Position Summary JobDescription:CyberRiskApplication Security Senior Consultant Are you interested in improving the cyber and organizationalrisk profiles of leading companies? Do youwanttobeinvolvedindeliveringAttackSurfaceManagement(ASM)Services including identifying potentially vulnerable IT assets or weak security configurations within their networks in real time? Are you excited about rapidly changing operational environments, learning what you need to get the job done, and producing accurate and timely results? Ifyes,thenDeloitte’s Attack Surface Management (ASM) teamcould betheplaceforyou!Transparency, innovation,collaboration,sustainability:thesearethehallmarkissuesshaping cyberinitiativestoday. Deloitte’s ASM business is passionate about making an impact with lasting change.Delivering our industry leading services requires fresh thinking and a creative approach. We collaborate with teams from across our organization to bring the fullbreadth ofDeloitte, its commercialand public sector expertise, to best support our clients.Our aspiration is to be the premier integrated services provider in helping to transform the cyber security services marketplace. Ourteamisclientfocusedandmissiondriven.AsaCyberRiskAttackSurfaceSeniorConsultant inDeloitte'sAttackSurfaceManagement(ASM) Services,you’llworkwithourdiverseteamsofpassionateprofessionals to help solve for some of today’s toughest cybersecurity challenges to enable or clients to achieve business growth and manage risk. Workyou’ll do AsanAttackSurface Management SeniorConsultant,youwillassistourclientswithdiscoveringvulnerabilitiesand rogue assets (such as shadow IT)in their networks as part of a team of engineers and analysts around the world who specialize in the tactics, tools and proceduresused by cyber criminals. Conduct vulnerability assessments and manual penetration testing for Web, API, Thick Client and mobile applications. Perform Secure code review and false positive analysis for vulnerabilities reported by industry standard tools. Respond torequestsfor ad-hocreporting andresearchtopicsfrommanagementand analysts as required Develop and implement application security policies and procedures. Identify and prioritizes security vulnerabilities. Coordinate with the application development teams and operations teams to assist with the remediations plans and securing the applications Quicklyunderstandanddeliver oncompanyandclient requirements Aidinandparticipateindaily,weekly,quarterly,andyearlyreporting forclients, partners, and internal teams AdheretointernaloperationalsecurityandotherDeloitte policies Qualifications Required: Bachelor'sdegreeorhigherinComputer Science, or equivalent experience. 5-9 years of hands-on experience in application security, vulnerability assessment, penetration testing, mobile application security, Thick Client and Web API security assessments. Strong understanding of OWASP Top 10 vulnerabilities but not limited to. Strong experience in manual assessment and exploitation of vulnerabilities such as Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling etc. Strong understanding of OAUTHv2/OpenID standards and associated vulnerabilities. Strong understanding of business logic vulnerabilities. Experience in Secure Code Review in-line with OWASP Secure Coding Practices. Proficiency in industry standard tools such as Burp Suite, Fiddler, Sysinternals suite, Veracode, DnSpy, Olly debugger, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida etc. Ability to perform manual penetration testing and security assessments using automated tools. Excellent technical report writing skillset. Knowledge of web application components like frontend, backend, databases and application servers. Understanding in web development technologies like HTML, CSS, JavaScript, PHP, JAVA, .Net and backend databases. Experience with reviewing application security architectures and threat modelling. Understand on the basic concepts of reverse engineering, memory analysis etc. Understanding of basic networking protocols such as TCP/IP, DNS, HTTP/s Understanding of vulnerability classification using National Vulnerability Database nomenclature such as CVE/CVSS Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professionals (OSCP), Offensive Security Web Expert (OSWE), Burp Suite Certified Practitioner (BSCP), Web Application Penetration Tester (GWAPT). Preferred: Proficiency in Web and Mobile application security assessments, penetration testing and secure code review. Relevant publications such as blogs, tools, conference presentations and CVEs are preferred. Offensive Security Web Expert (OSWE) and Burp Suite Certified Practitioner (BSCP) certifications are preferred. Experience with automation and scripting (Python) are preferred. OutstandingEnglishwrittenand oralcommunicationskillsand theabilitytoprioritize work Strongunderstandingofweb, mobile and microservices vulnerabilities. Workingknowledgeofhowmaliciouscodeoperatesandhowtechnicalvulnerabilitiesare exploited. Stronganalyticalandproblem-solving skills. Self-motivatedtoupskill and learn new attack vectors. Astrongdesiretounderstandthewhat aswellasthewhy andthehowof security vulnerabilities. The team Deloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth,innovation,andperformanceagendasthroughproactivemanagementoftheassociatedcyber risks.Our professionalsprovideadvisory and implementation servicesthat integraterisk,regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient. TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory’s Cyber Risk Services practice. Howyou’ll Grow AtDeloitte,ourprofessionaldevelopmentplanfocusesonhelpingpeopleateveryleveloftheircareer to identify and use their strengths todo their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help sharpenskills in addition to hands-on experience in the global, fast-changing business world.From on-the-job learningexperiencestoformaldevelopmentprogramsatDeloitteUniversity,ourprofessionalshavea variety of opportunitiestocontinuetogrowthroughout their career. ExploreDeloitteUniversity,The Leadership Center. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employeesabroadrangeofbenefits. LearnmoreaboutwhatworkingatDeloittecanmeanforyou. Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them theflexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programsandarecontinuouslylookingfornewwaystomaintainaculturewhereourpeopleexceland lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters.This purposedefines who we are and extendsto relationships with our clients, our people and our communities.We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadershiptohelpdrivepositivesocialimpactinourcommunities. LearnmoreaboutDeloitte’simpact on the world. Recruiter tips WewantjobseekersexploringopportunitiesatDeloittetofeelpreparedandconfident.Tohelpyou with your interview, we suggest that you do your research: know some background about the organizationandthebusinessareayou’reapplyingto. CheckoutrecruitingtipsfromDeloitte professionals. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Professional development From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. Requisition code: 301462 Show more Show less

Position Summary JobDescription:CyberRiskApplication Security Consultant Are you interested in improving the cyber and organizationalrisk profiles of leading companies? Do youwanttobeinvolvedindeliveringAttackSurfaceManagement(ASM)Services including identifying potentially vulnerable IT assets or weak security configurations within their networks in real time? Are you excited about rapidly changing operational environments, learning what you need to get the job done, and producing accurate and timely results? Ifyes,thenDeloitte’s Attack Surface Management (ASM) teamcould betheplaceforyou!Transparency, innovation,collaboration,sustainability:thesearethehallmarkissuesshaping cyberinitiativestoday. Deloitte’s ASM business is passionate about making an impact with lasting change.Delivering our industry leading services requires fresh thinking and a creative approach. We collaborate with teams from across our organization to bring the fullbreadth ofDeloitte, its commercialand public sector expertise, to best support our clients.Our aspiration is to be the premier integrated services provider in helping to transform the cyber security services marketplace. Ourteamisclientfocusedandmissiondriven.AsaCyberRiskAttackSurfaceSeniorConsultant inDeloitte'sAttackSurfaceManagement(ASM) Services,you’llworkwithourdiverseteamsofpassionateprofessionals to help solve for some of today’s toughest cybersecurity challenges to enable or clients to achieve business growth and manage risk. Workyou’ll do AsanAttackSurface Management Consultant,youwillassistourclientswithdiscoveringvulnerabilitiesand rogue assets (such as shadow IT)in their networks as part of a team of engineers and analysts around the world who specialize in the tactics, tools and proceduresused by cyber criminals. Conduct vulnerability assessments and manual penetration testing for Web, API, Thick Client and mobile applications. Perform Secure code review and false positive analysis for vulnerabilities reported by industry standard tools. Respond torequestsfor ad-hocreporting andresearchtopicsfrommanagementand analysts as required Develop and implement application security policies and procedures. Identify and prioritizes security vulnerabilities. Coordinate with the application development teams and operations teams to assist with the remediations plans and securing the applications Quicklyunderstandanddeliver oncompanyandclient requirements Aidinandparticipateindaily,weekly,quarterly,andyearlyreporting forclients, partners, and internal teams AdheretointernaloperationalsecurityandotherDeloitte policies Qualifications Required: Bachelor'sdegreeorhigherinComputer Science, or equivalent experience. 