CybersecurityJobs.io
← Back to all jobs

Job Description

This Delivery Senior Consultant, Penetration Tester role within Deloitte's Cyber Defense & Resilience organization focuses on manual and automated testing of web applications, APIs, and related systems to identify vulnerabilities and guide remediation efforts.

Responsibilities

  • Conduct comprehensive manual and automated penetration tests of web applications, APIs, and supporting infrastructure.
  • Identify, verify, and document security weaknesses, including those mapped to the OWASP Top 10.
  • Perform testing with and without credentials across development, testing, and production-like environments.
  • Evaluate security controls such as authentication, authorization, session management, input validation, and encryption.
  • Produce clear, risk-based reports detailing technical findings, business impact, proof of concept, and remediation guidance.
  • Collaborate with developers, architects, and security teams to communicate findings and support remediation efforts.
  • Re-test remediated issues to confirm closure.
  • Contribute to security standards, testing methodologies, and internal knowledge sharing.
  • Stay informed about emerging threats, exploit techniques, and latest trends in application security.

Requirements

  • A bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Engineering, or a related technical field.
  • Ability to obtain and maintain the necessary security clearance for the role.
  • Certifications such as OSCP, OSWE, GPEN, or CEH.
  • Hands-on penetration testing experience with a focus on web applications.
  • Strong understanding of web technologies including HTTP/S, REST APIs, JavaScript, cookies, headers, and sessions.
  • Experience identifying vulnerabilities such as SQL injection, XSS, CSRF, SSRF, IDOR, authentication flaws, and access control weaknesses.
  • Proficiency with testing tools such as Burp Suite, OWASP ZAP, Nmap, and Postman.
  • Experience writing professional penetration test reports for technical and non-technical audiences.
  • Familiarity with OWASP Top 10, CWE, CVSS, and secure coding principles.
  • Hybrid work model requiring residence within a commutable distance to US Delivery Center sites (Gilbert, Lake Mary, or Mechanicsburg) or Geo-Hub locations (Atlanta, Charlotte, Dallas, Houston, Philadelphia).
  • Co-location expectation up to 30 percent of working time at an assigned office or project location for coordinated opportunities and training.
  • Travel up to 10 percent overnight for client or project purposes.
  • Relocation may be required, with a move completed within 12 weeks to reside within a commutable distance.
  • Must be legally authorized to work in the United States without the need for employer sponsorship now or in the future.

Technologies

  • Burp Suite
  • OWASP ZAP
  • Nmap
  • Postman

Location

Mechanicsburg, Pennsylvania, hybrid work arrangement.

The Team

Deloitte's Government & Public Services practice serves federal, state, and local government clients as well as public higher education institutions, delivering impact through people, ideas, technology, and measurable outcomes. The Cyber Defense & Resilience offering helps clients defend against advanced threats by transforming security operations, monitoring technology, data analytics, and threat intelligence, while enabling rapid crisis and cyber incident response to maintain resilience. This opportunity operates within the Deloitte US Delivery Center framework, which combines scale with a center-based delivery model to provide high-quality, cost-effective services and standardized processes for Deloitte client engagements. The US Delivery Center emphasizes a compact, high-impact team environment with access to Deloitte’s resources and opportunities, while maintaining a practical travel footprint across delivery center locations and approved sites.

Similar Jobs