Delivery Senior Consultant, Penetration Tester
Job Description
Deloitte's Cyber Defense & Resilience practice seeks a Delivery Senior Consultant, Penetration Tester to perform hands-on testing of web applications and APIs, uncover security weaknesses, validate exploitability, and guide remediation. This role emphasizes practical offensive security skills and knowledge of secure development practices, and is based in Dallas, TX with a hybrid work arrangement.
Responsibilities
- Conduct manual and automated penetration testing of web applications, APIs, and supporting infrastructure.
- Identify, validate, and document security vulnerabilities including those in the OWASP Top 10.
- Perform authenticated and unauthenticated testing across development, test, and production-like environments.
- Evaluate application security controls including authentication, authorization, session management, input validation, and encryption.
- Produce clear, risk-based reports detailing technical findings, business impact, proofs of concept, and remediation guidance.
- Collaborate with developers, architects, and security teams to explain findings and support remediation efforts.
- Retest remediated issues to confirm closure.
- Contribute to security standards, testing methodologies, and internal knowledge sharing.
- Stay current on emerging threats, exploit techniques, and application security trends.
Requirements
- Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Engineering, or a related technical field
- Ability to obtain and maintain the necessary clearance for the role
- Offensive Security Certified Professional (OSCP), Offensive Security Web Expert (OSWE), GIAC Penetration Tester (GPEN), or Certified Ethical Hacker (CEH)
- Hands-on penetration testing experience with a focus on web applications
- Strong understanding of web technologies including HTTP/S, REST APIs, JavaScript, cookies, headers, and sessions
- Experience identifying vulnerabilities such as SQL injection, XSS, CSRF, SSRF, IDOR, authentication flaws, and access control weaknesses
- Proficiency with testing tools such as Burp Suite, OWASP ZAP, Nmap, Postman, and similar tools
- Experience writing professional penetration test reports for technical and non-technical audiences
- Familiarity with OWASP Top 10, CWE, CVSS, and secure coding principles
- Hybrid Work Model: reside within a commutable distance to one of the US Delivery Center locations (Gilbert, Lake Mary, or Mechanicsburg) or Geo-Hub locations (Atlanta, Charlotte, Dallas, Houston, and Philadelphia)
- Co-location Expectation: spend up to 30% of working time co-located at an assigned office for projects, practice sessions, training, and related activities
- Travel Requirement: maximum of 10% overnight travel for client or project purposes
- Relocation Requirement: if relocation is necessary, complete the move within 12 weeks from start date to reside within a commutable distance
- Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future
Technologies
- Burp Suite
- OWASP ZAP
- Nmap
- Postman
- AWS
- Azure
- GCP
The Team
Deloitte's Government & Public Services (GPS) practice delivers impact for federal, state, and local government clients as well as public higher education institutions. The team brings fresh perspectives to help clients anticipate disruption, reimagine possibilities, and fulfill their mission.
The Cyber Defense & Resilience offering helps clients defend against advanced threats by transforming security operations, monitoring technology, data analytics, and threat intelligence. It supports managing and protecting dynamic attack surfaces and provides rapid crisis and cyber incident response to ensure readiness, response, and recovery from business disruptions.
This opportunity sits within the Deloitte US Delivery Center model, a delivery-focused structure that combines Deloitte's scale with a center-based approach to provide high-quality, cost-effective services using standardized processes and procedures across Deloitte clients. The US Delivery Center emphasizes a small-business feel with a big-business impact, offering professionals the chance to work from delivery center locations with opportunities for limited travel.