3-5 years of hands-on experience in application security, vulnerability assessment, penetration testing, mobile application security, Thick Client and Web API security assessments. Strong understanding of OWASP Top 10 vulnerabilities but not limited to. Strong experience in manual assessment and exploitation of vulnerabilities such as Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling etc. Strong understanding of OAUTHv2/OpenID standards and associated vulnerabilities. Strong understanding of business logic vulnerabilities. Experience in Secure Code Review in-line with OWASP Secure Coding Practices. Proficiency in industry standard tools such as Burp Suite, Fiddler, Sysinternals suite, Veracode, DnSpy, Olly debugger, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida etc. Ability to perform manual penetration testing and security assessments using automated tools. Excellent technical report writing skillset. Knowledge of web application components like frontend, backend, databases and application servers. Understanding in web development technologies like HTML, CSS, JavaScript, PHP, JAVA, .Net and backend databases. Experience with reviewing application security architectures and threat modelling. Understand on the basic concepts of reverse engineering, memory analysis etc. Understanding of basic networking protocols such as TCP/IP, DNS, HTTP/s Understanding of vulnerability classification using National Vulnerability Database nomenclature such as CVE/CVSS Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professionals (OSCP), Offensive Security Web Expert (OSWE), Burp Suite Certified Practitioner (BSCP), Web Application Penetration Tester (GWAPT). Preferred: Proficiency in Web and Mobile application security assessments, penetration testing and secure code review. Relevant publications such as blogs, tools, conference presentations and CVEs are preferred. Offensive Security Web Expert (OSWE) and Burp Suite Certified Practitioner (BSCP) certifications are preferred. Experience with automation and scripting (Python) are preferred. OutstandingEnglishwrittenand oralcommunicationskillsand theabilitytoprioritize work Strongunderstandingofweb, mobile and microservices vulnerabilities. Workingknowledgeofhowmaliciouscodeoperatesandhowtechnicalvulnerabilitiesare exploited. Stronganalyticalandproblem-solving skills. Self-motivatedtoupskill and learn new attack vectors. Astrongdesiretounderstandthewhat aswellasthewhy andthehowof security vulnerabilities. The team Deloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth,innovation,andperformanceagendasthroughproactivemanagementoftheassociatedcyber risks.Our professionalsprovideadvisory and implementation servicesthat integraterisk,regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient. TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory’s Cyber Risk Services practice. Howyou’ll Grow AtDeloitte,ourprofessionaldevelopmentplanfocusesonhelpingpeopleateveryleveloftheircareer to identify and use their strengths todo their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help sharpenskills in addition to hands-on experience in the global, fast-changing business world.From on-the-job learningexperiencestoformaldevelopmentprogramsatDeloitteUniversity,ourprofessionalshavea variety of opportunitiestocontinuetogrowthroughout their career. ExploreDeloitteUniversity,The Leadership Center. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employeesabroadrangeofbenefits. LearnmoreaboutwhatworkingatDeloittecanmeanforyou. Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them theflexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programsandarecontinuouslylookingfornewwaystomaintainaculturewhereourpeopleexceland lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters.This purposedefines who we are and extendsto relationships with our clients, our people and our communities.We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadershiptohelpdrivepositivesocialimpactinourcommunities. LearnmoreaboutDeloitte’simpact on the world. Recruiter tips WewantjobseekersexploringopportunitiesatDeloittetofeelpreparedandconfident.Tohelpyou with your interview, we suggest that you do your research: know some background about the organizationandthebusinessareayou’reapplyingto. CheckoutrecruitingtipsfromDeloitte professionals. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Professional development From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. Requisition code: 302277 Show more Show less

Job Summary: We are seeking an experienced Penetration Tester to join our team of security professionals. As a senior penetration tester, you will be responsible for conducting comprehensive penetration testing on web applications, mobile and desktop apps, APIs, infrastructure, and other systems. You will utilize your expertise in threat modeling, automation of the testing, and advanced techniques to identify vulnerabilities and provide actionable recommendations to improve the overall security posture of Asite SDLC and systems. You will manage a small team that you also must mentor and guide in the best practices and help grow. You must have a passion for knowledge sharing and continuous learning. You are willing to undergo background checks and Security Clearance. Key Responsibilities: Conduct thorough threat modelling, risk assessments and vulnerability scanning of web applications, mobile and desktop apps, APIs, infrastructure, and other systems Identify and exploit vulnerabilities using various penetration testing tools, techniques, and methodologies – PTES, NIST 800-115, OWASP Develop and maintain a comprehensive understanding of systems, including architecture, design patterns, and application logic Design and implement effective threat models to identify potential entry points for attackers using STRIDE and OWASP ASVS Automate testing using tools and integrating them such as vulnerability scanners, SAST, DAST, SCA and other relevant technologies including Collaborate with external penetration testing companies and clients to digest and review the risk of reports back to clients within their security requirements, provide recommendations to implement fixes to address identified vulnerabilities to internal stakeholders Stay up to date with the latest threats, vulnerabilities, red teaming, and penetration testing techniques through ongoing training and professional development Manage and mentor a team of junior and interns. Requirements: 5+ years of experience in penetration testing, with a strong focus on web applications, mobile and desktop apps, APIs, and infrastructure testing. Willing to undergo background checks and security clearance. Good level of Indi and English both spoken or written to a bilingual or at least Professional level, other languages at a bilingual/Professional level such as Arabic, Mandarin, French or German highly preferred. Experience with cloud-based infrastructure and services - AWS, Azure, Google Cloud – containers, k8s and virtual machines. Proven expertise in threat modeling, automation of testing, and advanced techniques (e.g., exploit development, reverse engineering) OSCP or similar certification, GIAC Penetration Tester a plus Strong knowledge of web application security frameworks, such as OWASP Familiarity with mobile app security testing tools and techniques Experience with desktop application security testing, including reverse engineering and exploit development In-depth understanding of API security testing, including protocol analysis and exploitation Strong networking fundamentals, including TCP/IP, DNS, DHCP, etc. Proficiency in scripting languages, such as Python, Ruby, PowerShell Experience with agile development methodologies and collaboration tools like JIRA and their integrations Excellent communication, problem-solving, and analytical skills Nice to Have: Familiarity with DevOps practices and security orchestration, automation, and monitoring (SOAM) tools Knowledge of containerization technologies (e.g., Docker) and container-based vulnerability testing Experience with OWASP ASVS and similar frameworks Knowledge of machine learning models and associated security issues at the implementation and bypassing security restrictions. Show more Show less

Position Summary JobDescription:CyberRiskApplication Security Senior Consultant Are you interested in improving the cyber and organizationalrisk profiles of leading companies? Do youwanttobeinvolvedindeliveringAttackSurfaceManagement(ASM)Services including identifying potentially vulnerable IT assets or weak security configurations within their networks in real time? Are you excited about rapidly changing operational environments, learning what you need to get the job done, and producing accurate and timely results? Ifyes,thenDeloitte’s Attack Surface Management (ASM) teamcould betheplaceforyou!Transparency, innovation,collaboration,sustainability:thesearethehallmarkissuesshaping cyberinitiativestoday. Deloitte’s ASM business is passionate about making an impact with lasting change.Delivering our industry leading services requires fresh thinking and a creative approach. We collaborate with teams from across our organization to bring the fullbreadth ofDeloitte, its commercialand public sector expertise, to best support our clients.Our aspiration is to be the premier integrated services provider in helping to transform the cyber security services marketplace. Ourteamisclientfocusedandmissiondriven.AsaCyberRiskAttackSurfaceSeniorConsultant inDeloitte'sAttackSurfaceManagement(ASM) Services,you’llworkwithourdiverseteamsofpassionateprofessionals to help solve for some of today’s toughest cybersecurity challenges to enable or clients to achieve business growth and manage risk. Workyou’ll do AsanAttackSurface Management SeniorConsultant,youwillassistourclientswithdiscoveringvulnerabilitiesand rogue assets (such as shadow IT)in their networks as part of a team of engineers and analysts around the world who specialize in the tactics, tools and proceduresused by cyber criminals. Conduct vulnerability assessments and manual penetration testing for Web, API, Thick Client and mobile applications. Perform Secure code review and false positive analysis for vulnerabilities reported by industry standard tools. Respond torequestsfor ad-hocreporting andresearchtopicsfrommanagementand analysts as required Develop and implement application security policies and procedures. Identify and prioritizes security vulnerabilities. Coordinate with the application development teams and operations teams to assist with the remediations plans and securing the applications Quicklyunderstandanddeliver oncompanyandclient requirements Aidinandparticipateindaily,weekly,quarterly,andyearlyreporting forclients, partners, and internal teams AdheretointernaloperationalsecurityandotherDeloitte policies Qualifications Required: Bachelor'sdegreeorhigherinComputer Science, or equivalent experience. 