Job Description & Summary
A career in our Network Information Security (NIS) team will provide you the opportunity to solve our clients’ most critical application and data protection challenges. As a Manager in the Application Penetration Testing team, you will lead complex testing engagements, shape our service offerings, and develop our people. You’ll combine deep technical tradecraft with strong client leadership to help organizations understand and manage real‑world application security risk.
You will work closely with CISOs, engineering leaders, and product teams to scope, deliver, and explain application security assessments across web, mobile, API, and cloud‑native environments. You will be responsible for quality, timelines, and risk management on your projects, while also contributing to innovation in testing techniques and the way we use automation and AI to extend our capabilities.
PwC Professional skills and responsibilities for this management level include but are not limited to:
Lead multiple, concurrent application penetration testing engagements from planning to reporting, ensuring quality, timeliness, and internal client satisfaction.
Scope and design testing approaches for complex applications (web, mobile, APIs, microservices, cloud‑native), balancing risk coverage, effort, and client constraints.
Assist EMEA CISO/BISO teams on number of AppSec initiatives within EMEA ;
Apply advanced manual testing techniques (e.g. business logic abuse, multi‑step workflows, chained exploits [must have]) alongside targeted use of automated tools and AI‑assisted capabilities.
Review and challenge technical findings produced by the team, ensuring accuracy, clear risk articulation, and practical remediation guidance for engineering audiences.
Translate technical results into business‑relevant impact for senior stakeholders (e.g. data exposure, fraud risk, compliance impact), and lead readouts with client security and product leadership. [ must have]
Coach and mentor junior and senior penetration testers, providing structured feedback, on‑the‑job training, and stretch opportunities to develop their tradecraft and consulting skills. [must have]
Use engagement reviews as an opportunity to systematically uplift team capability, standardize good practices, and drive consistency in testing depth and reporting quality.
Contribute to service development by enhancing methodologies, checklists, and tooling approaches (including AI‑augmented testing workflows) and embedding them across the team.
Collaborate with account teams and leadership to identify follow‑on or adjacent opportunities (e.g. secure SDLC, threat modelling, code review, developer training) based on identified weaknesses.
Support shaping up service-related challenges on complex technical approaches, effort estimates, and risk mitigations for application security assessments.
Foster a positive and inclusive team environment by effectively managing workloads, supporting work-life balance, and demonstrating open, respectful communication.
Use feedback and reflection to continuously refine your leadership, technical, and commercial skills, and uphold the firm’s code of ethics and business conduct.
Bachelor’s Degree (Computer and Information Science, Computer Applications, Computer Engineering, Information CyberSecurity, Information Technology, Management Information Systems or equivalent experience.)
5+ years of experience in application security / penetration testing, including significant hands‑on testing and at least 1–2 years in a lead or supervisory role. [Good to have]
Required Technical Skills and Knowledge
Demonstrates extensive knowledge and/or a proven record of success in the following areas:
In‑depth understanding of web applications, APIs, and services, including platforms and stacks such as IIS, Apache variants, Nginx, Java, .NET, Node.js, modern front‑end frameworks, and common API technologies (REST, SOAP, GraphQL). [must have]
Strong understanding of web and application security frameworks and guidance, including OWASP Top 10, OWASP API Top 10, OWASP MASVS, and SANS/CWE Top 25. [must have]
Proven ability to identify and exploit application vulnerabilities such as SQL injection, XSS, CSRF, SSTI, IDOR, authN/authZ flaws, and logic issues, and to demonstrate realistic business impact. [must have]
Hands‑on use of industry‑standard testing tools (e.g. Burp Suite Pro, ZAP, proxy tools, interception frameworks) and familiarity with SAST/DAST/IAST and API security testing tools. [must have]
Solid understanding of application hosting environments: Windows and Linux web servers, application servers, databases, WAFs, load balancers, reverse proxies, and common cloud platforms (AWS, Azure, GCP). - [Good to have]
Experience designing and executing tests for modern architectures (microservices, containers, serverless, CI/CD‑driven deployments) and integrating findings into secure SDLC practices. [Good to have]
Experience using or evaluating AI‑assisted techniques in security testing (e.g. AI‑aided recon, test idea generation, or report support) with appropriate validation and risk controls. [Good to have]
Required Professional Skills and Abilities
Demonstrates abilities and/or a proven record of success in the following areas:
Leading end‑to‑end application penetration testing engagements, including scoping, planning, execution oversight, issue escalation, and stakeholder communication.
Managing small to medium‑sized teams of testers, delegating effectively, and ensuring consistent test coverage and quality.
Reviewing and refining technical reports for clarity, accuracy, risk rating, and actionable remediation steps tailored to developers and architects.
Communicating complex technical concepts clearly and succinctly to both technical and non‑technical stakeholders, adapting depth and style as appropriate.
Building and maintaining strong client relationships, participating actively in discussions, and positioning relevant add‑on services aligned to client needs.
Balancing project economics (budget, effort, and scope) while maintaining agreed quality standards and addressing unanticipated issues constructively.
Creating a positive team climate by monitoring workloads, providing timely feedback, and supporting the growth and well‑being of team members.
Proactively seeking and incorporating guidance, clarification, and feedback from leadership, and keeping stakeholders informed of progress, risks, and issues.
Concentrated experience and rapid career growth. It may sound like a platitude, but it really is.
Fair salary and time off in lieu (toil)
Paid time off 25 days, 3 well being days and 1 extra day off from the company at the end of the year.
High-end Ultrabook and iPhone with unlimited data.
The possibility to set your work schedule flexibly. We also offer part-time work from home
Benefit program with 55.000 points that you can use for holidays, education, food vouchers, sports, health... Simply on what you enjoy.
Support for your education and development: we offer business and digital training and many other training and workshops to further develop your personal and professional skills. We pay for technical certifications and the time you spend studying them.
Regular feedback on your work, also consultation with a coach with whom you can address your further development and career direction.
PwC is the largest audit team in the Czech Republic, law, tax, consulting and technology, data or forensic teams. Find out how easy it is to combine this knowledge when you're in the right place. With us, you will get the opportunity to see how business is done in large companies. We are part of an international network of companies with more than 364,000 colleagues in 151 countries. At PwC, we create an inclusive work environment where everyone can be themselves and find their place and opportunity to develop.
This year, we have successfully maintained the prestigious Equal Pay Certification, making us one of only four companies in the Czech Republic (and the only one from the Big 4) that demonstrably implements fair compensation practices regardless of gender.
Are you interested in our offer? Let us know about yourself and we will discuss more details together!
Ochrana osobních údajů pro žadatele o zaměstnání / Privacy Statement for Recruitment Applicants
#LI-PN