Penetration Tester

Deloitte provides industry-leading Audit & Assurance, Strategy, Risk & Transactions, Tax & Legal, Technology & Transformation services to nearly 90% of the Fortune Global 500® and thousands of private companies. Our more than 460,000 professionals deliver measurable and lasting results that help reinforce public trust in capital markets, enable clients to transform and thrive, and lead the way toward a stronger economy, a more equitable society and a sustainable world.

Building on its 175-plus year history, Deloitte spans more than 150 countries and territories. Our organization has grown tremendously in both scale and capabilities, yet our shared culture and mission- to make an impact that matters- remains unchanged. This is evident not only in Deloitte’s work for clients, but also in our World Class ambition, our World Climate initiative and our ALL IN diversity and inclusion strategy.

Deloitte has 5 values to make an impact. These are: Lead the way, serve with integrity, take care of each other, foster inclusion, collaborate for measurable impact.

What will your typical day look like?

As part of the team, you'll be responsible for shaping, executing penetration testing engagements to identify security weaknesses within client's IT environments, reporting on vulnerabilities and making recommendations for their remediation.

In this role you will be involved in penetration testing engagements:

• Web/mobile application assessments
• Network and host layer vulnerability assessments
• API assessments

We are currently looking for Penetration Testers with the below experience and qualification:

• A Bachelor or master’s degree in Management Information Systems, Computer Science, Engineering or related field,
• 1-3 years of experience,
• Hold a current OSCP (Offensive Security Certified Professional) in either Infrastructure or Web Applications or similar certification or be in a position and level to pass the exam for the certification,
• The ability to develop scripts or code to automate testing and develop bespoke attacks
• Experience of working with applications that perform a wide range of business functions - ideally across multiple industries,
• Ability to understand and assess applications from both a technical and business function perspective,
• Innovative and analytical in your approach to performing penetration testing, particularly of novel devices and environments,
• Capable of working to strict deadlines and prioritising work appropriately,
• Good communication skills with an ability to explain complex technical issues to non-technical business clients,
• Excellent written skills with demonstrated ability to write reports. Including the ability to discuss findings in a risk perspective with clear remediation advice specific to the client’s environment,
• Solicits feedback to build understanding of own strengths and areas for development
• Understands objectives and desired outcomes for assigned areas of responsibility and sets personal goals accordingly,
• Recognizes and explores opportunities for personal impact on clients and for colleagues and communities,
• Experience of Web Applications, API’s and Microservices, Application vulnerability assessment, Mobile platforms (iOS/Android/Windows/etc), Infrastructure & Network.

Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP) and National Institute of Standards and Technology (NIST) Special Publications. Familiarity with penetration testing and vulnerability tools.

#deloitte #deloitteturkey