DRSC T&T - Consultant, Pen Tester

Select how often (in days) to receive an alert:

Date: 31 Oct 2025

Location: Kuala Lumpur, MY

Title: DRSC T&T Cyber Defense & Resilience (based in Kuala Lumpur, Malaysia) – Consultant, Pen Tester

Are you ready to unleash your potential?

At Deloitte, our purpose is to make an impact that matters for our clients, our people, and the communities we serve. We believe we have a responsibility to be a force for good, and WorldImpact is our portfolio of initiatives focused on making a tangible impact on society’s biggest challenges and creating a better future. We strive to advise clients on how to deliver purpose‑led growth and embed more equitable, inclusive as well as sustainable business practices. Hence, we seek talented individuals driven to excel and innovate, working together to achieve our shared goals. We are committed to creating positive work experiences that foster a culture of respect and inclusion, where diverse perspectives are celebrated, and everyone is recognised for their contributions. Ready to unleash your potential with us? Join the winning team now!

• Conduct comprehensive penetration testing and vulnerability assessments across various web applications, mobile applications, and network infrastructure.
• Collaborate with clients to identify security vulnerabilities and propose effective remediation strategies.
• Perform mobile application security testing and provide insights for securing mobile platforms (iOS and Android).
• Prepare and present detailed security assessment reports for technical and non-technical stakeholders.
• Assist in developing and maintaining security standards and best practices for client systems.
• Work with development teams to advise on secure coding practices and implement security controls.
• Stay up to date with the latest trends in cybersecurity, emerging threats, and new vulnerabilities.
• Conduct risk assessments and provide security recommendations in compliance with industry standards.

• Demonstrate a strong commitment to personal learning and development.
• Understand how our daily work contributes to the priorities of the team and business.
• Understand the set expectations and demonstrate accountability in keeping personal performance on track.
• Actively focus on developing effective communications and relationship‑building skills with stakeholders, clients and team.
• Demonstrate an appreciation for working with others.
• Understand what is fundamental to Deloitte’s success as a business.
• Demonstrate integrity and an awareness of strengths, differences, and personal impact.
• Develop their understanding of Deloitte and offer a fresh perspective.

• 3+ years of proven experience in security testing domains for example, web, network, mobile, cloud, thick client vulnerability assessments and penetration testing.
• Bachelor’s degree in information security, Computer Science, or related field (or equivalent experience).
• Familiarity with mobile application security frameworks and testing tools.
• Hands‑on experience with common security tools such as Burp Suite Pro, Nmap, Wireshark, and Metasploit.
• Proficient in scripting languages like Python or Bash.
• Certifications: OSCP, CRTP, CREST or any other mobile security certifications such as eMAPT or SANS GMOB will be considered.
• Good knowledge with cloud security on platforms like AWS, Azure, or GCP.
• Knowledge of secure development lifecycle (SDLC) processes and thick client testing.
• Preferred red teaming or purple teaming experience if any.
• Excellent communication skills to convey technical details to both technical and non-technical audiences.
• Ability to work both independently and as part of a team in a fast‑paced environment.

Due to volume of applications, we regret only shortlisted candidates will be notified. Candidates will only be contacted by authorized Deloitte Recruiters via firm’s business contact number or business email address.