Vulnerability Assessment and Penetration testing Associate: Cyber Risk - Deloitte

Our website is made possible by displaying online advertisements to our visitors.
Please consider supporting us by disabling your ad blocker.

Job Description: Responsibilities, Qualifications, and Necessary Skills

A Must Read Article: 10 checks to identify fraudulent or scam job offers

Click here to join us on Telegram

1. Patiently scroll down and read the job description below.

2. Scroll down and find how to apply or mode of application for this job after the job description.

3. Carefully follow the instructions on how to apply.

4. Always apply for a job by attaching CV with a Cover Letter / Application Letter.

Deloitte is the largest private professional services network in the world. Every day, approximately 312,000 professionals in more than 150 countries demonstrate their commitment to a single vision: to be the standard of excellence, while working towards one purpose – to make an impact that matters.

Deloitte West Africa is a cluster of Deloitte offices that has joined together to provide seamless cross-border services to our clients in the region and to pass on the benefits of scale and access to resources that this organization can generate. Our West Africa practice serves multinationals, large national enterprises, small and medium-sized enterprises and the public sector across these regions: Nigeria and Ghana.

In Ghana, Deloitte is one of the leading professional services organisations, specialising in providing Audit, Tax & Regulatory, Business Process Solutions, Consulting, Risk Advisory and Financial Advisory services. We serve clients in a variety of industries from financial services, to consumer business and industrial products, telecommunications, energy and resources, manufacturing and the public sector.

Our professionals are unified by a collaborative culture that fosters integrity, outstanding value to markets and clients, commitment to each other, and strength from cultural diversity. They are dedicated to strengthening corporate responsibility, building public trust, and making a positive impact in their communities. We understand that our professionals hold interests outside of the work space and we aim to encourage work/life balance, supporting them in all aspects of their lives.



Our talented professionals and our clients understand the link between a strong learning and development programme and the ability for Deloitte to deliver on its promise of consistent, high-quality service delivery worldwide.

Whatever your age, gender or culture, take your career to the next level with the talents and capabilities you will develop at Deloitte.

Job Description

About the Role

We are seeking an elite Penetration Tester to join our elite security team. You will be a relentless hunter, identifying and exploiting critical vulnerabilities across our complex technological landscape. In this role, you’ll be responsible for securing clients web applications, APIs, networks, infrastructure, Active Directory, and cloud environments. You will be a trusted advisor, working collaboratively to remediate vulnerabilities and continuously improve various client’s security posture.



  • Design, execute, and document comprehensive penetration testing engagements encompassing:
    • Web applications: Leverage advanced techniques to uncover critical vulnerabilities (SQL injection, XSS, CSRF, RCE) and assess their exploitability.
    • APIs: Utilize various tools and methodologies to identify security misconfigurations, broken authentication, and authorization flaws in APIs.
    • Networks and Infrastructure: Conduct in-depth network assessments to discover weaknesses in network segmentation, firewalls, and network devices. Employ pivoting, escalation of privileges, and lateral movement techniques to compromise systems.
    • Active Directory: Assess the security posture of Active Directory, focusing on misconfigurations, insecure password policies, and privileged account controls.
    • Cloud Environments: Perform cloud security assessments on platforms like AWS, Azure, or GCP, identifying insecure configurations, storage vulnerabilities, and potential access control issues.
  • Exploit discovered vulnerabilities using advanced tools and techniques to demonstrate real-world impact.
  • Create detailed penetration testing reports that clearly document findings, risks, proof-of-concepts, and recommended remediation strategies.
  • Proactively stay ahead of the evolving threat landscape by researching emerging vulnerabilities, exploits, and offensive security tools.
  • Collaborate effectively with development, IT, and security teams to prioritize vulnerabilities, remediate issues, and enhance security controls.
  • Maintain an unwavering commitment to ethical hacking principles and best practices.




  • Minimum of 2+ years of experience in penetration testing or a related security field, with a proven track record of success in identifying and exploiting high-impact vulnerabilities.
  • In-depth understanding of penetration testing methodologies (e.g., OWASP methodologies, PTES) and a vast toolkit of industry-standard penetration testing tools (Burp Suite, Metasploit, Nessus, etc.).
  • Extensive experience in scripting languages (Python, Bash, PowerShell) for automating tasks and developing custom exploits.
  • Solid understanding of cloud security concepts and experience in securing cloud environments (AWS, Azure, GCP).
  • Expertise in Active Directory security, including identification and exploitation of misconfigurations and privilege escalation techniques.
  • Experience in API security testing methodologies and tools.
  • Exceptional written and verbal communication skills with the ability to clearly articulate complex technical findings to both technical and non-technical audiences.

A passion for security and a relentless drive to push the boundaries of offensive security

Preferred Qualifications:

  • Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or a related field.
  • 2nd class Upper or better
  • Proven experience in social engineering techniques.
  • Certifications such as eJPT, CEH, CPENT, OSCP, OSCE, GCIH, GWAPT,CISSP and any cloud related certification.
  • Experience in mobile application security testing.
  • Experience in container security (Docker, Kubernetes).

Experience in building and utilizing custom security frameworks and tools

« Go back to the jobs list




  • Do not pay any fee to any Recruiter.
  • The Recruiter may amend, delete or expire jobs at any time without notification.
  • The Recruiter reserves the right not to proceed with filling the position.
  • An application will not in itself entitle the applicant to an interview.


JobSearch Ghana is your most reliable website for latest jobs in Ghana today. If you are interested in getting genuine and reviewed job vacancies in Ghana from the best companies, then you are in the right place. Browse For Graduate Jobs, Government Recruitments & More. You can find current jobs in Ghana today on LinkedIn, Glassdoor, Graphic here


Job search is not an easy journey especially for jobs in Ghana 2024. That is why we have engaged experts to write seasoned articles to guide your job search in Ghana. We cover interviews, cover letters, CVs, aptitude tests, workplace life, entrepreneurship, personal finance and more. Check out our career articles page today!