5-9 years of hands-on experience in application security, vulnerability assessment, penetration testing, mobile application security, Thick Client and Web API security assessments. Strong understanding of OWASP Top 10 vulnerabilities but not limited to. Strong experience in manual assessment and exploitation of vulnerabilities such as Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling etc. Strong understanding of OAUTHv2/OpenID standards and associated vulnerabilities. Strong understanding of business logic vulnerabilities. Experience in Secure Code Review in-line with OWASP Secure Coding Practices. Proficiency in industry standard tools such as Burp Suite, Fiddler, Sysinternals suite, Veracode, DnSpy, Olly debugger, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida etc. Ability to perform manual penetration testing and security assessments using automated tools. Excellent technical report writing skillset. Knowledge of web application components like frontend, backend, databases and application servers. Understanding in web development technologies like HTML, CSS, JavaScript, PHP, JAVA, .Net and backend databases. Experience with reviewing application security architectures and threat modelling. Understand on the basic concepts of reverse engineering, memory analysis etc. Understanding of basic networking protocols such as TCP/IP, DNS, HTTP/s Understanding of vulnerability classification using National Vulnerability Database nomenclature such as CVE/CVSS Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professionals (OSCP), Offensive Security Web Expert (OSWE), Burp Suite Certified Practitioner (BSCP), Web Application Penetration Tester (GWAPT). Preferred: Proficiency in Web and Mobile application security assessments, penetration testing and secure code review. Relevant publications such as blogs, tools, conference presentations and CVEs are preferred. Offensive Security Web Expert (OSWE) and Burp Suite Certified Practitioner (BSCP) certifications are preferred. Experience with automation and scripting (Python) are preferred. OutstandingEnglishwrittenand oralcommunicationskillsand theabilitytoprioritize work Strongunderstandingofweb, mobile and microservices vulnerabilities. Workingknowledgeofhowmaliciouscodeoperatesandhowtechnicalvulnerabilitiesare exploited. Stronganalyticalandproblem-solving skills. Self-motivatedtoupskill and learn new attack vectors. Astrongdesiretounderstandthewhat aswellasthewhy andthehowof security vulnerabilities. The team Deloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth,innovation,andperformanceagendasthroughproactivemanagementoftheassociatedcyber risks.Our professionalsprovideadvisory and implementation servicesthat integraterisk,regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient. TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory’s Cyber Risk Services practice. Howyou’ll grow AtDeloitte,ourprofessionaldevelopmentplanfocusesonhelpingpeopleateveryleveloftheircareer to identify and use their strengths todo their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help sharpenskills in addition to hands-on experience in the global, fast-changing business world.From on-the-job learningexperiencestoformaldevelopmentprogramsatDeloitteUniversity,ourprofessionalshavea variety of opportunitiestocontinuetogrowthroughout their career. ExploreDeloitteUniversity,The Leadership Center. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employeesabroadrangeofbenefits. LearnmoreaboutwhatworkingatDeloittecanmeanforyou. Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them theflexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programsandarecontinuouslylookingfornewwaystomaintainaculturewhereourpeopleexceland lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters.This purposedefines who we are and extendsto relationships with our clients, our people and our communities.We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadershiptohelpdrivepositivesocialimpactinourcommunities. LearnmoreaboutDeloitte’simpact on the world. Recruiter tips WewantjobseekersexploringopportunitiesatDeloittetofeelpreparedandconfident.Tohelpyou with your interview, we suggest that you do your research: know some background about the organizationandthebusinessareayou’reapplyingto. CheckoutrecruitingtipsfromDeloitte professionals. #CA-LD Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Professional development From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. Requisition code: 301459 Show more Show less

Position Summary JobDescription:CyberRiskApplication Security Senior Consultant Are you interested in improving the cyber and organizationalrisk profiles of leading companies? Do youwanttobeinvolvedindeliveringAttackSurfaceManagement(ASM)Services including identifying potentially vulnerable IT assets or weak security configurations within their networks in real time? Are you excited about rapidly changing operational environments, learning what you need to get the job done, and producing accurate and timely results? Ifyes,thenDeloitte’s Attack Surface Management (ASM) teamcould betheplaceforyou!Transparency, innovation,collaboration,sustainability:thesearethehallmarkissuesshaping cyberinitiativestoday. Deloitte’s ASM business is passionate about making an impact with lasting change.Delivering our industry leading services requires fresh thinking and a creative approach. We collaborate with teams from across our organization to bring the fullbreadth ofDeloitte, its commercialand public sector expertise, to best support our clients.Our aspiration is to be the premier integrated services provider in helping to transform the cyber security services marketplace. Ourteamisclientfocusedandmissiondriven.AsaCyberRiskAttackSurfaceSeniorConsultant inDeloitte'sAttackSurfaceManagement(ASM) Services,you’llworkwithourdiverseteamsofpassionateprofessionals to help solve for some of today’s toughest cybersecurity challenges to enable or clients to achieve business growth and manage risk. Workyou’ll do AsanAttackSurface Management SeniorConsultant,youwillassistourclientswithdiscoveringvulnerabilitiesand rogue assets (such as shadow IT)in their networks as part of a team of engineers and analysts around the world who specialize in the tactics, tools and proceduresused by cyber criminals. Conduct vulnerability assessments and manual penetration testing for Web, API, Thick Client and mobile applications. Perform Secure code review and false positive analysis for vulnerabilities reported by industry standard tools. Respond torequestsfor ad-hocreporting andresearchtopicsfrommanagementand analysts as required Develop and implement application security policies and procedures. Identify and prioritizes security vulnerabilities. Coordinate with the application development teams and operations teams to assist with the remediations plans and securing the applications Quicklyunderstandanddeliver oncompanyandclient requirements Aidinandparticipateindaily,weekly,quarterly,andyearlyreporting forclients, partners, and internal teams AdheretointernaloperationalsecurityandotherDeloitte policies Qualifications Required: Bachelor'sdegreeorhigherinComputer Science, or equivalent experience. 5-9 years of hands-on experience in application security, vulnerability assessment, penetration testing, mobile application security, Thick Client and Web API security assessments. Strong understanding of OWASP Top 10 vulnerabilities but not limited to. Strong experience in manual assessment and exploitation of vulnerabilities such as Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling etc. Strong understanding of OAUTHv2/OpenID standards and associated vulnerabilities. Strong understanding of business logic vulnerabilities. Experience in Secure Code Review in-line with OWASP Secure Coding Practices. Proficiency in industry standard tools such as Burp Suite, Fiddler, Sysinternals suite, Veracode, DnSpy, Olly debugger, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida etc. Ability to perform manual penetration testing and security assessments using automated tools. Excellent technical report writing skillset. Knowledge of web application components like frontend, backend, databases and application servers. Understanding in web development technologies like HTML, CSS, JavaScript, PHP, JAVA, .Net and backend databases. Experience with reviewing application security architectures and threat modelling. Understand on the basic concepts of reverse engineering, memory analysis etc. Understanding of basic networking protocols such as TCP/IP, DNS, HTTP/s Understanding of vulnerability classification using National Vulnerability Database nomenclature such as