IT Services- Architecture Consultant- Senior Associate (US Remote) (pwc)
Job posting number: #246178 (Ref:629380WD)
Job Description
Line of Service
Internal Firm ServicesIndustry/Sector
Not ApplicableSpecialism
IFS - Internal Firm Services - OtherManagement Level
Senior AssociateJob Description & Summary
At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data.Those in application security at PwC will be responsible for providing security services to development teams including code scanning, readiness testing, and penetration testing to enable application teams to build and deploy secure applications in Production. You will utilise a risk-based methodology and "shift-left" approach to engage early in the software development lifecycle.
Focused on relationships, you are building meaningful client connections, and learning how to manage and inspire others. Navigating increasingly complex situations, you are growing your personal brand, deepening technical expertise and awareness of your strengths. You are expected to anticipate the needs of your teams and clients, and to deliver quality. Embracing increased ambiguity, you are comfortable when the path forward isn’t clear, you ask questions, and you use these moments as opportunities to grow.
Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to:
Respond effectively to the diverse perspectives, needs, and feelings of others.
Use a broad range of tools, methodologies and techniques to generate new ideas and solve problems.
Use critical thinking to break down complex concepts.
Understand the broader objectives of your project or role and how your work fits into the overall strategy.
Develop a deeper understanding of the business context and how it is changing.
Use reflection to develop self awareness, enhance strengths and address development areas.
Interpret data to inform insights and recommendations.
Uphold and reinforce professional and technical standards (e.g. refer to specific PwC tax and audit guidance), the Firm's code of conduct, and independence requirements.
This position will be part of PwC IT Services (US) LLC, a member of the PwC network of firms. PwC IT Services (US) LLC (a wholly owned subsidiary of PwC IT Services Limited) provides technology services to other PwC member firms. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.
PwC is driving major change across information & cyber security by building a centralized model to provide security services across the entire member firm network.
Mandated at the network level, Network Information Security (NIS) operates outside IT & is responsible for this major program initiative, from definition of the security strategy to execution of the global Cyber Readiness Program, moving from local to centralized services.
Our mission is to identify, control & reduce the attack surface across the member firm network while increasing our adversaries’ cost of attack.
In order to deliver the Cyber Readiness Program the NIS team is structured into the following Pillars:
Information Security Risk & Compliance
CISO
Security Architecture, Engineering, Innovation & Transformation (SAEIT)
Cyber
Strategy & Alliances
Chief of Staff
NIS is building the first global cyber security function at PwC. Our mission protects 300,000 PwC members across 160 member firms worldwide as well as our global clients.
If you are seeking an exciting career with the scope to grow your security skills through major change on a global scale, then NIS will empower you to do so.
NIS is responsible for the following services:
Security Architecture
Security Engineering
Innovation
Security Transformation
Application Security
If you love designing & building security technology this is the place to be. Within NIS we work closely with the business to define the NIS 5 year security roadmap. Gathering business requirements to combine PwC’s goals with conceptual long term security trends to create a target architecture for NIS to deliver against. From this future state plan the Security Engineering team breaks down long term goals into manageable projects and looks to technical security solutions to solve business problems. Designing & building security technology that span the wider PwC network of firms. Once security technologies are built the NIS team works to assist technology teams in designing and deploying compliant applications.
Range of Impact:
Employee possesses deep functional knowledge in a specific subject matter area or technical domain that is applied in the context of a broader understanding of the functional area and related systems and processes.
The candidate will contribute to the development of new subject matter/technical domain expertise.
Resolves complex problems by continuously applying significant independent judgment and by collaborating with others, and influences others, through work on projects and in teams, and/or through leading portions of larger projects
Demonstrates extensive-level abilities within Application Security.
Encourages improvement and innovation within Application Security and nurturing and developing less-experienced staff through coaching and written/verbal feedback.
Perform Application Security tasks with autonomy.
Degree Required:
High School Diploma
Degree Preferred:
Bachelor Degree
Fields of Study:
Information Technology, Computer Systems Analysis, Management Information Systems, Computer Applications, Computer Engineering, Computer Programming are a major plus
Certification(s):JOB IS FROM: partimejobs.netVIEW
CISSP, CCSP, CISM, CISA are a major plus
Experience/Skills:
1-3 years’ experience in a software development field such as Software Developer, Architect, Software Quality Assurance, or Application Security Engineering
1-3 years’ experience in Cloud Infrastructure such as Cloud Engineer, Infrastructure Architect, or SRE Engineer
Possess a strong understanding of application architectural patterns, such as MVC, Microservices, Event-driven etc.
