Deputy Manager - HR at Protiviti India
Views:3012 Applications:37 Rec. Actions:Recruiter Actions:1
Protiviti - Senior Consultant/Deputy Manager - Vulnerability Assessment & Penetration Testing (3-9 yrs)
Role Objective :
- The Firm is seeking to recruit bright and passionate individuals who have relevant work experience and skills in Technology Consulting. The role will primarily involve executing and at times managing diverse client engagements. Working on challenging assignments thereby enhancing the learning through breadth and depth of experience.
- The role is a client facing role which offers a varied multi industry exposure. This role offers a platform for developing IT skills as well as domain knowledge. While the role is based in Mumbai, the s travel across various client locations in India, Asia Pac, Middle East and Americas.
Desired profile :
- Experience in Cyber security and Information Security and related functions such as Cybersecurity assessments, IT audits and IT Risk Management etc.
- Qualification - BE, MBA (desirable)
- Certifications (desirable) - OSCP, CISA, CISSP, PMP, ITIL, CEH, COBIT, ISO 27001
- Experience in the areas of Infrastructure Security Audit, IT Security, Vulnerability Assessment, Risk Assessment, Web Application Security, Network Security Review, Network Architecture Review, Mobile Application Security Testing, Configuration Review, and Source Code Review, Wireless Pentest, Process Review and ITGC
- Knowledge and experience in the areas of one or more Operating Systems, Databases maintenance, hardening, testing and security management
- Understanding and knowledge of network and networking components including maintenance, hardening, testing and security management
- Knowledge of how to leverage open-source penetration testing tools, including Metasploit and the Kali Linux tool set
- Perform manual penetration testing of client systems, web sites and networks to discover vulnerabilities
- Experience with penetration testing against a wide variety of application layer platforms, including web, mobile, and thick client above and beyond running automated tools
- Knowledge of the software development lifecycle in a large enterprise and understanding of application security guidelines/requirements from OWASP, OSSTMM, SANS etc.
- Familiarity with common reconnaissance, exploitation, and post exploitation frameworks and thoroughly document exploit chain/proof of concept scenarios
- Experience in the areas of establishing procedures and policies for the design, installation and commissioning of the systems infrastructure
- Ability to analyze root causes and deliver strategic recommendations during security reviews
- Strong knowledge of VoIP, SIP, ATM, CBS and/or other non-traditional environment is a plus
- Adhering to best practices, and alignment with the customer's security requirements for project execution, documentation, reporting and timely closure
- Industry domain knowledge from BFSI, Capital markets, telecom, IT/ITES, Service etc. would be an added advantage
- Excellent knowledge of latest security technologies and methodologies particularly, including for example: PKI / Block chain / Reverse Engg / Threat Intelligence/ AI etc.
- Knowledge in one or more scripting language like perl/php/python/bash/powershell OR one or more programming languages like C/C++/Java etc.
- Candidate with experience in security training, speakers, zero day exploit writing, CVE-IDs would have an added advantage
- Strong knowledge and experience in ISMS/BCMS implementation would be an added advantage
- Experience of information security standards such as: ISO 27001, ISO 22301, PCI DSS, ITIL, COBIT would be an added advantage
- Proficient in Microsoft Office suite applications
Key Personal Attributes
- Has direct, client-facing engagement responsibilities.
- Serving as both role model and trainer, demonstrates the attributes of excellent client service and assists team members in developing technical and professional competency.
- Learns to identify areas of IT risk and opportunities to improve IT business processes.
- Should possess interpersonal skills to interact in team environment and foster client relationships
- Should have the ability to communicate technical risk issues effectively, to customers who may, at times, have a non-technical background
- Must have the ability to write technical reports, detailed presentations and documentation
- Demonstrate understanding of the importance of business ethics
- Should have sound job administration skills
- Must be able to handle highly confidential information in a strictly professional manner
- Must be able to maintain professional demeanor in times of high stress
- Open to travel as per the job requirements. It would depend upon the assignment as well.
Please check our website- www.protiviti.in
Protiviti delivers deep expertise, objective insights, a tailored approach and unparalleled collaboration to help leaders face the future with confidence. Our consulting solutions span critical business problems in technology, business process, analytics, risk, compliance, transactions and internal audit. We are committed to attracting and developing a diverse workforce of professionals that share the common value of collaboration. As an organization, we believe that by teaming together, with each other, and our clients, we can see beyond the surface of changes and problems organizations face in this fast changing world to discover opportunities others might miss and face the future with greater confidence.
Our more than 4,500 people serve clients through the network of Protiviti and independently owned Member Firms in more than 70 offices in over 20 countries. We have served over 60% of FORTUNE 1000- companies and 35% of FORTUNE Global 500- companies. Our people and organization have consistently been recognized by FORTUNE and Consulting Magazine as a best company to work for. In India, Protiviti's member firm (Protiviti India Member Private Ltd.) is a leading provider of business consulting, internal audit, risk management, technology, tax and regulatory, financial reporting and IFRS advisory, forensic and fraud investigation, information management and transaction services. Protiviti member firms are separate and independent legal entities, are not agents of other firms in the Protiviti network, and have no authority to obligate or bind other firms in the Protiviti network.