CVE/CVSS Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professionals (OSCP), Offensive Security Web Expert (OSWE), Burp Suite Certified Practitioner (BSCP), Web Application Penetration Tester (GWAPT). Preferred: Proficiency in Web and Mobile application security assessments, penetration testing and secure code review. Relevant publications such as blogs, tools, conference presentations and CVEs are preferred. Offensive Security Web Expert (OSWE) and Burp Suite Certified Practitioner (BSCP) certifications are preferred. Experience with automation and scripting (Python) are preferred. OutstandingEnglishwrittenand oralcommunicationskillsand theabilitytoprioritize work Strongunderstandingofweb, mobile and microservices vulnerabilities. Workingknowledgeofhowmaliciouscodeoperatesandhowtechnicalvulnerabilitiesare exploited. Stronganalyticalandproblem-solving skills. Self-motivatedtoupskill and learn new attack vectors. Astrongdesiretounderstandthewhat aswellasthewhy andthehowof security vulnerabilities. The team Deloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth,innovation,andperformanceagendasthroughproactivemanagementoftheassociatedcyber risks.Our professionalsprovideadvisory and implementation servicesthat integraterisk,regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient. TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory’s Cyber Risk Services practice. Howyou’ll Grow AtDeloitte,ourprofessionaldevelopmentplanfocusesonhelpingpeopleateveryleveloftheircareer to identify and use their strengths todo their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help sharpenskills in addition to hands-on experience in the global, fast-changing business world.From on-the-job learningexperiencestoformaldevelopmentprogramsatDeloitteUniversity,ourprofessionalshavea variety of opportunitiestocontinuetogrowthroughout their career. ExploreDeloitteUniversity,The Leadership Center. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employeesabroadrangeofbenefits. LearnmoreaboutwhatworkingatDeloittecanmeanforyou. Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them theflexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programsandarecontinuouslylookingfornewwaystomaintainaculturewhereourpeopleexceland lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters.This purposedefines who we are and extendsto relationships with our clients, our people and our communities.We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadershiptohelpdrivepositivesocialimpactinourcommunities. LearnmoreaboutDeloitte’simpact on the world. Recruiter tips WewantjobseekersexploringopportunitiesatDeloittetofeelpreparedandconfident.Tohelpyou with your interview, we suggest that you do your research: know some background about the organizationandthebusinessareayou’reapplyingto. CheckoutrecruitingtipsfromDeloitte professionals. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Professional development From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. Requisition code: 301462 Show more Show less

Position Summary JobDescription:CyberRiskApplication Security Consultant Are you interested in improving the cyber and organizationalrisk profiles of leading companies? Do youwanttobeinvolvedindeliveringAttackSurfaceManagement(ASM)Services including identifying potentially vulnerable IT assets or weak security configurations within their networks in real time? Are you excited about rapidly changing operational environments, learning what you need to get the job done, and producing accurate and timely results? Ifyes,thenDeloitte’s Attack Surface Management (ASM) teamcould betheplaceforyou!Transparency, innovation,collaboration,sustainability:thesearethehallmarkissuesshaping cyberinitiativestoday. Deloitte’s ASM business is passionate about making an impact with lasting change.Delivering our industry leading services requires fresh thinking and a creative approach. We collaborate with teams from across our organization to bring the fullbreadth ofDeloitte, its commercialand public sector expertise, to best support our clients.Our aspiration is to be the premier integrated services provider in helping to transform the cyber security services marketplace. Ourteamisclientfocusedandmissiondriven.AsaCyberRiskAttackSurfaceSeniorConsultant inDeloitte'sAttackSurfaceManagement(ASM) Services,you’llworkwithourdiverseteamsofpassionateprofessionals to help solve for some of today’s toughest cybersecurity challenges to enable or clients to achieve business growth and manage risk. Workyou’ll do AsanAttackSurface Management Consultant,youwillassistourclientswithdiscoveringvulnerabilitiesand rogue assets (such as shadow IT)in their networks as part of a team of engineers and analysts around the world who specialize in the tactics, tools and proceduresused by cyber criminals. Conduct vulnerability assessments and manual penetration testing for Web, API, Thick Client and mobile applications. Perform Secure code review and false positive analysis for vulnerabilities reported by industry standard tools. Respond torequestsfor ad-hocreporting andresearchtopicsfrommanagementand analysts as required Develop and implement application security policies and procedures. Identify and prioritizes security vulnerabilities. Coordinate with the application development teams and operations teams to assist with the remediations plans and securing the applications Quicklyunderstandanddeliver oncompanyandclient requirements Aidinandparticipateindaily,weekly,quarterly,andyearlyreporting forclients, partners, and internal teams AdheretointernaloperationalsecurityandotherDeloitte policies Qualifications Required: Bachelor'sdegreeorhigherinComputer Science, or equivalent experience. 3-5 years of hands-on experience in application security, vulnerability assessment, penetration testing, mobile application security, Thick Client and Web API security assessments. Strong understanding of OWASP Top 10 vulnerabilities but not limited to. Strong experience in manual assessment and exploitation of vulnerabilities such as Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling etc. Strong understanding of OAUTHv2/OpenID standards and associated vulnerabilities. Strong understanding of business logic vulnerabilities. Experience in Secure Code Review in-line with OWASP Secure Coding Practices. Proficiency in industry standard tools such as Burp Suite, Fiddler, Sysinternals suite, Veracode, DnSpy, Olly debugger, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida etc. Ability to perform manual penetration testing and security assessments using automated tools. Excellent technical report writing skillset. Knowledge of web application components like frontend, backend, databases and application servers. Understanding in web development technologies like HTML, CSS, JavaScript, PHP, JAVA, .Net and backend databases. Experience with reviewing application security architectures and threat modelling. Understand on the basic concepts of reverse engineering, memory analysis etc. Understanding of basic networking protocols such as TCP/IP, DNS, HTTP/s Understanding of vulnerability classification using National Vulnerability Database nomenclature such as CVE/CVSS Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professionals (OSCP), Offensive Security Web Expert (OSWE), Burp Suite Certified Practitioner (BSCP), Web Application Penetration Tester (GWAPT). Preferred: Proficiency in Web and Mobile application security assessments, penetration testing and secure code review. Relevant publications such as blogs, tools, conference presentations and CVEs are preferred. Offensive Security Web Expert (OSWE) and Burp Suite Certified Practitioner (BSCP) certifications are preferred. Experience with automation and scripting (Python) are preferred. OutstandingEnglishwrittenand oralcommunicationskillsand theabilitytoprioritize work Strongunderstandingofweb, mobile and microservices vulnerabilities. Workingknowledgeofhowmaliciouscodeoperatesandhowtechnicalvulnerabilitiesare exploited. Stronganalyticalandproblem-solving skills. Self-motivatedtoupskill and learn new attack vectors. Astrongdesiretounderstandthewhat aswellasthewhy andthehowof security vulnerabilities. The team Deloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth,innovation,andperformanceagendasthroughproactivemanagementoftheassociatedcyber risks.Our professionalsprovideadvisory and implementation servicesthat integraterisk,regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient. TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory’s Cyber Risk Services practice. Howyou’ll Grow AtDeloitte,ourprofessionaldevelopmentplanfocusesonhelpingpeopleateveryleveloftheircareer to identify and use their strengths todo their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help sharpenskills in addition to hands-on experience in the global, fast-changing business world.From on-the-job learningexperiencestoformaldevelopmentprogramsatDeloitteUniversity,ourprofessionalshavea variety of opportunitiestocontinuetogrowthroughout their career. ExploreDeloitteUniversity,The Leadership Center. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employeesabroadrangeofbenefits. LearnmoreaboutwhatworkingatDeloittecanmeanforyou. Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them theflexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programsandarecontinuouslylookingfornewwaystomaintainaculturewhereourpeopleexceland lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters.This purposedefines who we are and extendsto relationships with our clients, our people and our communities.We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadershiptohelpdrivepositivesocialimpactinourcommunities. LearnmoreaboutDeloitte’simpact on the world. Recruiter tips WewantjobseekersexploringopportunitiesatDeloittetofeelpreparedandconfident.Tohelpyou with your interview, we suggest that you do your research: know some background about the organizationandthebusinessareayou’reapplyingto. CheckoutrecruitingtipsfromDeloitte professionals. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Professional development From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. Requisition code: 302577 Show more Show less

