Deloitte - Manager - Application Security

Roles and Responsibilities

- Deliver and manage client engagements in Application Security Assessments, Source Code Review, Infrastructure Security Penetration Testing, and Vulnerability Assessment on client's IT infrastructure.

- Profile an application, identifying threats, and developing test cases to target identified threats

- Identify and exploit vulnerabilities in applications and infrastructure

- Review reports documenting identified issues based on internal templates

- Interact with clients in a collaborative consultative manor to deliver results, provide feedback and remediation recommendations on findings

- Act as a consultant/advisor in presenting risk and mitigation controls to the client based on the assessments (Identify potential vulnerabilities based on misconfiguration, policy, or design flaws on the client's IT applications and infrastructure.)

- Act as the technical subject matter expert (SME) for the junior professionals /consultants /Assistant Managers /Deputy Managers as well as serve as the technical point of contact for the client

- Understand the client dynamics and identify new opportunities within the client organization

- Lead business development activities and opportunities for sales in similar engagements for new clients

- Manage engagements end-to-end, prepare proposals, pricing, project deliverables and milestones tracking, invoicing, etc.

Participate in eminence activities within the industry (seminars, conferences, forums, etc.) to represent Deloitte

Educational Background

B. Sc. (IT) or B.E./B. Tech. or MCA or MBA (Computers & IT)

Certifications Preferable:

- Certified Ethical Hacker (CEH)

- Offensive Security Certified Professional (OSCP)

- SANS GIAC Certified Penetration Tester (GPEN)

- SANS GIAC Certified Web Applications Penetration Tester (GWAPT)

- ITIL Foundation/Expert

- Certified Information Systems Security Professional (CISSP)

- Certified Information Systems Auditor (CISA)

- Project Management Professional (PMP)/PRINCE2

- Certified Information Security Manager (CISM)

Other vendor certifications specific to application and network security

Technical

Technical Experience:

Application Security:

Experience on security testing using OWASP TOP 10, OSTMM, SANS 25, PCI standards as reference in Web Applications Security Assessments.

Profile an application, identifying threats, and developing test cases and relevant threat models.

Experience with Source Code Review (manual and automated)

Experience in exploitation of vulnerabilities in applications

Experience in security testing of mobile applications/API's of Android/iOS/Windows Mobile/Blackberry

Testing tool experience: Intercepting proxies (i.e. Burp Proxy, Charles Proxy, Webscarab Proxy, Paros Proxy, etc), HP WebInspect, IBM Appscan, Acunetix, etc.

Code Review tools Experience (Checkmarx, HP Fortify, Veracode)

Experience with scripting (Python, PERL, Ruby, etc.)

Research emerging security topics and new attack vectors

Understanding of application deployment architectures, SDLC methodologies, DevOps.

Possess market knowledge regarding various cyber security solutions

Network Security:

Tool Experience: Nessus, NMAP, Superscan, THC Hydra, JTR, ISS, AppScan, AppDetective, Qualys Guard.

Experience in Penetration Testing of networks/infrastructure and exploitation techniques

Technologies like IPSEC, SSL, SSH, VPN, DNS, SMTP, FTP

Strong technical skills and project management skills in handling multiple Vulnerability Management assignments.

Understanding of network architectures, Data life cycle management, etc.

Possess experience in managing large vulnerability management teams

Skills & Ability:

- Good written and oral communication skills

- Manage project timelines, deadlines and expectations - including client interactions

- Project Management skills, effort estimation, engagement risk management

- Understand and be able to reason about the business, as it relates to their area of expertise. Translate complex technical concepts for the understanding of non-technical people

- Team Management skills

- Organising Skills (Reporting, timeline management, etc.)

Should be open to travel.