(Senior) Penetration Tester at Deloitte Services Pty Ltd
Helsinki, Uusimaa, Finland -
Full Time


Start Date

Immediate

Expiry Date

30 Sep, 26

Salary

0.0

Posted On

02 Jul, 26

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

Penetration Testing, Red Teaming, Web Application Security, Mobile Application Security, Infrastructure Security, Social Engineering, Active Directory, Azure/Entra ID, Burp Suite, Python, PowerShell, C/C++, C#, Cloud Security, C2 Frameworks, Vulnerability Assessment

Industry

Business Consulting and Services

Description
Company Description Are you an offensive security enthusiast who loves finding creative ways to break into highly secured environments and reach critical assets? Do you enjoy turning “what if” scenarios into real-world exploits that reveal true exposure and strengthen security posture? In this role, you’ll use advanced offensive techniques to uncover meaningful attack paths and turn your findings into actionable improvements for our clients. We are looking to strengthen our growing Cyber team with a Penetration Tester and/or Red Team Operator determined by your experience, knowledge and interests. About us Our Cyber team enables leading organizations across various industries to confidently pursue their growth, innovation, and performance objectives by effectively managing cyber risks. We believe security is about enabling business success, not just preventing bad things from happening. We offer advisory, implementation, and operational services that combine business, risk, and technology expertise to help clients in solving real security challenges for our clients— from designing robust architectures to implementing solutions that actually work and supporting them in production. We're a passionate team of security experts within Deloitte's Nordic Cyber practice, part of the broader EMEA network. Our team thrives on collaboration, learning from each other, and staying at the forefront of security innovation. Become part of our international, multidisciplinary Cyber team, composed of individuals recognized as top talent in their respective fields. You can read more about our services within Cyber team at Deloitte here Job Description What is the job? As a cyber professional focused on offensive security, your work for our clients will be mainly focused on performing penetration testing and red teaming exercises. Additionally, you may participate in other cyber engagements such as infrastructure and application security reviews, incident response, source code reviews, vulnerability and architecture assessments or testing hardware and IoT, or testing ICS/OT/SCADA technologies depending on your interests, previous experience and competences. You won’t be working alone — you will collaborate with our global and local teams of cyber professionals, who bring a balanced mix of technical, legal, and business expertise to support you What You'll Actually Do: Perform penetration tests on numerous platforms and technologies, such as web, mobile and infrastructure penetration tests to identify and mitigate security vulnerabilities Simulate determined and sophisticated cyber threat actors to evaluate the effectiveness of security measures Prepare comprehensive and clear reports on security findings and vulnerabilities with actionable recommendations for remediation and effectively present and communicate them Team up with a group of cyber security specialists to contribute to the development of tools, methodologies, and best practices for penetration testing Stay up to date with the latest security trends, vulnerabilities and tools and maintain working knowledge of advanced threat actor tactics, techniques and procedures, to emulate these to assess vulnerability and risk Contribute to our knowledge base by documenting new vulnerabilities and attack techniques you encounter Work on large‑scale cyber projects for international clients, have access to diverse growth opportunities from formal training to on‑the‑job learning, and build relationships within our international cyber network. Why Deloitte? 🟢Deloitte employs 35,000+ dedicated cyber practitioners worldwide. We serve the biggest and most innovative companies across the globe as well as locally in Finland – solving complex problems, achieving remarkable goals, and making meaningful progress. We refer to ourselves as cyber leaders, strategists, advisors, hackers, and specialists. 