Position Summary JobDescription:CyberRiskApplication Security Consultant Are you interested in improving the cyber and organizationalrisk profiles of leading companies? Do youwanttobeinvolvedindeliveringAttackSurfaceManagement(ASM)Services including identifying potentially vulnerable IT assets or weak security configurations within their networks in real time? Are you excited about rapidly changing operational environments, learning what you need to get the job done, and producing accurate and timely results? Ifyes,thenDeloitte’s Attack Surface Management (ASM) teamcould betheplaceforyou!Transparency, innovation,collaboration,sustainability:thesearethehallmarkissuesshaping cyberinitiativestoday. Deloitte’s ASM business is passionate about making an impact with lasting change.Delivering our industry leading services requires fresh thinking and a creative approach. We collaborate with teams from across our organization to bring the fullbreadth ofDeloitte, its commercialand public sector expertise, to best support our clients.Our aspiration is to be the premier integrated services provider in helping to transform the cyber security services marketplace. Ourteamisclientfocusedandmissiondriven.AsaCyberRiskAttackSurfaceSeniorConsultant inDeloitte'sAttackSurfaceManagement(ASM) Services,you’llworkwithourdiverseteamsofpassionateprofessionals to help solve for some of today’s toughest cybersecurity challenges to enable or clients to achieve business growth and manage risk. Workyou’ll do AsanAttackSurface Management Consultant,youwillassistourclientswithdiscoveringvulnerabilitiesand rogue assets (such as shadow IT)in their networks as part of a team of engineers and analysts around the world who specialize in the tactics, tools and proceduresused by cyber criminals. Conduct vulnerability assessments and manual penetration testing for Web, API, Thick Client and mobile applications. Perform Secure code review and false positive analysis for vulnerabilities reported by industry standard tools. Respond torequestsfor ad-hocreporting andresearchtopicsfrommanagementand analysts as required Develop and implement application security policies and procedures. Identify and prioritizes security vulnerabilities. Coordinate with the application development teams and operations teams to assist with the remediations plans and securing the applications Quicklyunderstandanddeliver oncompanyandclient requirements Aidinandparticipateindaily,weekly,quarterly,andyearlyreporting forclients, partners, and internal teams AdheretointernaloperationalsecurityandotherDeloitte policies Qualifications Required: Bachelor'sdegreeorhigherinComputer Science, or equivalent experience. 3-5 years of hands-on experience in application security, vulnerability assessment, penetration testing, mobile application security, Thick Client and Web API security assessments. Strong understanding of OWASP Top 10 vulnerabilities but not limited to. Strong experience in manual assessment and exploitation of vulnerabilities such as Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling etc. Strong understanding of OAUTHv2/OpenID standards and associated vulnerabilities. Strong understanding of business logic vulnerabilities. Experience in Secure Code Review in-line with OWASP Secure Coding Practices. Proficiency in industry standard tools such as Burp Suite, Fiddler, Sysinternals suite, Veracode, DnSpy, Olly debugger, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida etc. Ability to perform manual penetration testing and security assessments using automated tools. Excellent technical report writing skillset. Knowledge of web application components like frontend, backend, databases and application servers. Understanding in web development technologies like HTML, CSS, JavaScript, PHP, JAVA, .Net and backend databases. Experience with reviewing application security architectures and threat modelling. Understand on the basic concepts of reverse engineering, memory analysis etc. Understanding of basic networking protocols such as TCP/IP, DNS, HTTP/s Understanding of vulnerability classification using National Vulnerability Database nomenclature such as CVE/CVSS Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professionals (OSCP), Offensive Security Web Expert (OSWE), Burp Suite Certified Practitioner (BSCP), Web Application Penetration Tester (GWAPT). Preferred: Proficiency in Web and Mobile application security assessments, penetration testing and secure code review. Relevant publications such as blogs, tools, conference presentations and CVEs are preferred. Offensive Security Web Expert (OSWE) and Burp Suite Certified Practitioner (BSCP) certifications are preferred. Experience with automation and scripting (Python) are preferred. OutstandingEnglishwrittenand oralcommunicationskillsand theabilitytoprioritize work Strongunderstandingofweb, mobile and microservices vulnerabilities. Workingknowledgeofhowmaliciouscodeoperatesandhowtechnicalvulnerabilitiesare exploited. Stronganalyticalandproblem-solving skills. Self-motivatedtoupskill and learn new attack vectors. Astrongdesiretounderstandthewhat aswellasthewhy andthehowof security vulnerabilities. The team Deloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth,innovation,andperformanceagendasthroughproactivemanagementoftheassociatedcyber risks.Our professionalsprovideadvisory and implementation servicesthat integraterisk,regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient. TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory’s Cyber Risk Services practice. Howyou’ll Grow AtDeloitte,ourprofessionaldevelopmentplanfocusesonhelpingpeopleateveryleveloftheircareer to identify and use their strengths todo their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help sharpenskills in addition to hands-on experience in the global, fast-changing business world.From on-the-job learningexperiencestoformaldevelopmentprogramsatDeloitteUniversity,ourprofessionalshavea variety of opportunitiestocontinuetogrowthroughout their career. ExploreDeloitteUniversity,The Leadership Center. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employeesabroadrangeofbenefits. LearnmoreaboutwhatworkingatDeloittecanmeanforyou. Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them theflexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programsandarecontinuouslylookingfornewwaystomaintainaculturewhereourpeopleexceland lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters.This purposedefines who we are and extendsto relationships with our clients, our people and our communities.We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadershiptohelpdrivepositivesocialimpactinourcommunities. LearnmoreaboutDeloitte’simpact on the world. Recruiter tips WewantjobseekersexploringopportunitiesatDeloittetofeelpreparedandconfident.Tohelpyou with your interview, we suggest that you do your research: know some background about the organizationandthebusinessareayou’reapplyingto. CheckoutrecruitingtipsfromDeloitte professionals. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Professional development From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. Requisition code: 302277 Show more Show less

Position Summary JobDescription:CyberRiskApplication Security Senior Consultant Are you interested in improving the cyber and organizationalrisk profiles of leading companies? Do youwanttobeinvolvedindeliveringAttackSurfaceManagement(ASM)Services including identifying potentially vulnerable IT assets or weak security configurations within their networks in real time? Are you excited about rapidly changing operational environments, learning what you need to get the job done, and producing accurate and timely results? Ifyes,thenDeloitte’s Attack Surface Management (ASM) teamcould betheplaceforyou!Transparency, innovation,collaboration,sustainability:thesearethehallmarkissuesshaping cyberinitiativestoday. Deloitte’s ASM business is passionate about making an impact with lasting change.Delivering our industry leading services requires fresh thinking and a creative approach. We collaborate with teams from across our organization to bring the fullbreadth ofDeloitte, its commercialand public sector expertise, to best support our clients.Our aspiration is to be the premier integrated services provider in helping to transform the cyber security services marketplace. Ourteamisclientfocusedandmissiondriven.AsaCyberRiskAttackSurfaceSeniorConsultant inDeloitte'sAttackSurfaceManagement(ASM) Services,you’llworkwithourdiverseteamsofpassionateprofessionals to help solve for some of today’s toughest cybersecurity challenges to enable or clients to achieve business growth and manage risk. Workyou’ll do AsanAttackSurface Management SeniorConsultant,youwillassistourclientswithdiscoveringvulnerabilitiesand rogue assets (such as shadow IT)in their networks as part of a team of engineers and analysts around the world who specialize in the tactics, tools and proceduresused by cyber criminals. Conduct vulnerability assessments and manual penetration testing for Web, API, Thick Client and mobile applications. Perform Secure code review and false positive analysis for vulnerabilities reported by industry standard tools. Respond torequestsfor ad-hocreporting andresearchtopicsfrommanagementand analysts as required Develop and implement application security policies and procedures. Identify and prioritizes security vulnerabilities. Coordinate with the application development teams and operations teams to assist with the remediations plans and securing the applications Quicklyunderstandanddeliver oncompanyandclient requirements Aidinandparticipateindaily,weekly,quarterly,andyearlyreporting forclients, partners, and internal teams AdheretointernaloperationalsecurityandotherDeloitte policies Qualifications Required: Bachelor'sdegreeorhigherinComputer Science, or equivalent experience. 