Deloitte - Deputy Manager - Application Security

Roles & Responsibilities

- Deliver client engagements in Application Security Assessments, Source Code Review, Infrastructure Security Penetration Testing, and Vulnerability Assessment on client's IT infrastructure.

- Profile an application, identifying threats, and developing test cases to target identified threats

- Identify and exploit vulnerabilities in applications and infrastructure

- Prepare reports documenting identified issues based on internal templates

- Interact with clients in a collaborative consultative manor to deliver results, provide feedback and remediation recommendations on findings

- Act as a consultant/advisor in presenting risk and mitigation controls to the client based on the assessments (Identify potential vulnerabilities based on misconfiguration, policy, or design flaws on the client's IT applications and infrastructure.)

- Act as the technical subject matter expert (SME) for the junior professionals/consultants/Assistant Managers within the team

- Understand the client dynamics and identify new opportunities within the client organization

Educational Background

B. Sc. (IT) or B.E./B. Tech. or MCA or MBA (Computers & IT)

Certifications Preferable

- Certified Ethical Hacker (CEH)

- Offensive Security Certified Professional (OSCP)

- SANS GIAC Certified Penetration Tester (GPEN)

- SANS GIAC Certified Web Applications Penetration Tester (GWAPT)

- ITIL Foundation/Expert

- Certified Information Systems Security Professional (CISSP)

- Other vendor certifications specific to application and network security

Technical Experience

Application Security:

Experience on security testing using OWASP TOP 10, OSTMM, SANS 25, PCI standards as reference in Web Applications Security Assessments.

Profile an application, identifying threats, and developing test cases and relevant threat models.

Experience with Source Code Review (manual and automated)

Experience in exploitation of vulnerabilities in applications

Experience in security testing of mobile applications/API's of Android/iOS/Windows Mobile/Blackberry

Testing tool experience: Intercepting proxies (i.e. Burp Proxy, Charles Proxy, Webscarab Proxy, Paros Proxy, etc), HP WebInspect, IBM Appscan, Acunetix, etc.

Code Review tools Experience (Checkmarx, HP Fortify, Veracode)

Experience with scripting (Python, PERL, Ruby, etc.)

Research emerging security topics and new attack vectors

Understanding of application deployment architectures, SDLC methodologies, DevOps.

Network Security:

Tool Experience: Nessus, NMAP, Superscan, THC Hydra, JTR, ISS, AppScan, AppDetective, Qualys Guard.

Experience in Penetration Testing of networks/infrastructure and exploitation techniques

Technologies like IPSEC, SSL, SSH, VPN, DNS, SMTP, FTP

Strong technical skills and project management skills in handling multiple Vulnerability Management assignments.

Understanding of network architectures, Data life cycle management, etc.

Skills & Ability:

- Good written and oral communication skills

- Manage project timelines, deadlines and expectations - including client interactions

- Project Management skills, effort estimation,

- Understand and be able to reason about the business, as it relates to their area of expertise. Translate complex technical concepts for the understanding of non-technical people

- Team Management skills

- Organising Skills (Reporting, timeline management, etc.)

- Should be open to travel.