Consultant - Technical Security

Location: Lower Parel, Mumbai

Experience: 8+

Joining: Immediate Joiners Preferred

CTC: As per Industry Standards

Primary Objective

To lead the firm's technical security division by defining and governing offensive engineering and architectural review standards. This role ensures that every technical assessment-from code to cloud-is rigorous, manual-heavy, and provides clients with a defensible security posture.

Key Responsibilities

1. Technical Strategy & Methodology Governance

- Define and enforce assessment standards for the following service towers:

a. VAPT: Web, Mobile (iOS/Android), API, and Internal/External Networks.

b. Cloud Security: Configuration reviews and CIS benchmarking for AWS, Azure, and GCP.

c. Application Security: Static Application Security Testing (SAST) and Secure Source Code Review.

- Ensure all testing combines automated scanning with deep manual business-logic exploitation.

2. Architecture & Infrastructure Review:

- Lead deep-dive architecture reviews of firewall rule sets, network segmentation, and Zero Trust readiness.

- Oversee specialized security assessments of Active Directory environments, Wi-Fi networks, and Thick Client applications.

- Validate that remediation guidance is technically sound and aligns with enterprise architectural constraints.

3. Quality Assurance & Technical Gatekeeping

- Act as the final technical authority for all security assessment reports and architectural recommendations.

- Verify critical vulnerabilities to eliminate false positives and demonstrate risk through Proof of Concepts (PoCs).

- Ensure all deliverables meet "Board-Ready" benchmarks and are regulator-defensible.

4. Vendor-Neutral Technology Advisory

- Act as an unbiased technical advisor to define requirements and manage RFP/PoC evaluations of security solutions.

- Evaluate technologies across the cybersecurity stack (Identity, Data, Cloud, Endpoint, and Network) to ensure fit for client risk profiles.

Candidate Profile:

Experience & Technical Expertise:

- 8+ years of hands-on experience in technical security, with at least 4 years in a lead or principal role.

- Mastery of offensive security across Web, Mobile, API, Network, and Cloud Infrastructure.

- Proven experience in Secure Code Review (SAST) and Cloud Posture Management (CSPM).

- Strong background in network architecture, including Zero Trust and AD security.

Certifications (Preferred):

- OSCP/OSCE, CRTO, AWS/Azure Security Specialty, or CISSP.

Leadership Qualities:

- Ability to translate complex technical vulnerabilities into business risk for CXO-level stakeholders.

- Experience managing high-complexity Red Team engagements or large-scale architectural transformations.