5-9 years of hands-on experience in application security, vulnerability assessment, penetration testing, mobile application security, Thick Client and Web API security assessments. Strong understanding of OWASP Top 10 vulnerabilities but not limited to. Strong experience in manual assessment and exploitation of vulnerabilities such as Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling etc. Strong understanding of OAUTHv2/OpenID standards and associated vulnerabilities. Strong understanding of business logic vulnerabilities. Experience in Secure Code Review in-line with OWASP Secure Coding Practices. Proficiency in industry standard tools such as Burp Suite, Fiddler, Sysinternals suite, Veracode, DnSpy, Olly debugger, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida etc. Ability to perform manual penetration testing and security assessments using automated tools. Excellent technical report writing skillset. Knowledge of web application components like frontend, backend, databases and application servers. Understanding in web development technologies like HTML, CSS, JavaScript, PHP, JAVA, .Net and backend databases. Experience with reviewing application security architectures and threat modelling. Understand on the basic concepts of reverse engineering, memory analysis etc. Understanding of basic networking protocols such as TCP/IP, DNS, HTTP/s Understanding of vulnerability classification using National Vulnerability Database nomenclature such as CVE/CVSS Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professionals (OSCP), Offensive Security Web Expert (OSWE), Burp Suite Certified Practitioner (BSCP), Web Application Penetration Tester (GWAPT). Preferred: Proficiency in Web and Mobile application security assessments, penetration testing and secure code review. Relevant publications such as blogs, tools, conference presentations and CVEs are preferred. Offensive Security Web Expert (OSWE) and Burp Suite Certified Practitioner (BSCP) certifications are preferred. Experience with automation and scripting (Python) are preferred. OutstandingEnglishwrittenand oralcommunicationskillsand theabilitytoprioritize work Strongunderstandingofweb, mobile and microservices vulnerabilities. Workingknowledgeofhowmaliciouscodeoperatesandhowtechnicalvulnerabilitiesare exploited. Stronganalyticalandproblem-solving skills. Self-motivatedtoupskill and learn new attack vectors. Astrongdesiretounderstandthewhat aswellasthewhy andthehowof security vulnerabilities. The team Deloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth,innovation,andperformanceagendasthroughproactivemanagementoftheassociatedcyber risks.Our professionalsprovideadvisory and implementation servicesthat integraterisk,regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient. TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory’s Cyber Risk Services practice. Howyou’ll Grow AtDeloitte,ourprofessionaldevelopmentplanfocusesonhelpingpeopleateveryleveloftheircareer to identify and use their strengths todo their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help sharpenskills in addition to hands-on experience in the global, fast-changing business world.From on-the-job learningexperiencestoformaldevelopmentprogramsatDeloitteUniversity,ourprofessionalshavea variety of opportunitiestocontinuetogrowthroughout their career. ExploreDeloitteUniversity,The Leadership Center. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employeesabroadrangeofbenefits. LearnmoreaboutwhatworkingatDeloittecanmeanforyou. Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them theflexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programsandarecontinuouslylookingfornewwaystomaintainaculturewhereourpeopleexceland lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters.This purposedefines who we are and extendsto relationships with our clients, our people and our communities.We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadershiptohelpdrivepositivesocialimpactinourcommunities. LearnmoreaboutDeloitte’simpact on the world. Recruiter tips WewantjobseekersexploringopportunitiesatDeloittetofeelpreparedandconfident.Tohelpyou with your interview, we suggest that you do your research: know some background about the organizationandthebusinessareayou’reapplyingto. CheckoutrecruitingtipsfromDeloitte professionals. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Professional development From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. Requisition code: 301462 Show more Show less

Position Summary JobDescription:CyberRiskApplication Security Consultant Are you interested in improving the cyber and organizationalrisk profiles of leading companies? Do youwanttobeinvolvedindeliveringAttackSurfaceManagement(ASM)Services including identifying potentially vulnerable IT assets or weak security configurations within their networks in real time? Are you excited about rapidly changing operational environments, learning what you need to get the job done, and producing accurate and timely results? Ifyes,thenDeloitte’s Attack Surface Management (ASM) teamcould betheplaceforyou!Transparency, innovation,collaboration,sustainability:thesearethehallmarkissuesshaping cyberinitiativestoday. Deloitte’s ASM business is passionate about making an impact with lasting change.Delivering our industry leading services requires fresh thinking and a creative approach. We collaborate with teams from across our organization to bring the fullbreadth ofDeloitte, its commercialand public sector expertise, to best support our clients.Our aspiration is to be the premier integrated services provider in helping to transform the cyber security services marketplace. Ourteamisclientfocusedandmissiondriven.AsaCyberRiskAttackSurfaceSeniorConsultant inDeloitte'sAttackSurfaceManagement(ASM) Services,you’llworkwithourdiverseteamsofpassionateprofessionals to help solve for some of today’s toughest cybersecurity challenges to enable or clients to achieve business growth and manage risk. Workyou’ll do AsanAttackSurface Management Consultant,youwillassistourclientswithdiscoveringvulnerabilitiesand rogue assets (such as shadow IT)in their networks as part of a team of engineers and analysts around the world who specialize in the tactics, tools and proceduresused by cyber criminals. Conduct vulnerability assessments and manual penetration testing for Web, API, Thick Client and mobile applications. Perform Secure code review and false positive analysis for vulnerabilities reported by industry standard tools. Respond torequestsfor ad-hocreporting andresearchtopicsfrommanagementand analysts as required Develop and implement application security policies and procedures. Identify and prioritizes security vulnerabilities. Coordinate with the application development teams and operations teams to assist with the remediations plans and securing the applications Quicklyunderstandanddeliver oncompanyandclient requirements Aidinandparticipateindaily,weekly,quarterly,andyearlyreporting forclients, partners, and internal teams AdheretointernaloperationalsecurityandotherDeloitte policies Qualifications Required: Bachelor'sdegreeorhigherinComputer Science, or equivalent experience. 3-5 years of hands-on experience in application security, vulnerability assessment, penetration testing, mobile application security, Thick Client and Web API security assessments. Strong understanding of OWASP Top 10 vulnerabilities but not limited to. Strong experience in manual assessment and exploitation of vulnerabilities such as Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling etc. Strong understanding of OAUTHv2/OpenID standards and associated vulnerabilities. Strong understanding of business logic vulnerabilities. Experience in Secure Code Review in-line with OWASP Secure Coding Practices. Proficiency in industry standard tools such as Burp Suite, Fiddler, Sysinternals suite, Veracode, DnSpy, Olly debugger, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida etc. Ability to perform manual penetration testing and security assessments using automated tools. Excellent technical report writing skillset. Knowledge of web application components like frontend, backend, databases and application servers. Understanding in web development technologies like HTML, CSS, JavaScript, PHP, JAVA, .Net and backend databases. Experience with reviewing application security architectures and threat modelling. Understand on the basic concepts of reverse engineering, memory analysis etc. Understanding of basic networking protocols such as TCP/IP, DNS, HTTP/s Understanding of vulnerability classification using National Vulnerability Database nomenclature such as CVE/CVSS Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professionals (OSCP), Offensive Security Web Expert (OSWE), Burp Suite Certified Practitioner (BSCP), Web Application Penetration Tester (GWAPT). Preferred: Proficiency in Web and Mobile application security assessments, penetration testing and secure code review. Relevant publications such as blogs, tools, conference presentations and CVEs are preferred. Offensive Security Web Expert (OSWE) and Burp Suite Certified Practitioner (BSCP) certifications are preferred. Experience with automation and scripting (Python) are preferred. OutstandingEnglishwrittenand oralcommunicationskillsand theabilitytoprioritize work Strongunderstandingofweb, mobile and microservices vulnerabilities. Workingknowledgeofhowmaliciouscodeoperatesandhowtechnicalvulnerabilitiesare exploited. Stronganalyticalandproblem-solving skills. Self-motivatedtoupskill and learn new attack vectors. Astrongdesiretounderstandthewhat aswellasthewhy andthehowof security vulnerabilities. The team Deloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth,innovation,andperformanceagendasthroughproactivemanagementoftheassociatedcyber risks.Our professionalsprovideadvisory and implementation servicesthat integraterisk,regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient. TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory’s Cyber Risk Services practice. Howyou’ll Grow AtDeloitte,ourprofessionaldevelopmentplanfocusesonhelpingpeopleateveryleveloftheircareer to identify and use their strengths todo their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help sharpenskills in addition to hands-on experience in the global, fast-changing business world.From on-the-job learningexperiencestoformaldevelopmentprogramsatDeloitteUniversity,ourprofessionalshavea variety of opportunitiestocontinuetogrowthroughout their career. ExploreDeloitteUniversity,The Leadership Center. