Risk Services, Senior Associate / Assistant Manager - Offensive Security (S at pwc

Singapore, , Singapore -

Full Time

Start Date

Immediate

Expiry Date

24 Jul, 26

Salary

0.0

Posted On

25 Apr, 26

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Yes

Skills

Penetration Testing, Vulnerability Assessment, Security Testing, Project Management, Business Development, Cybersecurity, Python, Cloud Security, Network Security, Web Application Security, Red Teaming, Stakeholder Management, Risk Assessment, Compliance, Reporting, Leadership

Industry

Professional Services

Description

Line of Service Assurance Industry/Sector TMT X-Sector Specialism Cybersecurity & Privacy Management Level Senior Associate Job Description & Summary At PwC, we help clients build trust and reinvent so they can turn complexity into competitive advantage. We’re a tech-forward, people-empowered network with more than 370,000 people in 149 countries. Across audit and assurance, tax and legal, deals and consulting we help clients build, accelerate and sustain momentum. Find out more at www.pwc.com. We are looking for an experienced offensive security professional to take on a leadership role in delivering end-to-end Security Testing engagements (VAPT, HCR and SCR etc.) while actively contributing to business development efforts. The ideal candidate combines strong technical expertise in security assessments with proven project management capabilities and a commercial mindset. This role sits within our Risk and Security Controls practice, where the team helps organizations analyze and strengthen the security posture of their information technology systems and environments. Key Responsibilities A. End-to-End Security Testing Project Management & Delivery Own and manage Security Testing engagements end-to-end from scoping, scheduling, resource allocation, execution, quality review, reporting, and closure within strict, time-sensitive deadlines. Manage multiple concurrent projects simultaneously, ensuring adherence to SLAs, timelines, and quality benchmarks. Develop and maintain project plans, trackers, and status dashboards for all active engagements. Coordinate with internal teams (consultants, QA reviewers, threat intelligence) to ensure timely delivery and consistent output quality. Conduct kick-off calls, weekly status reviews, and post-engagement debriefs with clients. Proactively identify project risks and delays, escalate where needed, and drive resolution to keep engagements on track. Ensure all deliverables (reports, presentations, remediation guidance) undergo quality review before client submission. Define and continuously improve Security Testing delivery processes, templates, checklists, and methodologies for operational efficiency. B. Technical Delivery & Consultancy Conduct vulnerability assessments and penetration testing (VAPT) across networks, web applications, mobile applications, APIs, cloud environments, and infrastructure. Perform source code reviews when required. Collaborate with clients and the threat intelligence team to define assessment objectives, goals, scope, and scenarios. Simulate cyber-targeted attacks using adversary techniques, tactics, and procedures (TTPs) on client environments where red team engagements are required. Prepare detailed reports on identified security vulnerabilities, attack paths, and actionable remediation recommendations. Develop comprehensive and accurate reports and presentations for both technical and executive audiences. Stay up to date on the latest cybersecurity threats, attack techniques, and industry trends. Interface with clients to address concerns, issues, or escalations; track and drive to closure any issues that impact service delivery and client satisfaction. C. Business Development (BD) & Pre-Sales Support pre-sales activities - participate in client pitches, RFP/RFI responses, and proposal development for VAPT and security assessment services. Contribute to revenue targets by identifying upsell and cross-sell opportunities within existing client accounts. Build and nurture long-term client relationships to drive repeat business and strategic partnerships. Develop service offerings, capability decks, and case studies to support the BD pipeline. Represent the organization at industry events, webinars, and conferences to build brand visibility and generate leads. Requirements & Qualifications Education Bachelor's degree in Computer Engineering/Science, Information Security, or a related technical discipline (or equivalent work experience). Experience Minimum 3 - 5 years of relevant experience in offensive security / Security Testing, preferably in a consulting or professional services environment. Proven track record of managing multiple Security Testing projects simultaneously with tight, time-sensitive deadlines. Hands-on experience in end-to-end engagement delivery - scoping, execution, reporting, and closure. Demonstrated experience in pre-sales, proposal writing, or business development in cybersecurity services. Experience with effort estimation, scoping, and pricing of security assessment engagements. Certifications (Required - must have at minimum) CREST CRT Certifications (Preferred / Nice-to-Have) OSCP (Offensive Security Certified Professional) CREST CCT GPEN, GWAPT, or equivalent OSWE, OSED, CRTO, CRTP PMP / PRINCE2 or equivalent project management certification CEH (as a baseline) Technical Skills & Experience Experience in at least four of the following: Performing targeted penetration tests including vulnerability identification, exploitation, and post-exploitation across networks, web apps, APIs, mobile, and cloud. Strong credentials in wireless, web application, and network security testing. Setting up and operating red team / penetration testing infrastructure. Shell scripting or automation of tasks using Python, Perl, Bash, Ruby, or PowerShell. Thorough understanding of network protocols, data on the wire, and covert channels. Strong understanding of Unix/Linux/Mac/Windows operating systems. Familiarity with cloud security assessments (AWS, Azure, GCP). Experience with compliance-driven VAPT aligned to frameworks such as PCI-DSS, ISO 27001, NIST, SOC 2, HIPAA, etc. Soft Skills & Competencies Excellent stakeholder management and client-facing communication skills. Ability to document and explain technical details in a concise, understandable manner to both technical and non-technical audiences. Strong organizational and multitasking abilities - comfortable managing competing priorities under pressure. Commercial awareness and a results-driven mindset for BD contributions. Proficiency with project management. Leadership qualities - ability to motivate teams and drive accountability. As the team experience high volume of applications, we regret to inform that only shortlisted candidates will be notified. Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Degrees/Field of Study preferred: Certifications (if blank, certifications not specified) Required Skills Optional Skills Accepting Feedback, Accepting Feedback, Active Listening, Analytical Thinking, Bash (Programming Language), Common Vulnerability Scoring System (CVSS), Communication, Creativity, Cybersecurity, Embracing Change, Emotional Regulation, Empathy, Encryption, Ethical Hacking, Firewall (Network Security), Inclusion, Information Security, Information Security Management System (ISMS), Information Security Risk Assessments, Intellectual Curiosity, Intrusion Detection System (IDS), IT Infrastructure, Kali Linux, Learning Agility, Microsoft Active Directory {+ 25 more} Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? Yes Government Clearance Required? No Job Posting End Date Are you ready to make a difference? Want to unlock new value by applying your unique perspective and talents? You can grow exponentially at PwC. Here, you can uncover hidden talents, build lifelong relationships rooted in trust and empathy and turn challenges into opportunities for innovation. We’ll help you grow your skills through challenging, meaningful work so you can go further.

How To Apply:

Incase you would like to apply to this job directly from the source, please click here

Responsibilities

The role involves managing end-to-end security testing engagements, including scoping, execution, and quality review, while driving business development and pre-sales activities. You will also conduct technical security assessments and provide actionable remediation guidance to clients.