CybersecurityJobs.io
← Back to all jobs

Job Description

Join Deloitte's Cyber Defense & Resilience team in Atlanta and enjoy a hybrid work model that blends on site collaboration with flexible remote work. In this role, you will assess the security of web applications, APIs, and related systems, identify exploitable weaknesses, and deliver remediation guidance to strengthen overall security posture. You will partner with developers, architects, and security colleagues, contribute to testing standards and methodologies, and stay current with emerging threats and application security trends. A bachelor’s degree and at least two years of hands‑on penetration testing experience are required, along with the ability to obtain and maintain the necessary clearance.

Responsibilities

  • Conduct both manual and automated testing of web applications, APIs, and supporting infrastructure to uncover security gaps.
  • Identify, verify, and document vulnerabilities in line with the OWASP Top 10.
  • Perform authenticated and unauthenticated assessments across development, test, and production‑like environments.
  • Evaluate security controls including authentication, authorization, session management, input validation, and encryption.
  • Produce clear, risk‑based reports detailing technical findings, business impact, proof of concept, and remediation guidance.
  • Collaborate with developers, architects, and security teams to explain findings and support remediation efforts.
  • Retest remediated issues to confirm closure and effectiveness.
  • Contribute to security standards, testing methodologies, and internal knowledge sharing initiatives.
  • Stay current on emerging threats, exploit techniques, and application security trends.

Requirements

  • Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Engineering, or a related technical field
  • Ability to obtain and maintain the necessary security clearance
  • Offensive Security Certified Professional (OSCP), Offensive Security Web Expert (OSWE), GIAC Penetration Tester (GPEN), or Certified Ethical Hacker (CEH)
  • Hands‑on penetration testing experience with a focus on web applications
  • Strong understanding of web technologies including HTTP/S, REST APIs, JavaScript, cookies, headers, and sessions
  • Experience identifying vulnerabilities such as SQL injection, XSS, CSRF, SSRF, IDOR, authentication flaws, and access control weaknesses
  • Proficiency with testing tools such as Burp Suite, OWASP ZAP, Nmap, Postman, and similar tools
  • Experience writing professional penetration test reports for technical and non‑technical audiences
  • Familiarity with OWASP Top 10, CWE, CVSS, and secure coding principles
  • Hybrid Work Model requiring residence within commutable distance to one of the US Delivery Center locations (Gilbert, Lake Mary, Mechanicsburg) or Geo‑Hub locations (Atlanta, Charlotte, Dallas, Houston, Philadelphia)
  • Co‑location expectation: spend up to 30% of working time co‑located at an assigned office for projects, practice sessions, training, and related activities
  • Travel up to 10% overnight for client or project purposes
  • Relocation within 12 weeks to reside within a commutable distance if relocation is necessary
  • Legal authorization to work in the United States without employer sponsorship now or in the future

Technologies

Key tools and platforms include Burp Suite, OWASP ZAP, Nmap, Postman, JavaScript, and cloud environments such as AWS, Azure, and GCP.

Team

Deloitte's Government & Public Services GPS practice delivers impact for federal, state, and local government clients as well as public higher education institutions. Our Cyber Defense & Resilience offering helps clients defend against advanced threats by evolving security operations and outcomes.

Similar Jobs