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employeesabroadrangeofbenefits. LearnmoreaboutwhatworkingatDeloittecanmeanforyou. Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them theflexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programsandarecontinuouslylookingfornewwaystomaintainaculturewhereourpeopleexceland lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters.This purposedefines who we are and extendsto relationships with our clients, our people and our communities.We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadershiptohelpdrivepositivesocialimpactinourcommunities. LearnmoreaboutDeloitte’simpact on the world. Recruiter tips WewantjobseekersexploringopportunitiesatDeloittetofeelpreparedandconfident.Tohelpyou with your interview, we suggest that you do your research: know some background about the organizationandthebusinessareayou’reapplyingto. CheckoutrecruitingtipsfromDeloitte professionals. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Professional development From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. Requisition code: 302577 Show more Show less

Position Summary JobDescription:CyberRiskApplication Security Consultant Are you interested in improving the cyber and organizationalrisk profiles of leading companies? Do youwanttobeinvolvedindeliveringAttackSurfaceManagement(ASM)Services including identifying potentially vulnerable IT assets or weak security configurations within their networks in real time? Are you excited about rapidly changing operational environments, learning what you need to get the job done, and producing accurate and timely results? Ifyes,thenDeloitte’s Attack Surface Management (ASM) teamcould betheplaceforyou!Transparency, innovation,collaboration,sustainability:thesearethehallmarkissuesshaping cyberinitiativestoday. Deloitte’s ASM business is passionate about making an impact with lasting change.Delivering our industry leading services requires fresh thinking and a creative approach. We collaborate with teams from across our organization to bring the fullbreadth ofDeloitte, its commercialand public sector expertise, to best support our clients.Our aspiration is to be the premier integrated services provider in helping to transform the cyber security services marketplace. Ourteamisclientfocusedandmissiondriven.AsaCyberRiskAttackSurfaceSeniorConsultant inDeloitte'sAttackSurfaceManagement(ASM) Services,you’llworkwithourdiverseteamsofpassionateprofessionals to help solve for some of today’s toughest cybersecurity challenges to enable or clients to achieve business growth and manage risk. Workyou’ll do AsanAttackSurface Management Consultant,youwillassistourclientswithdiscoveringvulnerabilitiesand rogue assets (such as shadow IT)in their networks as part of a team of engineers and analysts around the world who specialize in the tactics, tools and proceduresused by cyber criminals. Conduct vulnerability assessments and manual penetration testing for Web, API, Thick Client and mobile applications. Perform Secure code review and false positive analysis for vulnerabilities reported by industry standard tools. Respond torequestsfor ad-hocreporting andresearchtopicsfrommanagementand analysts as required Develop and implement application security policies and procedures. Identify and prioritizes security vulnerabilities. Coordinate with the application development teams and operations teams to assist with the remediations plans and securing the applications Quicklyunderstandanddeliver oncompanyandclient requirements Aidinandparticipateindaily,weekly,quarterly,andyearlyreporting forclients, partners, and internal teams AdheretointernaloperationalsecurityandotherDeloitte policies Qualifications Required: Bachelor'sdegreeorhigherinComputer Science, or equivalent experience. 3-5 years of hands-on experience in application security, vulnerability assessment, penetration testing, mobile application security, Thick Client and Web API security assessments. Strong understanding of OWASP Top 10 vulnerabilities but not limited to. Strong experience in manual assessment and exploitation of vulnerabilities such as Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling etc. Strong understanding of OAUTHv2/OpenID standards and associated vulnerabilities. Strong understanding of business logic vulnerabilities. Experience in Secure Code Review in-line with OWASP Secure Coding Practices. Proficiency in industry standard tools such as Burp Suite, Fiddler, Sysinternals suite, Veracode, DnSpy, Olly debugger, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida etc. Ability to perform manual penetration testing and security assessments using automated tools. Excellent technical report writing skillset. Knowledge of web application components like frontend, backend, databases and application servers. Understanding in web development technologies like HTML, CSS, JavaScript, PHP, JAVA, .Net and backend databases. Experience with reviewing application security architectures and threat modelling. Understand on the basic concepts of reverse engineering, memory analysis etc. Understanding of basic networking protocols such as TCP/IP, DNS, HTTP/s Understanding of vulnerability classification using National Vulnerability Database nomenclature such as CVE/CVSS Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professionals (OSCP), Offensive Security Web Expert (OSWE), Burp Suite Certified Practitioner (BSCP), Web Application Penetration Tester (GWAPT). Preferred: Proficiency in Web and Mobile application security assessments, penetration testing and secure code review. Relevant publications such as blogs, tools, conference presentations and CVEs are preferred. Offensive Security Web Expert (OSWE) and Burp Suite Certified Practitioner (BSCP) certifications are preferred. Experience with automation and scripting (Python) are preferred. OutstandingEnglishwrittenand oralcommunicationskillsand theabilitytoprioritize work Strongunderstandingofweb, mobile and microservices vulnerabilities. Workingknowledgeofhowmaliciouscodeoperatesandhowtechnicalvulnerabilitiesare exploited. Stronganalyticalandproblem-solving skills. Self-motivatedtoupskill and learn new attack vectors. Astrongdesiretounderstandthewhat aswellasthewhy andthehowof security vulnerabilities. The team Deloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth,innovation,andperformanceagendasthroughproactivemanagementoftheassociatedcyber risks.Our professionalsprovideadvisory and implementation servicesthat integraterisk,regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient. TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory’s Cyber Risk Services practice. Howyou’ll Grow AtDeloitte,ourprofessionaldevelopmentplanfocusesonhelpingpeopleateveryleveloftheircareer to identify and use their strengths todo their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help sharpenskills in addition to hands-on experience in the global, fast-changing business world.From on-the-job learningexperiencestoformaldevelopmentprogramsatDeloitteUniversity,ourprofessionalshavea variety of opportunitiestocontinuetogrowthroughout their career. ExploreDeloitteUniversity,The Leadership Center. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employeesabroadrangeofbenefits. LearnmoreaboutwhatworkingatDeloittecanmeanforyou. Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them theflexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programsandarecontinuouslylookingfornewwaystomaintainaculturewhereourpeopleexceland lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters.This purposedefines who we are and extendsto relationships with our clients, our people and our communities.We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadershiptohelpdrivepositivesocialimpactinourcommunities. LearnmoreaboutDeloitte’simpact on the world. Recruiter tips WewantjobseekersexploringopportunitiesatDeloittetofeelpreparedandconfident.Tohelpyou with your interview, we suggest that you do your research: know some background about the organizationandthebusinessareayou’reapplyingto. CheckoutrecruitingtipsfromDeloitte professionals. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Professional development From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. Requisition code: 302277 Show more Show less

