Job Description

Are you ready to unleash your potential?

At Deloitte, our purpose is to make an impact that matters for our clients, our people, and the communities we serve.

We believe we have a responsibility to be a force for good, and WorldImpact is our portfolio of initiatives focused on making a tangible impact on society’s biggest challenges and creating a better future. We strive to advise clients on how to deliver purpose-led growth and embed more equitable, inclusive as well as sustainable business practices.

Hence, we seek talented individuals driven to excel and innovate, working together to achieve our shared goals.

We are committed to creating positive work experiences that foster a culture of respect and inclusion, where diverse perspectives are celebrated, and everyone is recognised for their contributions.

Ready to unleash your potential with us? Join the winning team now!

Work you’ll do

As the Penetration Testing Analyst, you will be responsible for providing penetration testing services through a combination of technology and manual ingenuity as part of the Global cyber services organization for member firms.

Responsibilities of this role include:

• Assisting in technical scoping of security testing activities
• Executing security testing
• Web Application Penetration Testing
• Web Services / Application Programming Interface (API) Penetration Testing
• Network Penetration Testing
• Mobile Application Penetration Testing
• Thick Client Penetration Testing
• Conducting focused research when not deployed on an active project
• Provide consultative guidance to customers on findings identified in a clear and actionable fashion both in writing and verbally
• Enhancing and updating testing methodologies, processes and standards documentation
• Maintaining proficiency of knowledge through ongoing training paths
• Proficient at analyzing and understanding complex architecture designs
• Ability to effectively communicate what services and capabilities our group can facilitate to our clients and responsibilities here.

Your role as a leader

At Deloitte, we believe in the importance of empowering our people to be leaders at all levels. We connect our purpose and shared values to identify issues as well as to make an impact that matters to our clients, people and the communities. Additionally, Analysts across our Firm are expected to:

• Demonstrate a strong commitment to personal learning and development.
• Understand how our daily work contributes to the priorities of the team and business.
• Understand the set expectations and demonstrate accountability in keeping personal performance on track.
• Actively focus on developing effective communications and relationship-building skills with stakeholders, clients and team.
• Demonstrate an appreciation for working with others.
• Understand what is fundamental to Deloitte’s success as a business.
• Demonstrate integrity and an awareness of strengths, differences, and personal impact.
• Develop their understanding of Deloitte and offer a fresh perspective.

Requirements

• Experience using common testing tools like Burp, OWASP ZAP, Metasploit, Postman, Swagger, NMAP, Qualys, SQLMap, others
• Experienced with Kali Linux or other dedicated Penetration Testing OS Platform
• Advance mobile penetration testing, Application Penetration Testing and architectural security principles
• Familiarity with software security weakness and vulnerabilities
• Working knowledge of one scripting language and familiarity with at least one software programming language and framework
• Demonstrated experience working with diverse stakeholders, preferably on a global multi-national basis
• Ability to manage concurrent initiatives and use effective judgment in prioritization and time management
• Strong written and verbal communication skills

Preferred:

• Certified Ethical Hacker (CEH) Certification
• Offensive Certified Security Professional (OSCP) Certification
• Any GIAC Certification (GSEC, GWAB, GPEN, GMOB, GCPN)
• OWASP Application Security Top 10
• OWASP API Security Top 10
• OWASP Thick Client Top 10
• OWASP LLM Top 10
• MITRE ATT&CK Framework
• Cloud Service testing
• Reverse Engineering
• Static Application Software Testing (SAST)
• Dynamic Application Testing (DAST)
• Experience of Agentic development and its application to support penetration testing.

Due to volume of applications, we regret only shortlisted candidates will be notified. Candidates will only be contacted by authorized Deloitte Recruiters via firm’s business contact number or business email address.