Penetration Testing Analyst

Deloitte & Touche L.L.P. Arlington , VA 22201

Posted 5 months ago

This is a fantastic opportunity for a results driven individual to join Deloitte's Global Security and technology function. This is a cross-disciplinary team that supports security governance and implementations across all of Deloitte's member firm organisations. The role will require understanding of information security, technology and penetration testing. Successful candidates will be expected to demonstrate relevant experience working in a dynamic environment dealing with complex challenges, and communicating to all levels of the business.

The Penetration Testing Analyst is responsible for the operational processes that support the successful execution of this service. Once launched, the Security Analyst will also work in conjunction with member firms to triage new requests for penetration testing as well as reviewing and planning the annual penetration testing on behalf of member firms.

Responsibilities include:

  • Establish relationships with member firms and find key contacts within IT functions, Risk Communities and client facing development teams

  • Provide guidance to member firms in regards to all facets of security testing (submitting scans, analysing scan results, remediation advice on secure coding techniques, etc.) including hands-on operational tasks as needed

  • Triage requests for penetration testing from member firms

  • Maintain the service inventory and vulnerability tracker. This will include reaching out to service owners to confirm information is up to date on a periodic basis

  • Arrange scoping, kick off, and closing calls for new and annual testing requirements

  • Closely monitor that testing pre requisites are met in order for testing engaged to proceed on time

  • Work in collaboration with member firms to confirm successful remediation activities and adherence to Global standards on vulnerability resolution time frames.

  • Have responsibility for scoping penetration testing activities to identify security weaknesses within services that Deloitte consume, develop, or recommend to clients

  • Develop a culture of in-depth understanding as to why security testing is required at both business and internal team level;

  • Provide quality reports to summarise test activities, including objectives, planning, methodology, results, analysis and recommendations to both technical and non-technical audiences. From the output of the reports provide suggested approaches to enhance further.

About Deloitte

Deloitte offers integrated services that include Audit, Tax, Consulting and Corporate Finance. Our approach combines insight and innovation from multiple disciplines with business and industry knowledge to help our clients excel anywhere in the world.

We deliver outstanding impact on the reputation and success of our clients, in the UK and globally. In pursuing this we contribute to a sustainable and prosperous society.

At Deloitte we foster a collaborative culture where talented individuals can produce their best work. We value innovative thinking; diverse insights and we strive to offer an exceptional level of customer service through our expertise and professionalism.


To qualify for the role you must have:

  • Strong academics, including a minimum of 2.1 degree or equivalent industry experience

  • Understanding of information security principles and best practice (e.g., ISO27001 and ISF Standards of Good Practice for Information Security);

  • Strong technical abilities, combined with business acumen;

  • Ability to present security topics to a non-technical audience and presenting the business value of security;

  • A good understanding of IT networking and access management concepts;

  • Ability to communicate business and technical risk to all levels of audience;

  • Excellent interpersonal skills with the ability to build and influence teams; and

  • Self-motivated and able to deal with multiple projects.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Disclaimer: Nothing in this job description/posting shall constitute an offer or promise of employment. If you are not reviewing this job posting on our Careers' site ( or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at

Requisition code: DE19USAGTS004MB0594

upload resume icon
See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Web Application Penetration Tester

Tsr, Inc.

Posted 5 days ago

VIEW JOBS 1/12/2019 12:00:00 AM 2019-04-12T00:00 TSR Consulting has been asked by their valued client, a leading Brokerage company, to assist with their need for the following role: Web Application Penetration Tester Location – Arlington, VA Long term Contract Looking for experienced application security professionals with strong penetration testing experience. The client does not use many automated tools so manual penetration testing is required. Interested candidates must be comfortable with reviewing source code, manual testing and offering remediations. The successful Candidate will work on a team of security testers. This is an Application based position and not a network Vulnerability role. This role will involve penetration testing and verifying the security of applications including, but not limited to: web applications, mobile applications and web services. SKILLS AND/OR KNOWLEDGE AREAS: * Manual Penetration Testing * Knowledge of JavaScript/HTTP and/or Java * CSRF * XSS / Dom based XSS * SQL Injection * Agile/Scrum * SDLC * Web application penetration testing experience * Familiarity with common penetration testing tools or ethical hacking * A programming background would be a benefit RESPONSIBILITIES * Work with Application development teams to assess their security needs and develop test cases which can check the security of the application * Design and improve the security testing artifacts and process for a safer application. * Perform application security penetration testing * Create security testing plans and test cases * Provide guidance recommended controls and countermeasures * Present test findings and interface with stakeholders This is a great opportunity to get in with a stable and growing organization that values technology and the people that drive it. There is a lot more we can share with you about the role, so please contact me (or apply) at or through the "apply" function listed. Tsr, Inc. Arlington VA

Penetration Testing Analyst

Deloitte & Touche L.L.P.