🟢Create your own growth and development path based on your background and desired career goals with the help of your career coach. As the undisputed leader in professional services, Deloitte is where you’ll find unrivaled opportunities to: Contribute to the latest thought-leadership and industry research relating to cyber security Participate, grow and develop in other cyber security projects to realize your full potential 🟢 At Deloitte, we value every individual and prioritise feedback and coaching at all stages of your career. Our career development opportunities help you build the skills and capabilities you need to succeed and progress in your career 🟢 We have a flat hierarchy that is built around the strengths of our deloittees. We make a positive impact on each other, our clients, and society through our significant client projects 🟢 We work with a hybrid working model and aim to offer flexibility to our employees. We value face-to-face collaboration and learning at our modern office in Ruoholahti, while also providing opportunities for remote work Qualifications Requirements to join the team in this role: 3-5 years of experience performing penetration testing and/or delivering red team engagements as an operator or other similar attack simulation experience Eagerness to learn and develop your skills and be at the forefront of cyber security Fluency in English and in Finnish, both oral and written Being currently located in Finland, possess a valid residence permit and eligibility for security clearance (turvallisuusselvitys). We are currently not considering candidates requiring relocation for this role Additionally, having most of these attributes will help you greatly: A passion for identifying and exploiting vulnerabilities with strong understanding of social engineering techniques, phishing threats, and digital impersonation tactics Analytical and problem-solving skills with a can-do attitude and a strong ability to think laterally Advanced knowledge of common enterprise technologies such as Active Directory and Azure/Entra ID with the ability to work proficiently and securely with various offensive security tooling, such as Burp Suite and with familiarity in programming languages such as C/C++, C#, PowerShell, Python and shell scripting A creative mindset to the entire cyber kill chain from obtaining initial access to achieving objectives that align with organization-specific business risks Passion for R&D, with experience building your own tools and a strong drive to stay up to date on emerging attack techniques and vulnerabilities In‑depth understanding of at least one major cloud platform (Microsoft Azure, Amazon Web Services or Google Cloud Platform) with experience across multiple platforms is considered an advantage Prior hands-on experience using C2 frameworks like Mythic, Cobalt Strike, Brute Ratel, Nighthawk is not expected, but seen as an additional plus While not mandatory, relevant certifications or a strong desire to obtain one are an advantage (e.g. OSCP, OSEP, OSED, OSEE, CRTO, CRTP, CRTE, CCRTS/CCSAS, BSCP). Experience presenting at security conferences or publishing technical blogs or whitepapers is also considered a plus Additional Information We look forward to receiving your application! 🕒 When: Apply latest by Wednesday 2nd of August please note that we are ready to start interviews already during the application period, especially now with quickly approaching summer holidays! 👉 How: Please submit your application through our recruitment system. Be sure to include your CV and cover letter. In your cover letter, please tell us what interests you about the role and what kind of colleague you would be 📞 Questions about the role: If you have any questions about the position, team or Deloitte as an employer, Kamil Lewandowski will be happy to answer. You can reach Kamil (050 3257 753) on Wednesday 8.7. between 9-10 or Monday 13.7. between 15-16. 📩 Questions about the recruitment process: You can read more about us and our recruitment process on our website. If you did not find the answer you were looking for, please contact our recruitment team at [email protected] 💚 Get to know Deloitte: Look into our everyday life and discover more about us on LinkedIn, TikTok, Instagram, and Facebook 🎯Not quite your role? Don’t hesitate to leave an open application on our website, you might be a perfect fit for another open role in our cyber team! Together makes progress At Deloitte, we value diverse skills, perspectives, and experiences, as they enable us to effectively solve complex challenges for our clients. We encourage you to apply for the position if you believe your skills can contribute to our team’s success. You will have the opportunity to work alongside over 450,000 colleagues globally and nearly 900 colleagues in Finland across Audit & Assurance, Tax & Legal, and Consulting services. At Deloitte, it’s all about people, each with something special to offer. We collaborate closely with one another and with our clients, making great things happen. That’s how we create real change. Deloitte is where you’ll find unlimited opportunities to succeed and realise your full potential, together. Field of interest: Technology, Transformation & Data Level of hire: Experienced hire
Responsibilities
Perform penetration tests and red teaming exercises across web, mobile, and infrastructure platforms to identify security vulnerabilities. Prepare comprehensive reports with actionable remediation recommendations and contribute to the development of offensive security tools and methodologies.
Loading...