Job Description

Line of Service

Advisory

Industry/Sector

Not Applicable

Specialism

Microsoft

Management Level

Senior Associate

& Summary

At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data.

Those in application security at PwC will be responsible for providing security services to development teams including code scanning, readiness testing, and penetration testing to enable application teams to build and deploy secure applications in Production. You will utilise a risk-based methodology and "shift-left" approach to engage early in the software development lifecycle. *Why PWCAt PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about usAt PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. "

Responsibilities:

● Work with Risk Reviewers to ensure tickets are being processed accurately and efficiently

● Work with Consultation Services Architects to identify gaps in compliance and determine inherent risk, mitigating factors, and residual risk

● Collaborate with other AppSec subpillar teams to ensure relevant processes are completed as necessary and in good standing to support AR disposition

● Interface with customers to provide guidance relevant to AppSec requirements

● Escalate risks and other concerns to Application Readiness Regional Leads, BISOs, CISOs, and other relevant stakeholders

● Interface with a number of other NIS service providers, such as Policy, TPRM, Issues Management, Threat Management

● Provide disposition on tickets and publish other deliverables as applicable

Skills Needed:

● Strong communication skills

● Strong English written and verbal skills

● Customer service skills to create a exceptional customer experience

● Strong organizational and time management skills to support multiple concurrent reviews

● People leadership skills to provide oversight of Risk Reviewers, coaching and mentoring in an informal fashion

● Self- Awareness

● Ability and confidence to exercise professional skepticism with soft skills to do so with diplomacy

● Knowledge of the Information Security Policy, Application Readiness Standard, and applicable supporting Standards

● Ability to assess whether a control is 'met' or 'not met' (black and white)

● Ability to navigate the grey when a control does not meet the letter of the control

● Ability to review documentation analytically, and assess control compliance based on information/ documentation provided.

● Ability to evaluate complex data and determine whether data can be used to support the reviews being conducted

● Ability to pull facts and details related to controls from different types of documentation and diagrams submitted

● An understanding of when and how to escalate

Skill and Experience:

● Good understanding of Application IT Security Standards, on-premise as well as cloud-based.

● Good understanding of risk management and experience with identifying and assessing potential information security risks.

● Good understanding and exposure to technical risk assessment along with vulnerability assessment and penetration testing.

● Strong communication skills and the ability to provide risk guidance, inform management about potential risk issues, and relay information about policy requirements effectively

● Proper Experience in coordination of issue tracking, Follow-Ups, communication skills in a global environment.

Desired Certifications: (not mandatory)

● CISSP / CISM /CISA / CCSK / CCSP / CRISC "

Mandatory Skill sets:

VAPT

Preferred Skill sets:

VAPT

Years of Experience Required:

NA

Education Qualification:

NA

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required:Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

WAPT Pro

Optional Skills

Accepting Feedback, Accepting Feedback, Active Listening, Analytical Thinking, Application Security, Application Security Assessment, Azure Data Factory, Cloud Application Development, Cloud Security, Coding Standards, Communication, Creativity, Cybersecurity, DevOps Practices, Embracing Change, Emotional Regulation, Empathy, Endpoint Security, Forensic Investigation, Hosting Controllers, Inclusion, Information Security, Intellectual Curiosity, Learning Agility, LoadRunner (Software Testing Tool) {+ 30 more}

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Available for Work Visa Sponsorship?

Government Clearance Required?

Job Posting End Date

March 30, 2026