Risk Advisory - Cyber - Lead Penetration Tester

Midrand, South AfricaGautengSouth AfricaAfrica

Company Description

Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our global network of member firms and related entities in more than 150 countries and territories (collectively, the “Deloitte organisation”) serves four out of five Fortune Global 500® companies. Learn how Deloitte’s approximately 312,000 people make an impact that matters at

About the Division

The value that Deloitte Risk Advisory Africa creates for organisations is synonymous with operational excellence. Our five business areas work in unison to provide integrated solutions unique to the organisational requirements of any business.

In a world that is constantly changing, organisations need to adapt quickly to respond to new risks and take advantage of new opportunities. Deloitte's Risk Advisory practice advises organisations on how to effectively mitigate risk and make informed and intelligent risk decisions around business processes, technology and operations.

Click here to read more about our Risk Advisory practice.

What impact will you make?

Every day, your work will make an impact that matters, while you thrive in a dynamic culture of inclusion, collaboration and high performance. As the undisputed leader in professional services, Deloitte is where you’ll find unrivalled opportunities to succeed and realise your full potential.

Job Description

Role Description

Responsible for leading attack and penetration testing engagements to identify security weaknesses within client's IT environments, reporting on issues and making recommendations for their remediation.


When you join the Cyber team, you will be involved in penetration testing and vulnerability management engagements which include; network and host layer vulnerability assessments, firewall and networking device reviews, web application assessments, source code reviews and social engineering 

The work you perform will include:

  • Supports service Support the Senior Manager on delivery of designated engagement / project, managing the implementation of the agreed deliverables
  • Guide teams through the design and implementation of Cyber Security Solutions that reduce vulnerability, strengthen threat controls and optimize operational efficiency
  • Leads complex technical assessments of client’s security infrastructures to identify / evaluate vulnerabilities, including considering the digital, physical, and social elements of the client, and reflecting relevant cyber threats to the client’s industry and profile and develop custom penetration testing tools
  • Conduct threat modeling and attack modeling on the clients’ designated targets of evaluation, plan pentest engagements and assess effort and stages according to internal Deloitte methodology;
  • Conduct hardware, mobile, and wireless security assessments and infrastructure and server, desktop and web-based application penetration tests
  • Write PoC exploit code for vulnerabilities the team has discovered and thoroughly document exploit chain/proof of concept scenarios for client consumption and internal knowledgebase;
  • Conduct social engineering assessments, document the findings according to internal Deloitte methodology and principles and analyze and summarize the findings in clear and actionable reports;
  • Conduct research in cyber security 
  • Support resource in planning of sales presentations and client negotiation teams for new and retained business
  • Develop market network in business and build relationships that generate leads
  • Build relationships across Deloitt0065 service lines to understand broader offerings and seek opportunities for cross-selling
  • Generate innovative solutions on projects / engagements in collaboration with team members to enhance / renew service offerings to client



  • OSCP is essential

Advantageous qualification include:

  • University degree
  • Any of OSEP, OSWE, OSEE, GPEN, GXPN or equivalent certification


  • 5+ years working in-depth working experience within a penetration tester with a strong understanding and familiarity with common penetration testing methods and standards and vulnerability and threat management experience
  • Must have experience of common network technologies, protocols and attacks
  • Experience with exploitation frameworks (e.g., MetaSploit, Core Impact)
  • Practical hands-on experience with one of Cobalt Strike / Empire / PowerSploit or similar
  • Experience with various security tools and products (Burp Suite, Nessus, Kali)
  • Knowledge of operating systems (UNIX/Linux and Solaris, Windows) and of database management systems (Oracle, SQL Server, etc.) and web technologies (Java, PHP, ASP.NET, AJAX, etc.) and application security techniques and challenges
  • Knowledge of the OWASP and OSSTMM methodologies
  • Good understanding of the components of a secure DLC/SDLC
  • Vulnerability analysis and application reversing skills
  • Familiar with malware reverse engineering
  • Red team and cyber-attack simulation experience
  • Knowledge of Social Engineering tools and techniques
  • Good understanding of incident response and forensics services including forensics data collection and processing, malware and log analysis, containment approach definition, etc.

Additional Information

Technical & Behavioural Competencies:

  • Expert in field with sound industry and business knowledge
  • Demonstrated leadership skills
  • Proven ability to manage and execute projects
  • Experience in drafting and presenting client proposals
  • Excellent report writing skills
  • Sound business acumen
  • Ability to link technical issues to business risk
  • Ability to communicate business and technical risk to all levels of audience
  • Strong communication skills, both written and verbal
  • Effective interpersonal and relationship building skills
  • Good mentorship and coaching ability with desire to develop self and others
  • Strong client delivery focus
  • Adaptable, managing change and ambiguity with ease

At Deloitte, we want everyone to feel they can be themselves and to thrive at work—in every country, in everything we do, every day. We aim to create a workplace where everyone is treated fairly and with respect, including reasonable accommodation for persons with disabilities. We seek to create and leverage our diverse workforce to build an inclusive environment across the African continent.

Cyber Security Jobs by Category

Cyber Security Jobs by Location

Cyber Security Salaries