Share these opportunities

Penetration Tester, Deloitte Global Cybersecurity

Apply now

Apply for Job

Date Posted: Sep 14, 2019

Reference Code: 45936-en_US

Service:  Firm-Wide  
Job Type:  Permanent 
Primary Location: Toronto, Ontario, Canada 
All Available Locations: Toronto 

External Posting Description

Are you energized by helping organizations protect their data and build client trust? Do you want to work in one of the world’s largest holistic internal cybersecurity organizations? If you’re interested in proactively preventing, detecting, and responding to cyber attacks across a complex global footprint, then Deloitte Global could be the perfect place for you. We’re looking for an analytical thinker passionate about cybersecurity to join and support our team.

In this role in support of the part of the global Attack Surface Assessment team, we are seeking an experienced security tester to help execute the technical evaluation process, assessing the effectiveness of, and making recommendations for the security controls required for digital assets in order to meet the Deloitte risk appetite. The candidate being sought should be a creative, self-motivated, highly energetic and results oriented individual passionate about cyber security and risk management.

Work you’ll do:

As part of the Global Cybersecurity team:

Broad responsibilities will be to work with customers to deliver technical assessments against a broad range of services, illustrative duties will include:

  • Assisting in technical scoping of security testing activities
  • Executing security testing;
    • Software/Web Application/Web Services penetration testing
    • Network Penetration Testing
    • Mobile Application Penetration Testing
    • Thick Client Penetration Testing 
  • Conducting focused research when not deployed on an active project 
  • Provide consultative guidance to customers on findings identified in a clear and actionable fashion both in writing and verbally
  • Enhancing and updating testing methodologies, processes and standards documentation
  • Maintaining proficiency of knowledge through ongoing training paths
  • Architecture Security Analysis and Threat Modeling as required
  • Open source intelligence analysis and assessment
  • Communications on how to effectively engage services and what capabilities are available 
  • Escalation of issues experienced to the Regional Technical Delivery Lead

This Deloitte Global role requires limited to no travel.

What you’ll be part of—our Deloitte Global culture:

At Deloitte, we expect results. Incredible—tangible—results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and lead global strategies and provide programs and services that unite our network. In Deloitte Global, everyone has an opportunity to lead. We see the importance of your perspective and your ability to create value. We want you to fit in—with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out—with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.  Deloitte Global supports our talented professionals in answering the question: What impact will you make?

Who you’ll work with:

The Deloitte Global Cybersecurity function is responsible for enhancing data protection, standardizing and securing critical infrastructure, and gaining cyber visibility through security operations centers. The Cybersecurity organization delivers a comprehensive set of security services to Deloitte’s global network of firms around the globe.

External Posting Qualifications

This role is based in the Americas. Relocation assistance may be considered on a case by case basis. 

Your role as a senior staff member at Deloitte:

  • Identify and embrace our purpose and values, and put them into practice when executing daily tasks/activities
  • Enhance personal development skills by actively seeking opportunities for growth, sharing knowledge and experiences with others, and acting as a strong brand ambassador for the firm
  • Seek challenging opportunities across businesses and borders and take accountability for personal and team results
  • Build relationships and communicate effectively in order to positively influence peers and other stakeholders
  • Understand objectives for clients and Deloitte, align your work to objectives, and set personal priorities



  • Developed experience with web application penetration testing
  • Familiarity with software security weakness and vulnerabilities
  • Experience in network penetration testing
  • Working knowledge of one scripting language
  • Experience in reverse engineering is a plus
  • Familiarity with at least one software programming language and framework is a plus 
  • Demonstrated experience working with diverse stakeholders, preferably on a global multi-national basis
  • Ability to manage concurrent initiatives and use effective judgment in prioritization and time management
  • Strong written and verbal communication skills

Knowledge or awareness of the following would be desirable:

  • Reverse Engineering
  • Source code reviews
  • Cloud Service testing
  • ISO 27000 series such as 27001, 27002, 27032, 27035
  • NIST SP 800 series
  • OWASP Top Ten
  • SANS Institute - CIS Critical Security Controls
  • Standard of Good Practice for Information Security
  • Incident management and response
  • Vulnerability management

Required  Licenses, Certifications, and Other Requirements:

  • Although not required, possessing any of the following will be an asset. Cyber security related certifications/designations, such as:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA)
  • Certified Ethical Hacker (CEH)
  • Offensive Certified Security Professional (OSCP)
  • GIAC Security Essentials (GSEC)
  • GIAC Mobile Device Security Analyst (GMOB)

Education and experience:

  • Bachelor’s and/or Master’s Degree in computer science, engineering or related field or significant relevant industry experience

How you’ll grow:

Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible.

Benefits you’ll receive:

Deloitte’s Total Rewards program reflects our continued commitment to lead from the front in everything we do — that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.

Deloitte is an inclusive employer dedicated to building a diverse workforce.  We encourage applications from all qualified candidates and will accommodate applicants’ needs under the respective provincial human rights codes throughout all stages of the recruitment and selection process. Please advise the Recruiter to ensure your accessibility needs are accommodated throughout this process.  Information received relating to accommodation will be addressed confidentially.

We thank all applicants in advance for their interest; however, only those candidates selected for an interview will be contacted.

Apply now

Apply for Job