications;
• Proof of experience in playing in CTF challenges and/or cyber exercises;
• GitHub repository of own developed tools or starred projects;
• security blog or list of online security resources (websites, RSS feeds, twitter lists);
• SCADA / industrial systems management or security experience.

Qualifications:

• University degree – preferably ASE - CSIE, UB - Mathematics & Informatics, or Polytechnic University;
• Hands-on experience in at least one of the following: security testing, web application development/testing, system administration, networking, software development;
• Able to express your findings in very good technical and business English (oral and written);
• Any of OSCP, OSCE, GPEN, GXPN or equivalent certification;
• Fluency in written/spoken English;
• At least 1-3 years relevant work experience in penetration testing engagements;
• Good knowledge of one of the main testing methodologies, e.g. OSSTMM, and familiarity with OWASP testing methodology;
• Workable familiarity with critical security controls and their validation, e.g. SANS top20, and with OWASP security controls and their validation;
• Very good familiarity with Windows and Linux operating systems;
• Good knowledge of Metasploit or similar exploitation frameworks, and familiarity with Kali Linux pentest tools;
• Practical hands-on experience with one of Nessus/Nexpose/CoreImpact/
• Practical hands-on experience with one of Cobalt Strike / Empire / PowerSploit or similar;
• Working experience with Burp Suite, ZAP Proxy or similar;
• Ability for basic read/write in C/C++/Java;
• Programming experience in Python, PHP, Perl, Ruby, .NET or other interpreted or compiled languages;
• Knowledge of exploitation techniques.