Job Title:  T&T-Cyber-Strategy & Transformation- AM - VAPT

Job requisition ID ::  71634
Date:  Oct 8, 2024
Location:  Bengaluru
Designation:  Assistant Manager
Entity: 

Job Title: Application Security SME

Location: Bangalore, India (Mandatory)

Company: Deloitte India

Job Type: Full-time

Experience: 4-7 

Best fit Roles:

Web Application Penetration Testing, API Testing, Network Penetration Testing Mobile Application Penetration Testing, Source Code Review, Thick Client Application Testing

Certifications: Certified Ethical Hacker (CEH), Certified Red Team Professional (CRTP), Certified AppSec Pentester (CAPen), Certified API Security Analyst (CASA), OffSec Certified Professional (OSCP)

Responsibilities

  • Conduct end-to-end penetration tests on web applications, APIs, mobile applications, thick client applications, and network infrastructures to identify vulnerabilities.
  • Collaborate on projects with defined objectives, ensuring timely and successful delivery.
  • Analyze end-to-end application architectures and business logic for potential vulnerabilities.
  • Prepare detailed reports documenting findings, risk levels, and recommendations for remediation, ensuring clarity for both technical and non-technical audiences.
  • Perform in-depth source code reviews to detect security flaws and ensure compliance with secure coding standards.
  • Leverage advanced penetration testing tools and frameworks to replicate real-world attack scenarios, ensuring comprehensive vulnerability identification.
  • Execute cyber security assessments, including vulnerability assessments, penetration tests, and secure code reviews, both manually and using automated tools.
  • Present findings and remediation strategies to clients, providing guidance on best practices and potential risks.
  • Demonstrate understanding of core business processes and IT management practices to align security measures effectively.
  • Contribute to the development of best practices and methodologies within the security team.

The Key Skills

  • Expertise in penetration testing Web, Mobile application (both iOS and Android), API and SaaS application.
  • In-depth understanding of API security vulnerabilities and proven experience in securing API. Experience in writing proof of concepts, exploits and performing in-depth exploitation is desired.
  • Understanding of basic business and information technology management processes
  • Must have in-depth knowledge of OWASP TOP 10/SANS25 best practices and cyber security guidelines.
  • Must have detailed understanding of CIA Triads, Cryptography, Defense in Depth.
  • Experience in Infrastructure Penetration Testing and Application Security Testing
  • In-Depth understating of Risk, Threat, and Vulnerabilities.
  • Experience in secure code review and expertise in tools like Checkmarx, SonarQube, Veracode will be preferred.
  • Experience in conducting configuration reviews of Windows, Linux, UNIX, Solaris, Databases, etc.
  • Should possess knowledge of vulnerability exploitation and exploit development.
  • Experience in basic scripting such as: Shell, Python, etc.
  • Good knowledge of protocols, security measures and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture.
  • Familiarity with security principles and technologies.
  • Expertise in performing Threat Modeling, generating security architectural requirements to software development and product teams.
  • Expert knowledge of offensive security tools (e.g., Metasploit, Cobalt Strike, Burp Suite, Empire, etc.) and threat simulation frameworks.
  • Strong understanding of TTPs used by cybercriminals and APT groups (MITRE ATTACK framework knowledge preferred).