Creative, organized, responsive, and thorough problem solver
Possess strong business acumen with ability to work with application development, QA and security teams
Knowledge of the OWASP Top 10
Strong self-starter who can operate independently
Excellent oral/written presentation skills with ability to communicate effectively with senior executive leadership; proficiency in preparation of presentations, analytical reports, and documents regarding program operational status, achievement and performance
Possessing knowledge and experience with application security solutions and web hosting architecture and principles
Leveraging experience with Software development including web, mobile applications and development languages
Having experience with commercial Source Code Analysis/Static Application Security Testing Tools
Understanding of application source code vulnerability mitigation processes
Recognizing risk assessment/acceptance factors that can affect business and security decisions
Having knowledge of and experience with Business processes and drivers that can affect system design
Analyzing application security vulnerabilities and executing mitigation strategies.
Leveraging review processes using application threat vulnerability tools, scanning techniques and/or code review results
Using assessments of vulnerabilities, sources of threats, and current security guidance to determine the effectiveness of mitigation plans
Knowledge of effective controls for Application Security, Cloud & Services Hosting, Identity and Access Management, Data Protection, Borderless Connectivity, Endpoint Security, and Cyber Security Operations
Conversant with ISO 27002:2005/2013 information security standard
Demonstrating architectural domain knowledge including cloud application architecture and container-based deployment
Partnering with and enabling the development process to assure that security requirements are met while allowing for maximum speed to market
Experience collaborating with multiple stakeholders across functional and technical skill sets
Aligning business requirements to complex security architecture frameworks
A Plus:
Understanding and Passion for Agile/XP/Scrum/Kanban
Understanding of Test-Driven Development built on User Stories
Understanding of Continuous Integration/Testing/Delivery/CI/CD
Familiarity with cloud architecture and services, such as Azure, AWS, GCP.
Familiarity with Metasploit, Burp Suite, Fuzzing, and Jenkins.
Familiarity with code reviews and penetration testing.
This is a U.S. based role and PwC IT Services (US) LLC does not intend to hire external job seekers who will need, now or in the future, PwC IT Services (US) LLC sponsorship through the H-1B lottery.
The salary range for this position is: $84,500 - $162,500. Actual compensation within the range will be dependent upon the individual's skills, experience, qualifications and location, and applicable employment laws. Additionally, individuals may be eligible for an annual discretionary bonus. For roles that are based in Maryland, this is the listed salary range for this position.
Education (if blank, degree and/or field of study not specified)
Degrees/Field of Study required:Degrees/Field of Study preferred:Certifications (if blank, certifications not specified)
Required Skills
Optional Skills
Accepting Feedback, Accepting Feedback, Active Listening, Analytical Thinking, Application Security, Application Security Assessment, Azure Data Factory, Cloud Application Development, Cloud Security, Coding Standards, Communication, Creativity, Cybersecurity, DevOps Practices, Embracing Change, Emotional Regulation, Empathy, Endpoint Security, Forensic Investigation, Hosting Controllers, Inclusion, Information Security, Intellectual Curiosity, Learning Agility, LoadRunner (Software Testing Tool) {+ 30 more}Desired Languages (If blank, desired languages not specified)
Travel Requirements
Up to 20%Available for Work Visa Sponsorship?
NoGovernment Clearance Required?
NoJob Posting End Date
All qualified applicants will receive consideration for employment at PwC IT Services (US) LLC without regard to race; creed; color; religion; national origin; sex; age; disability; sexual orientation; gender identity or expression; genetic predisposition or carrier status; veteran, marital, or citizenship status; or any other status protected by law. PwC IT Services (US) LLC is proud to be an equal opportunity employer.For only those qualified applicants that are impacted by the Los Angeles County Fair Chance Ordinance for Employers, the Los Angeles' Fair Chance Initiative for Hiring Ordinance, the San Francisco Fair Chance Ordinance, San Diego County Fair Chance Ordinance, and the California Fair Chance Act, where applicable, arrest or conviction records will be considered for Employment in accordance with these laws. At PwC, we recognize that conviction records may have a direct, adverse, and negative relationship to responsibilities such as accessing sensitive company or customer information, handling proprietary assets, or collaborating closely with team members. We evaluate these factors thoughtfully to establish a secure and trusted workplace for all. We offer a comprehensive, flexible and competitive benefits program. It provides access to programs that can be tailored to meet the personal health and financial well-being needs of our employees and their families. Our benefits include medical, dental and vision coverage, health savings accounts; mental health support, family and caregiver support, a robust time off policy inclusive of sick, vacation and holiday time; and a retirement savings plan with Roth features and company match.