Analyst/Senior Consultant - Penetration Testing - Technology Risk - Risk Advisory - Hong Kong

  • Competitive
  • Hong Kong
  • Permanent, Full time
  • Deloitte Touche Tohmatsu
  • 23 May 19

Analyst/Senior Consultant - Penetration Testing - Technology Risk - Risk Advisory - Hong Kong

About Deloitte China
Our professionals at Deloitte China provide a full range of audit & assurance, consulting, financial advisory, risk management and tax services, and work closely within Greater China, across Asia-Pacific and around the world to provide clients of every size with local experience and international expertise. We have considerable experience in China and are one of the leading professional services providers in this marketplace.

The Deloitte purpose is about making an impact that matters to our clients. Our extensive service spectrum enables us to help clients become leaders wherever they choose to compete. Deloitte is committed to investing in our people and empowers them to achieve more than they could elsewhere. Our work combines advice with action and integrity. We believe that when our clients and society are stronger, so are we.

To learn more about how Deloitte makes an impact that matters in the China marketplace, please connect with our Deloitte China social media platforms via www2.deloitte.com/cn/en/social-media .

 
About Risk Advisory
Risk management covers many areas including security and privacy, reputation and control. Our professionals help clients across many industries flag, analyze, evaluate and manage strategic, technology, operational and fraud risks while discovering opportunities to create value. If you want to make an impact by helping clients to prevent and manage risk-related issues while creating significant value to their businesses this may be your chance to start a remarkable career.

 
Technology Risk team helps our clients to improve business confidence, manage and address technology risks, and to ensure that early warning mechanisms are in place through providing comprehensive technology risk consulting services to a broad range of businesses.

Our team in Hong Kong is rapidly growing. Due to client demand, we are looking for talents to join our high performing team. At Deloitte we view technology risk as primarily a business challenge. It take not only advanced technologies to mitigate technology risk, but also strong threat awareness, sound analytics capabilities, and solid preparedness to mount an effective response to crises; on the other hand, dependable governance processes are required to support strong leadership keeping organizations focused on what really matters.

In view of this, we deliver to our clients the full range of capabilities needed to build comprehensive technology risk programs, catering to all levels, from C-suite to technology operations. This broad reach enables us to offer the most informed, innovative advisory services. By joining us, you can be part of the forces developing next-gen technology risk solutions.

 
Work you'll do:

  • Contribute to attack and penetration testing engagements to identify security weaknesses within client's business environments, report on issues and make remediation recommendations
  • Position as a subject matter expert to help support and mentor other team members
  • Respond to client requests, anticipate client needs, and suggest solutions using innovative approaches
  • Involve in all aspects of security and vulnerability management engagements which include but are not limited to:
     - Network and host vulnerability assessments and penetration testing
     - Web application vulnerability assessments and penetration testing
     - Source code security reviews assisted by automated tools
     - Exploit research and development skills are a plus
     - Social engineering and physical penetration testing against facilities 
          and   sites are a plus
     - Firewalls, IDS / IPS, and other security device configuration review are  a
          plus
You are also expected to:
  • Build own understanding of our purpose and values; explore opportunities for impact
  • Demonstrate strong commitment to personal learning and development; act as a brand ambassador to help attract top talent
  • Understand expectations and demonstrates personal accountability for keeping performance on track
  • Actively focus on developing effective communication and relationship-building skills
  • Understand how their daily work contributes to the priorities of the team and the business

Requirements:
  • Bachelor degree or above in Computer Science, Information and Communications Technology, Information Systems, Risk Management, or other related disciplines
  • Holders of the following qualifications preferred:
     - CREST Certified Tester (CCT) in either Infrastructure or Web Applications
     - Offensive Security Certified Professional (OSCP) / Offensive Security
    Certified Expert (OSCE)
     - SANS GIAC Certified Penetration Tester (GPEN) / SANS GIAC Exploit
    Researcher and Advanced Penetration Tester (GXPN)
  • Minimum 1 year of experience on penetration testing, vulnerability assessment or other types of security assessments
  • Hands-on experience in web applications penetration testing
  • Ability to understand and assess applications from both technical and business perspectives, and to explain technical vulnerabilities in terms of business risks
  • Subject matter expertise in one or more of the followings:
     - Networking: LAN, WAN, MPLS, VPN, Load Balancers / Reverse Proxies,
    and other networking technologies
     - Security Equipment: Firewalls, IDS / IPS, SIEMs, End-Point Protections,
    etc.
     - Storage Technologies: MS-SQL, Oracle, DB2, MySQL, PostgreSQL,
    MongoDB, Cassandra, Redshift, Aurora, Redis, Memcached, etc.
     - Reverse engineering
     - Web applications
     - Exploit development
     - Application vulnerability assessment
     - Mainframe systems
     - Mobile platforms (iOS, Android, etc.)
     - Social engineering
     - Malware development and red teaming
  • Perform penetration testing, particularly on novel devices and environments innovatively and analytically
  • Capable of working to strict deadlines and prioritizing work appropriately
  • Able to develop scripts or code to automate testing and develop bespoke attacks
  • Ability to work well independently and be comfortable leading a team within client engagements
  • Good communication skills with an ability to explain complex technical issues to non-technical business clients as well as high proficiency in both spoken and written English and Chinese
  • Excellent written skills with demonstrated ability to write reports and proposals. Including the ability to discuss findings from a business risk perspective with clear remediation advices specific to the client's environment
  • Excellent project management and interpersonal skills
  • Willing to travel


Deloitte China refers to Deloitte Touche Tohmatsu in Hong Kong, Deloitte Touche Tohmatsu in Macau, Deloitte Touche Tohmatsu Certified Public Accountants LLP in the Chinese Mainland and their respective affiliates practising in Hong Kong, Macau and the Chinese Mainland.

Requisition code: CN151905