Jobs · Distribution · Pennsylvania

Delivery Senior Consultant, Penetration Tester

Deloitte · Philadelphia, PA · 1 wk ago
HybridDistributionFull-time

Work you'll do

  • Perform manual and automated penetration testing of web applications, APIs, and supporting infrastructure.
  • Identify, validate, and document security vulnerabilities such as those in the OWASP Top 10.
  • Conduct authenticated and unauthenticated testing across development, test, and production-like environments.
  • Assess application security controls including authentication, authorization, session management, input validation, and encryption.
  • Prepare clear, risk-based reports with technical findings, business impact, proof of concept, and remediation recommendations.
  • Work with developers, architects, and security teams to explain findings and support remediation efforts.
  • Retest remediated issues and confirm closure.
  • Contribute to security standards, testing methodologies, and internal knowledge sharing.
  • Stay current on emerging threats, exploit techniques, and application security trends.

Achieve Success

  • Ability to work independently and collaborate as part of a team
  • Effective written and verbal communication skills
  • Meticulous attention to detail and quality of work product
  • Ability to build and sustain professional relationships
  • Ability to lead projects or workstreams
  • Ability to manage and prioritize multiple tasks in a fast-paced and dynamic environment
  • Strong interpersonal skills and professional demeanor
  • Ability to meet deadlines
  • Ability to provide clear guidance to others

The Team

Deloitte’s Government & Public Services (GPS) practice – our people, ideas, technology and outcomes – is designed for impact. Serving federal, state, & local government clients as well as public higher education institutions, our team of professionals brings fresh perspective to help clients anticipate disruption, reimagine the possible, and fulfill their mission promise.

Our Cyber Defense & Resilience offering assists clients in defending against advanced threats by transforming security operations, monitoring technology, data analytics, and threat intelligence. Helps manage and protect dynamic attack surfaces and provides rapid crisis and cyber incident response, ensuring clients can be ready for, respond to, and recover from business disruptions.

Qualifications

  • Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Engineering, or a related technical field
  • Ability to obtain and maintain the necessary clearance for the role.
  • Offensive Security Certified Professional (OSCP), Offensive Security Web Expert (OSWE), GIAC Penetration Tester (GPEN), or Certified Ethical Hacker (CEH).
  • 2+ years of experience within the following:
    • Hands-on penetration testing experience with a focus on web applications.
    • Strong understanding of web technologies including HTTP/S, REST APIs, JavaScript, cookies, headers, and sessions.
    • Experience identifying vulnerabilities such as SQL injection, XSS, CSRF, SSRF, IDOR, authentication flaws, and access control weaknesses.
    • Proficiency with common testing tools such as Burp Suite, OWASP ZAP, Nmap, Postman, and similar tools.
    • Experience writing professional penetration test reports for technical and non-technical audiences.
    • Familiarity with OWASP Top 10, CWE, CVSS, and secure coding principles
  • Delivery Center Location & Travel Requirements:
    • Hybrid Work Model: Operate under a hybrid system requiring residence within a commutable distance to one of the US Delivery Center locations (Gilbert, Lake Mary, or Mechanicsburg) or Geo-Hub locations (Atlanta, Charlotte, Dallas, Houston, and Philadelphia)
    • Co-location Expectation: Spend up to 30% of working time co-located at an assigned office for orchestrated opportunities, including projects, practice sessions, training, and Moments That Matter at a Deloitte Delivery Center location, Geo-Hub location, approved site, or project location
    • Travel Requirement: Maximum of 10% overnight travel for client or project purposes
    • Relocation Requirement: If relocation is necessary, complete the move within 12 weeks from the start date to reside within a commutable distance

What You’ll Need

  • Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.

Similar jobs

Senior Penetration Tester

Accenture Federal ServicesArlington, VA· 2 days ago
Information Technology$106k–$221k/yrapply on boards.greenhouse.io

Senior Penetration Tester

SchellmanUnited States· 3 wk ago
RemoteInformation Technologyapply on schellman.wd504.myworkdayjobs.com