P
Full-time
Remote friendly

Job Description & Summary

PwC is driving major change across information & cyber security by building a centralized model to provide security services across the entire member firm network.

Mandated at the network level, Network Information Security (NIS) operates outside IT & is responsible for this major program initiative, from definition of the security strategy to execution of the global Cyber Readiness Program, moving from local to centralized services.

Our mission is to identify, control & reduce the attack surface across the member firm network while increasing our adversaries’ cost of attack.

In order to deliver the Cyber Readiness Program the NIS team is structured into the following Pillars:
Information Security Risk & Compliance
CISO
Security Architecture, Engineering, Innovation & Transformation (SAEIT)
Cyber
Strategy & Alliances
Chief of Staff

NIS is building the first global cyber security function at PwC. Our mission protects 300,000 PwC members across 160 member firms worldwide as well as our global clients.

If you are seeking an exciting career with the scope to grow your security skills through major change on a global scale, then NIS will empower you to do so.

NIS is responsible for the following services:
Security Architecture
Security Engineering
Innovation
Security Transformation
Application Security

If you love designing & building security technology this is the place to be. Within NIS we work closely with the business to define the NIS 5 year security roadmap. Gathering business requirements to combine PwC’s goals with conceptual long term security trends to create a target architecture for NIS to deliver against. From this future state plan the Security Engineering team breaks down long term goals into manageable projects and looks to technical security solutions to solve business problems. Designing & building security technology that span the wider PwC network of firms. Once security technologies are built the NIS team works to assist technology teams in designing and deploying compliant applications.

Range of Impact:

Employee possesses deep functional knowledge in a specific subject matter area or technical domain that is applied in the context of a broader understanding of the functional area and related systems and processes.
The candidate will contribute to the development of new subject matter/technical domain expertise.
Resolves complex problems by continuously applying significant independent judgment and by collaborating with others, and influences others, through work on projects and in teams, and/or through leading portions of larger projects
Demonstrates extensive-level abilities within Application Security.
Encourages improvement and innovation within Application Security and nurturing and developing less-experienced staff through coaching and written/verbal feedback.
Perform Application Security tasks with autonomy.

Responsibilities

  • Partner with technology delivery teams to assure that security is properly built in to the technology during the design phase

  • Engage with development teams to educate them around secure designs & compliance with the Information Security Policy

  • Champion use of NIS best practices and approved tools

  • Perform security review as part of the application readiness review process (ARR)

  • Provide consultation support on a variety of security related subjects

Metrics

  • Technologies are delivered through the ARR process with no security findings

  • Consultation Services team is viewed as a resource that supports and assists in technology delivery

  • Work with risk managers and business information security officers to mitigate risk for all technology deliverables

Requirements:

Degree Preferred: Bachelor Degree

Fields of Study: Information Technology, Computer Systems Analysis, Management Information Systems, Computer Applications, Computer Engineering, Computer Programming

Certification(s): OSCP, CISSP, ITIL, OSCE, OSWE, CEH, or GWAPT Certifications are a major plus

Skills required:

  • The ideal candidate would be 50% programmer and 50% hacker. Examples of qualifications that resemble this profile are as follows

  • 3-5 years’ experience in a software development field such as Software Developer, Architect, Software Quality Assurance, or Application Security Engineer

  • Highly proficient in at least one of the following development languages: C#, C++, Java, .NET, Node.js, or Python

  • Possess a strong understanding of application architectural patterns, such as MVC, Microservices, Event-driven etc.

  • Creative, organized, responsive, and highly thorough problem solver

  • Possess strong business acumen with ability to work with application development, QA and security teams

  • Possess a restlessness or desire to break into things

  • Knowledge of the OWASP Top 10

  • Strong self-starter who has the ability to operate independently

  • Has solid understanding and experience with establishing software development policies across an organization

  • Excellent oral/written presentation skills with ability to communicate effectively with senior executive leadership; proficiency in preparation of presentations, analytical reports, and documents regarding program operational status, achievement and performance

  • Knowledge of effective controls for Application Security, Cloud & Services Hosting, Identity and Access Management, Data Protection, Borderless Connectivity, Endpoint Security, and Cyber Security Operations

  • Conversant with ISO 27002:2005/2013 information security standard

  • Demonstrating architectural domain knowledge including cloud application architecture and container-based deployment

  • Partnering with and enabling the development process to assure that security requirements are met while allowing for maximum speed to market

  • Supporting a leading edge development effort by developing standardized reusable security frameworks

  • Collaborating with multiple stakeholders across functional and technical skill sets

  • Aligning business requirements to complex security architecture frameworks

  • Managing multiple security assessments and changing priorities, simultaneously

Skills preferred:

  • Understanding and Passion for Agile/XP/Scrum/Kanban

  • Understanding of Test Driven Development built on User Stories

  • Understanding of Continuous Integration/Testing/Delivery/CI/CD

  • Familiarity with cloud architecture and services, such as AWS.

  • Familiarity with Metasploit, Burp Suite, Fuzzing, and Jenkins is preferred.

  • Familiarity with code reviews and penetration testing preferred.