Cyber Security SOC – Senior Associate

At PwC South East Asia Consulting, we help businesses to work smarter and grow faster. We partner with our
clients to build effective organizations, innovate, and grow, reduce costs, manage risk and regulation and, leverage
talent. Our aim is to support businesses in designing, managing, and executing lasting beneficial change.

PwC’s South East Asia Consulting practice provides a comprehensive range of professional services and experience
to deliver large scale, cross territory transformation projects, wherever our clients need us to be – from strategy
through to execution.

About the Team

PwC SEAC’s vision is to create meaningful relationships with our clients by powering the next generation digital
enterprise.

Our Cybersecurity team helps our clients think more broadly about security and move boldly towards new
possibilities. We offer our clients an end-to-end portfolio of services across four stages: assess, build, manage and
respond.

Our focus areas are Cyber Risk Strategy, Digital Identity & Access Management, Data Privacy & Protection, Cyber
Defense & SOC Optimization.

About the Role

• Conduct cyber-attack simulations as part of the RED team activity

• Conduct Vulnerability Assessment and Penetration Testing and configuration review for network, web
application, mobile application and thick -client application
• Conduct configuration reviews for OS, DB, Firewall, routers, Switches and other security
devices/components
• Understands Software Development Life Cycle tier including SOAP, REST and GraphQL APIs
• Perform manual testing of web applications
• Conduct source-code review using automated and manual approaches
• Prepare detailed reports
• Ensure timely delivery of status updates and final reports to clients
• Handle Clients queries
• Keep oneself updated on the latest IT Security news, exploits, hacks
• Prepare Threat Intelligence reports for newly discovered threat agents, exploits, attacks

About You

• Thorough and practical knowledge of OWASP, network protocols, data on the wire, and covert channels
• Hands on experience with popular security tools – Nessus, Burpsuite, Netsparker, Metasploit, KALI Linux,
Fortify, Checkmarx, SonarQube, Sypnosys
• Working knowledge of manual testing of web applications
• Good knowledge of modifying and compiling exploit code
• Good understanding and knowledge of codes languages
• Has practical experience in auditing various OS, DB, Network and Security technologies
• Strong understanding Unix/Linux/Mac/Windows, operating systems, including bash and Powershell
 • Experience in at least three of the following:

o Set up and operate red team infrastructure

o Perform targeted, covert penetration tests with vulnerability identification, exploitation, and
post-exploitation activities
o Email, phone, or physical social-engineering assessments
o Developing, extending, or modifying exploits, shellcode or exploit tools
o Reverse engineering malware, data obfuscators, or ciphers
o Strong credentials in wireless, web application, and network security testing
o Familiar with MITRE ATT&CK framework and D3FEND matrix

Educational Requirements & Experience:

• Bachelors in Computer Science/IT/Electronics Engineering or equivalent University degree.

• Minimum of 3.5 -7 years of experience in the IT security industry, preferably working in a consulting or IT
Services environment.
• Certifications: (OSCP), CREST CRT and GIAC Certified Web Application Defender (GWEB)

Additional Desired Skills

• Strong interpersonal, presentation and business communication skills.

• Ability to work with minimal levels of supervision or oversight.
• Adherence to security policies.