Cyber Testing Director
IND-HR-Gurugram-HQ27-The Headquarters
RSM
RSM US LLP is the leading U.S. provider of assurance, tax and consulting services focused on the middle market.We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM.
The RSM USI supports RSM U.S. risk consulting, transaction advisory, technical accounting, financial consulting, technology, and management consulting, tax, and assurance engagement teams by providing access to highly skilled professionals for repeatable business processes over an extended business day. USI is a member of RSM International, the sixth largest global network of independent accounting, tax, and consulting firms. RSM’s vision is to be the first-choice advisor to middle market leaders globally. You will work directly with clients, key decision makers and business owners across various industries and geographies to deliver a top-quality client experience. RSM is a diverse and inclusive place where you will work as part of a team while being valued as an individual, mentored as a future leader, and recognized for your accomplishments.
Risk Consulting helps clients across various industries by addressing the increasingly complex strategic, operational, compliance, and governance challenges faced by those responsible for managing or overseeing dynamic businesses. Risk Consulting major offerings includes AML & Regulatory Compliance; ERP Advisory; Automation and Analytics; Enterprise Risk Management; Internal Audit; SOX Advisory; Contract Compliance; Credit Reviews; Information & Technology Audits; Cybersecurity risk management; Third-party risk management; IT due diligence; SOC1 / SOC2; Security and Privacy Risk; Governance Risk and Compliance; PCI; Cyber Transformation; Manage Security Services; Secure Architecture Solutions; Cyber Testing; Digital Forensics and Incident Response; and Cyber Threat Intelligence.
Qualification and Minimum Entry Requirements
- Bachelor or Master degree in computer science with a minimum of 10 years in cyber security domain
- Technical background in networking/system administration, security testing or related fields
- In-depth knowledge of TCP/IP
- Good knowledge of Perl, Python, Bash, or C experience
- Operating System Configuration and Security experience (Windows, HP-UX, Linux, Solaris, AIX, etc.)
- Configuration and Security experience with firewalls, switches, routers, VPNs
- Experience with security and architecture testing and development frameworks, such as the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), and NIST SP800-115
- Familiar with security testing techniques such as threat modeling, network discovery, port and service identification, vulnerability scanning, network sniffing, penetration testing, configuration reviews, firewall rule reviews, social engineering, wireless penetration testing, fuzzing, and password cracking and can perform these techniques from a variety of adversarial perspectives (white-, grey-, black-box)
- Commercial Application Security tools experience (Nessus, Nexpose, Qualys, Appdetective, Appscan, etc.)
- Open source and free tools experience (Kali Linux suite, Metasploit, nmap, airsnort, Wireshark, Burp Suite, Paros, etc.)
- One or more of the following testing certifications: Certified Ethical Hacker (CEH); GIAC Certified Penetration Tester (GPEN); Offensive Security Certified Professional (OSCP); or equivalent development or testing certification (ECSA, CEPT, CPTE, CPTS, etc)
- In addition, one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®)
- Strong leadership and communication skills, technical knowledge, and the ability to write at a "publication" quality level in order to communicate findings and recommendations to the client's senior management
- Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices
Technical Requirements
- Web application penetration testing experience - familiarity with Burp, OWASP Top 10, etc
- Ability to recognize and validate significant findings past initial scanning/recon
- Web Services penetration testing (RESTful, CURL and SOAP)
- API penetration testing experience
- Conducts periodic scans of networks to find and detect vulnerabilities
- Lead scoping engagements by clearly articulating various penetration approaches and methodologies to audiences ranging from highly technical to executive personnel
- Report generation that clearly communicates testing and assessment details, results, and remediation recommendations to clients
- Develop scripts, tools, and methodologies to automate and streamline internal processes and engagements
- Conduct IT application testing, cybersecurity tool and systems analysis, system and network administration, and systems engineering support for the sustainment of information technology systems (mobile application testing, penetration testing, application, security, and hardware testing)
- Conduct cloud penetration testing engagements to assess specific workloads (i.e., AWS, GCP, Azure, containers, or other PaaS and SaaS instances) for vulnerabilities and subsequently attempt to exploit identified weakness after receiving permission from client stakeholders
- Provide recommendations to clients on specific security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks including response and recovery of a data security breach
- Maintain a firm grasp on the industry and anticipate trends and movements while balancing maturity and timing
- Performs client penetration testing to find any vulnerabilities or weaknesses that might be exploited by a malicious party, using open-source, custom, and commercial testing tools
- Expert knowledge of tools used for wireless, web application, and network security testing
- Working knowledge of CI/CD and SDLC deployment lifecycles and mechanisms
- Motivated self-starter who loves to solve challenging problems and feels comfortable working directly with customers
- Excellent oral, written communication, and presentation skills with an ability to present client security sessions and security workshops to C-Level Executives and non-technical audience
- Highly organized, detail-oriented, excellent time management skills, and able to effectively prioritize tasks in a fast-paced, high-volume, and evolving work environment
- Ability to approach customer and sales requests with a proactive and consultative manner; listen and understand user requests and needs and effectively deliver
- Comfortable managing multiple and changing priorities, and meeting deadlines in an entrepreneurial environment
- Nice to have: Mobile application penetration testing experience
- Nice to have: Cloud penetration testing experience (AWS and Azure)
Soft Skills Requirement
- Ability to work independently under minimal supervision and within a team.
- Manage project tasks and deadlines within a multi-time zone remote culture.
- 5-10 years of customer-facing consulting experience
- Ability to communicate complex vulnerability results and demonstrate proof of concepts for diverse audiences.
- 5+ years of experience managing a diverse team of technical testers
- Proven experience improving technical quality of the team
- Report regularly to management on improvements and team challenges
- 7-10 years of experience working in a global environment with multiple time zones and adjusting to client needs in other countries
- Ability to train others and improve technical skills of a team
At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/india.html.
RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Indian Armed Forces; Indian Armed Forces Veterans, and Indian Armed Forces Personnel status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation.
Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please send us an email at careers@rsmus.com.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics APIs Application security Audits Automation AWS Azure Bash Burp Suite C CEH CI/CD CISA CISM CISSP Cloud Compliance Computer Science DFIR ECSA ERP Exploit Firewalls Forensics GCP GIAC Governance GPEN Incident response Kali Linux Metasploit Nessus Network security NIST Nmap Offensive security Open Source OSCP OWASP PaaS Pentesting Perl Privacy Python Qualys Risk management SaaS SDLC Security assessment SOC 1 SOC 2 Solaris SOX TCP/IP Threat intelligence VPN Vulnerabilities Windows
Perks/benefits: Competitive pay Medical leave
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.