Jobfoundry
Jobfoundry
PwC

Risk Services, Senior Associate / Assistant Manager - Offensive Security (Security Testing Delivery)

PwC
BusinessSingapore - Marina One, SingaporeFull-time4 days ago
Apply Now

About the role

AI summarised

PwC is seeking an experienced offensive security professional to lead end-to-end Security Testing engagements (VAPT, HCR, SCR) within their Risk and Security Controls practice. The role combines technical expertise in security assessments with project management and business development, serving clients across TMT and other sectors.

BusinessFull-timeGeneral

Key Responsibilities

  • Own and manage Security Testing engagements end-to-end from scoping, scheduling, resource allocation, execution, quality review, reporting, and closure within strict, time-sensitive deadlines.
  • Manage multiple concurrent projects simultaneously, ensuring adherence to SLAs, timelines, and quality benchmarks.
  • Develop and maintain project plans, trackers, and status dashboards for all active engagements.
  • Coordinate with internal teams (consultants, QA reviewers, threat intelligence) to ensure timely delivery and consistent output quality.
  • Conduct kick-off calls, weekly status reviews, and post-engagement debriefs with clients.
  • Proactively identify project risks and delays, escalate where needed, and drive resolution to keep engagements on track.
  • Ensure all deliverables (reports, presentations, remediation guidance) undergo quality review before client submission.
  • Define and continuously improve Security Testing delivery processes, templates, checklists, and methodologies for operational efficiency.
  • Conduct vulnerability assessments and penetration testing (VAPT) across networks, web applications, mobile applications, APIs, cloud environments, and infrastructure.
  • Perform source code reviews when required.
  • Collaborate with clients and the threat intelligence team to define assessment objectives, goals, scope, and scenarios.
  • Simulate cyber-targeted attacks using adversary techniques, tactics, and procedures (TTPs) on client environments where red team engagements are required.

Requirements

  • Bachelor's degree in Computer Engineering/Science, Information Security, or a related technical discipline (or equivalent work experience).
  • Minimum 3 - 5 years of relevant experience in offensive security / Security Testing, preferably in a consulting or professional services environment.
  • Proven track record of managing multiple Security Testing projects simultaneously with tight, time-sensitive deadlines.
  • Hands-on experience in end-to-end engagement delivery - scoping, execution, reporting, and closure.
  • Experience with effort estimation, scoping, and pricing of security assessment engagements.
  • CREST CRT certification (required).
  • Experience in at least four of the following: performing targeted penetration tests including vulnerability identification, exploitation, and post-exploitation across networks, web apps, APIs, mobile, and cloud.
  • Strong credentials in wireless, web application, and network security testing.
  • Setting up and operating red team / penetration testing infrastructure.
  • Shell scripting or automation of tasks using Python, Perl, Bash, Ruby, or PowerShell.
  • Thorough understanding of network protocols, data on the wire, and covert channels.
  • Strong understanding of Unix/Linux/Mac/Windows operating systems.
  • Familiarity with cloud security assessments (AWS, Azure, GCP).
  • Experience with compliance-driven VAPT aligned to frameworks such as PCI-DSS, ISO 27001, NIST, SOC 2, HIPAA, etc.
  • Excellent stakeholder management and client-facing communication skills.
  • Ability to document and explain technical details in a concise, understandable manner to both technical and non-technical audiences.
  • Strong organizational and multitasking abilities - comfortable managing competing priorities under pressure.
  • Commercial awareness and a results-driven mindset for BD contributions.