A career in Information Security, within Internal Firm Services, will provide you with the opportunity to develop and support our internal security technologies and services across the entire global and local PwC network. You'll focus on being the forefront of designing, developing, and implementing information technology including hardware, software, and networks that enhances security of internal information and protect our firms intellectual assets.
To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future.
As a Senior Associate, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to:
- Use feedback and reflection to develop self awareness, personal strengths and address development areas.
- Delegate to others to provide stretch opportunities, coaching them to deliver results.
- Demonstrate critical thinking and the ability to bring order to unstructured problems.
- Use a broad range of tools and techniques to extract insights from current industry or sector trends.
- Review your work and that of others for quality, accuracy and relevance.
- Know how and when to use tools available for a given situation and can explain the reasons for this choice.
- Seek and embrace opportunities which give exposure to different situations, environments and perspectives.
- Use straightforward communication, in a structured way, when influencing and connecting with others.
- Able to read situations and modify behavior to build quality relationships.
- Uphold the firm's code of ethics and business conduct.
Job Requirements and Preferences:
Minimum Degree Required:
High School Diploma
Minimum Years of Experience:
CISSP, CCSP, CISM, CISA, CASP, Security +, SANS Cloud SECxx
Demonstrates thorough knowledge and/or a proven record of success in the following areas:
- Developing secure cloud resource deployment templates in Cloud Service Providers using Terraform, Azure ARM, AWS Cloud Formation, or GCP Deployment Manager;
- Integrating security into cloud resources through deployments templates, policy management tools, configuration management tools, CI\CD pipelines, and other automation or orchestration solutions;
- Automating deployment of cloud resources and applications using Bash, Python, PowerShell, or other scripting languages;
- Exhibiting familiarity with Cloud Security Alliance, Center for Internet Security, ISC2, and SANS Cloud Security Standards for securing Cloud Applications, IaaS, PaaS, SaaS, Containers, and Microservices;
- Interacting with distributed version control systems like Git, GitHub, GitOps, etc;
- Deploying code using CI\CD tools like GitHub, Azure DevOps, Jenkins, etc;
- Working with Hashicorp stack including Terraform, Vault, Sentinel, Consul;
- Possessing knowledge and experience with application security solutions and web hosting architecture and principles;
- Leveraging experience with Software development including web, mobile applications and development languages;
- Having experience with commercial Source Code Analysis/Static Application Security Testing Tools;
- Understanding of application source code vulnerability mitigation processes;
- Recognizing risk assessment/acceptance factors that can affect business and security decisions;
- Having knowledge of and experience with Business processes and drivers that can affect system design;
- Analyzing application security vulnerabilities and executing mitigation strategies;
- Leveraging review processes using application threat vulnerability tools, scanning techniques and/or code review results;
- Using assessments of vulnerabilities, sources of threats, and current security guidance to determine the effectiveness of mitigation plans;
- Collaborating with teams to identify opportunities and provide recommendations on how application security can be built into project development;
- Interacting with project management team members and key stakeholders on application projects;
- Reviewing application threat vulnerability assessments on application development projects;
- Implementing strategy for application threat vulnerability review and remediation;
- Identifying and documenting complex business cases to assist in gaining internal support to implement security solutions;
- Collaborating with team members and stakeholders virtually;
- Evidencing communication skills, both written and verbal;
- Having customer service experience/skills, multitasking and possessing time management skills; and,
- Possessing analytical skills and attention to detail.
All qualified applicants will receive consideration for employment at PwC without regard to race; creed; color; religion; national origin; sex; age; disability; sexual orientation; gender identity or expression; genetic predisposition or carrier status; veteran, marital, or citizenship status; or any other status protected by law. PwC is proud to be an affirmative action and equal opportunity employer.
For positions based in San Francisco, consideration of qualified candidates with arrest and conviction records will be in a manner consistent with the San Francisco Fair Chance Ordinance.
For positions in Colorado, visit the following link for information related to Colorado's Equal Pay for Equal Work Act: https://pwc.to/coloradoifsseniorassociate.
Posting ID: 599922332Posted: 2021-01-15