T&T- Cyber-Strategy & Transformation- Deputy Manager- AM - VAPT
Bengaluru, IN
Applications have closed
Deloitte
Für unsere Kunden entwickeln wir integrierte Lösungen. Unsere Services umfassen Wirtschaftsprüfung, Steuerberatung, Financial Advisory und Consulting.Job Title: Application Security SME
Location: Bangalore, India (Mandatory)
Company: Deloitte India
Job Type: Full-time
Experience: 4-7
Best fit Roles:
Web Application Penetration Testing, API Testing, Network Penetration Testing Mobile Application Penetration Testing, Source Code Review, Thick Client Application Testing
Certifications: Certified Ethical Hacker (CEH), Certified Red Team Professional (CRTP), Certified AppSec Pentester (CAPen), Certified API Security Analyst (CASA), OffSec Certified Professional (OSCP)
Responsibilities
- Conduct end-to-end penetration tests on web applications, APIs, mobile applications, thick client applications, and network infrastructures to identify vulnerabilities.
- Collaborate on projects with defined objectives, ensuring timely and successful delivery.
- Analyze end-to-end application architectures and business logic for potential vulnerabilities.
- Prepare detailed reports documenting findings, risk levels, and recommendations for remediation, ensuring clarity for both technical and non-technical audiences.
- Perform in-depth source code reviews to detect security flaws and ensure compliance with secure coding standards.
- Leverage advanced penetration testing tools and frameworks to replicate real-world attack scenarios, ensuring comprehensive vulnerability identification.
- Execute cyber security assessments, including vulnerability assessments, penetration tests, and secure code reviews, both manually and using automated tools.
- Present findings and remediation strategies to clients, providing guidance on best practices and potential risks.
- Demonstrate understanding of core business processes and IT management practices to align security measures effectively.
- Contribute to the development of best practices and methodologies within the security team.
The Key Skills
- Expertise in penetration testing Web, Mobile application (both iOS and Android), API and SaaS application.
- In-depth understanding of API security vulnerabilities and proven experience in securing API. Experience in writing proof of concepts, exploits and performing in-depth exploitation is desired.
- Understanding of basic business and information technology management processes
- Must have in-depth knowledge of OWASP TOP 10/SANS25 best practices and cyber security guidelines.
- Must have detailed understanding of CIA Triads, Cryptography, Defense in Depth.
- Experience in Infrastructure Penetration Testing and Application Security Testing
- In-Depth understating of Risk, Threat, and Vulnerabilities.
- Experience in secure code review and expertise in tools like Checkmarx, SonarQube, Veracode will be preferred.
- Experience in conducting configuration reviews of Windows, Linux, UNIX, Solaris, Databases, etc.
- Should possess knowledge of vulnerability exploitation and exploit development.
- Experience in basic scripting such as: Shell, Python, etc.
- Good knowledge of protocols, security measures and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture.
- Familiarity with security principles and technologies.
- Expertise in performing Threat Modeling, generating security architectural requirements to software development and product teams.
- Expert knowledge of offensive security tools (e.g., Metasploit, Cobalt Strike, Burp Suite, Empire, etc.) and threat simulation frameworks.
- Strong understanding of TTPs used by cybercriminals and APT groups (MITRE ATTACK framework knowledge preferred).
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Android APIs Application security APT Burp Suite CEH Checkmarx CIA Cobalt Strike Compliance Cryptography Exploit Exploits Firewalls IDS iOS IPS Linux Metasploit Offensive security OSCP OWASP Pentesting Python Red team SaaS Scripting Security assessment Solaris SonarQube Strategy TTPs UNIX Veracode Vulnerabilities Windows
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.