Deloitte logo

(Senior) Penetration Tester

Posted about 4 hours ago

RemoteHelsinki, Uusimaa, FinlandSE

Job Description

What is the job?

As a cyber professional focused on offensive security, your work for our clients will be mainly focused on performing penetration testing and red teaming exercises. Additionally, you may participate in other cyber engagements such as infrastructure and application security reviews, incident response, source code reviews, vulnerability and architecture assessments or testing hardware and IoT, or testing ICS/OT/SCADA technologies depending on your interests, previous experience and competences.

You won’t be working alone — you will collaborate with our global and local teams of cyber professionals, who bring a balanced mix of technical, legal, and business expertise to support you

What You'll Actually Do:

  • Perform penetration tests on numerous platforms and technologies, such as web, mobile and infrastructure penetration tests to identify and mitigate security vulnerabilities
  • Simulate determined and sophisticated cyber threat actors to evaluate the effectiveness of security measures 
  • Prepare comprehensive and clear reports on security findings and vulnerabilities with actionable recommendations for remediation and effectively present and communicate them
  • Team up with a group of cyber security specialists to contribute to the development of tools, methodologies, and best practices for penetration testing
  • Stay up to date with the latest security trends, vulnerabilities and tools and maintain working knowledge of advanced threat actor tactics, techniques and procedures, to emulate these to assess vulnerability and risk
  • Contribute to our knowledge base by documenting new vulnerabilities and attack techniques you encounter
  • Work on large‑scale cyber projects for international clients, have access to diverse growth opportunities from formal training to on‑the‑job learning, and build relationships within our international cyber network.

Why Deloitte?

🟢Deloitte employs 35,000+ dedicated cyber practitioners worldwide. We serve the biggest and most innovative companies across the globe as well as locally in Finland – solving complex problems, achieving remarkable goals, and making meaningful progress. We refer to ourselves as cyber leaders, strategists, advisors, hackers, and specialists.

🟢Create your own growth and development path based on your background and desired career goals with the help of your career coach. As the undisputed leader in professional services, Deloitte is where you’ll find unrivaled opportunities to:

  • Contribute to the latest thought-leadership and industry research relating to cyber security
  • Participate, grow and develop in other cyber security projects to realize your full potential

🟢 At Deloitte, we value every individual and prioritise feedback and coaching at all stages of your career. Our career development opportunities help you build the skills and capabilities you need to succeed and progress in your career

🟢 We have a flat hierarchy that is built around the strengths of our deloittees. We make a positive impact on each other, our clients, and society through our significant client projects

🟢 We work with a hybrid working model and aim to offer flexibility to our employees. We value face-to-face collaboration and learning at our modern office in Ruoholahti, while also providing opportunities for remote work

Qualifications

Requirements to join the team in this role:

  • 3-5 years of experience performing penetration testing and/or delivering red team engagements as an operator or other similar attack simulation experience
  • Eagerness to learn and develop your skills and be at the forefront of cyber security
  • Fluency in English and in Finnish, both oral and written
  • Being currently located in Finland, possess a valid residence permit and eligibility for security clearance (turvallisuusselvitys). We are currently not considering candidates requiring relocation for this role

Additionally, having most of these attributes will help you greatly:

  • A passion for identifying and exploiting vulnerabilities with strong understanding of social engineering techniques, phishing threats, and digital impersonation tactics
  • Analytical and problem-solving skills with a can-do attitude and a strong ability to think laterally
  • Advanced knowledge of common enterprise technologies such as Active Directory and Azure/Entra ID with the ability to work proficiently and securely with various offensive security tooling, such as Burp Suite and with familiarity in programming languages such as C/C++, C#, PowerShell, Python and shell scripting
  • A creative mindset to the entire cyber kill chain from obtaining initial access to achieving objectives that align with organization-specific business risks 
  • Passion for R&D, with experience building your own tools and a strong drive to stay up to date on emerging attack techniques and vulnerabilities
  • In‑depth understanding of at least one major cloud platform (Microsoft Azure, Amazon Web Services or Google Cloud Platform) with experience across multiple platforms is considered an advantage
  • Prior hands-on experience using C2 frameworks like Mythic, Cobalt Strike, Brute Ratel, Nighthawk is not expected, but seen as an additional plus
  • While not mandatory, relevant certifications or a strong desire to obtain one are an advantage (e.g. OSCP, OSEP, OSED, OSEE, CRTO, CRTP, CRTE, CCRTS/CCSAS, BSCP). Experience presenting at security conferences or publishing technical blogs or whitepapers is also considered a plus

Additional Information

We look forward to receiving your application!

🕒 When: Apply latest by Wednesday 2nd of August please note that we are ready to start interviews already during the application period, especially now with quickly approaching summer holidays!

👉 How: Please submit your application through our recruitment system. Be sure to include your CV and cover letter. In your cover letter, please tell us what interests you about the role and what kind of colleague you would be

📞 Questions about the role: If you have any questions about the position, team or Deloitte as an employer, Kamil Lewandowski will be happy to answer. You can reach Kamil (050 3257 753) on Wednesday 8.7. between 9-10 or Monday 13.7. between 15-16.

📩 Questions about the recruitment process: You can read more about us and our recruitment process on our website. If you did not find the answer you were looking for, please contact our recruitment team at [email protected]

💚 Get to know Deloitte: Look into our everyday life and discover more about us on LinkedInTikTokInstagram, and Facebook

🎯Not quite your role? Don’t hesitate to leave an open application on our website, you might be a perfect fit for another open role in our cyber team!

Together makes progress

At Deloitte, we value diverse skills, perspectives, and experiences, as they enable us to effectively solve complex challenges for our clients. We encourage you to apply for the position if you believe your skills can contribute to our team’s success.

You will have the opportunity to work alongside over 450,000 colleagues globally and nearly 900 colleagues in Finland across Audit & Assurance, Tax & Legal, and Consulting services. At Deloitte, it’s all about people, each with something special to offer. We collaborate closely with one another and with our clients, making great things happen. That’s how we create real change.

Deloitte is where you’ll find unlimited opportunities to succeed and realise your full potential, together.

Job details
Workplace
Remote
Location
Helsinki, Uusimaa, Finland
Experience
SE

Discover industry insights and audit, tax, and consulting services that drive impact from Deloitte’s global network of member firms.

Key team members

Joe Otto

Joe Otto

Apply smarter with Jobr

Jobr aggregates jobs directly from company career portals — no middlemen. Our team applies on your behalf with AI-tailored resumes, reviewed by a human before submission.

Direct from company career pages
AI-personalised cover letters
Human review before every submit
Application tracking & follow-ups