Position Summary JobDescription:CyberRiskApplication Security Senior Consultant Are you interested in improving the cyber and organizationalrisk profiles of leading companies? Do youwanttobeinvolvedindeliveringAttackSurfaceManagement(ASM)Services including identifying potentially vulnerable IT assets or weak security configurations within their networks in real time? Are you excited about rapidly changing operational environments, learning what you need to get the job done, and producing accurate and timely results? Ifyes,thenDeloitte’s Attack Surface Management (ASM) teamcould betheplaceforyou!Transparency, innovation,collaboration,sustainability:thesearethehallmarkissuesshaping cyberinitiativestoday. Deloitte’s ASM business is passionate about making an impact with lasting change.Delivering our industry leading services requires fresh thinking and a creative approach. We collaborate with teams from across our organization to bring the fullbreadth ofDeloitte, its commercialand public sector expertise, to best support our clients.Our aspiration is to be the premier integrated services provider in helping to transform the cyber security services marketplace. Ourteamisclientfocusedandmissiondriven.AsaCyberRiskAttackSurfaceSeniorConsultant inDeloitte'sAttackSurfaceManagement(ASM) Services,you’llworkwithourdiverseteamsofpassionateprofessionals to help solve for some of today’s toughest cybersecurity challenges to enable or clients to achieve business growth and manage risk. Workyou’ll do AsanAttackSurface Management SeniorConsultant,youwillassistourclientswithdiscoveringvulnerabilitiesand rogue assets (such as shadow IT)in their networks as part of a team of engineers and analysts around the world who specialize in the tactics, tools and proceduresused by cyber criminals. Conduct vulnerability assessments and manual penetration testing for Web, API, Thick Client and mobile applications. Perform Secure code review and false positive analysis for vulnerabilities reported by industry standard tools. Respond torequestsfor ad-hocreporting andresearchtopicsfrommanagementand analysts as required Develop and implement application security policies and procedures. Identify and prioritizes security vulnerabilities. Coordinate with the application development teams and operations teams to assist with the remediations plans and securing the applications Quicklyunderstandanddeliver oncompanyandclient requirements Aidinandparticipateindaily,weekly,quarterly,andyearlyreporting forclients, partners, and internal teams AdheretointernaloperationalsecurityandotherDeloitte policies Qualifications Required: Bachelor'sdegreeorhigherinComputer Science, or equivalent experience. 5-9 years of hands-on experience in application security, vulnerability assessment, penetration testing, mobile application security, Thick Client and Web API security assessments. Strong understanding of OWASP Top 10 vulnerabilities but not limited to. Strong experience in manual assessment and exploitation of vulnerabilities such as Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling etc. Strong understanding of OAUTHv2/OpenID standards and associated vulnerabilities. Strong understanding of business logic vulnerabilities. Experience in Secure Code Review in-line with OWASP Secure Coding Practices. Proficiency in industry standard tools such as Burp Suite, Fiddler, Sysinternals suite, Veracode, DnSpy, Olly debugger, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida etc. Ability to perform manual penetration testing and security assessments using automated tools. Excellent technical report writing skillset. Knowledge of web application components like frontend, backend, databases and application servers. Understanding in web development technologies like HTML, CSS, JavaScript, PHP, JAVA, .Net and backend databases. Experience with reviewing application security architectures and threat modelling. Understand on the basic concepts of reverse engineering, memory analysis etc. Understanding of basic networking protocols such as TCP/IP, DNS, HTTP/s Understanding of vulnerability classification using National Vulnerability Database nomenclature such as CVE/CVSS Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professionals (OSCP), Offensive Security Web Expert (OSWE), Burp Suite Certified Practitioner (BSCP), Web Application Penetration Tester (GWAPT). Preferred: Proficiency in Web and Mobile application security assessments, penetration testing and secure code review. Relevant publications such as blogs, tools, conference presentations and CVEs are preferred. Offensive Security Web Expert (OSWE) and Burp Suite Certified Practitioner (BSCP) certifications are preferred. Experience with automation and scripting (Python) are preferred. OutstandingEnglishwrittenand oralcommunicationskillsand theabilitytoprioritize work Strongunderstandingofweb, mobile and microservices vulnerabilities. Workingknowledgeofhowmaliciouscodeoperatesandhowtechnicalvulnerabilitiesare exploited. Stronganalyticalandproblem-solving skills. Self-motivatedtoupskill and learn new attack vectors. Astrongdesiretounderstandthewhat aswellasthewhy andthehowof security vulnerabilities. The team Deloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth,innovation,andperformanceagendasthroughproactivemanagementoftheassociatedcyber risks.Our professionalsprovideadvisory and implementation servicesthat integraterisk,regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient. TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory’s Cyber Risk Services practice. Howyou’ll Grow AtDeloitte,ourprofessionaldevelopmentplanfocusesonhelpingpeopleateveryleveloftheircareer to identify and use their strengths todo their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help sharpenskills in addition to hands-on experience in the global, fast-changing business world.From on-the-job learningexperiencestoformaldevelopmentprogramsatDeloitteUniversity,ourprofessionalshavea variety of opportunitiestocontinuetogrowthroughout their career. ExploreDeloitteUniversity,The Leadership Center. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employeesabroadrangeofbenefits. LearnmoreaboutwhatworkingatDeloittecanmeanforyou. Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them theflexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programsandarecontinuouslylookingfornewwaystomaintainaculturewhereourpeopleexceland lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters.This purposedefines who we are and extendsto relationships with our clients, our people and our communities.We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadershiptohelpdrivepositivesocialimpactinourcommunities. LearnmoreaboutDeloitte’simpact on the world. Recruiter tips WewantjobseekersexploringopportunitiesatDeloittetofeelpreparedandconfident.Tohelpyou with your interview, we suggest that you do your research: know some background about the organizationandthebusinessareayou’reapplyingto. CheckoutrecruitingtipsfromDeloitte professionals. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Professional development From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. Requisition code: 301462 Show more Show less

Job Title: Security Engineer / Security Implementation Specialist Location: Jaipur Job Type: Full-Time About Company Paysecure is a versatile payments processing company catering to all industries. Our platform is built to handle transactions seamlessly, securely, and at scale—no matter the sector. Whether you're in retail, logistics, fintech, healthcare, or any other vertical, our solutions are tailored to deliver reliable and efficient payment infrastructure. Trust us for seamless payment processing. With a strong focus on innovation, compliance, and customer-centricity, we empower businesses to accept and manage payments effortlessly across digital and physical channels. Join us in shaping the future of commerce, one transaction at a time. Key Responsibilities ● Design and implement organizational security policies, procedures, and controls. ● Work with DevOps and engineering teams to embed security-by-design principles into software development and deployment. ● Deploy and manage security tools such as firewalls, endpoint protection, EDR, SIEM, DLP, IAM, and vulnerability scanners. ● Conduct threat modeling, risk assessments, and regular security audits. ● Assist in achieving and maintaining compliance standards (e.g., ISO 27001, SOC 2, GDPR, PCI-DSS). ● Lead incident response planning and coordinate forensic investigations and post-mortems. ● Provide training and guidance to internal teams to ensure a strong security culture. ● Monitor and respond to security events in real-time and drive remediation efforts. ● Collaborate with legal and IT teams to maintain data privacy and regulatory alignment. Qualifications ● Bachelor’s or Master’s degree in Computer Science, Information Security, or related field. ● 4+ years of experience in security engineering, cybersecurity architecture, or IT security. ● Hands-on experience with security tools like Splunk, CrowdStrike, Wazuh, OSSEC, Tenable, Rapid7, etc. ● Strong knowledge of network security, encryption, identity and access management, and secure coding practices. ● Experience implementing and managing ISO 27001, SOC2, or PCI-DSS frameworks. ● Familiarity with cloud security (AWS/GCP/Azure) and modern DevSecOps workflows. ● Scripting knowledge (Python, Bash, PowerShell) is a plus. ● Relevant certifications are a strong advantage: CISSP, CISM, CEH, OSCP, CCSP. Nice to Have ● Experience working in a fintech, SaaS, or highly regulated industry. ● Knowledge of zero-trust architecture and microsegmentation. ● Exposure to dark web threat intelligence and real-time incident monitoring. ● Contributions to open-source security tools or participation in security communities (e.g., OWASP). Ready to help us secure the future of digital payments? Show more Show less

Role Description Job Title: Site Reliability Engineer Experience Range: 5-10 years Hiring Location: Mumbai, Chennai, Gurugram Must-Have Skills Professional experience working with public cloud platforms (AWS) Expertise in Infrastructure as Code (IaC) tools such as Terraform Hands-on experience with CI/CD tools like GitLab CI/CD, GitHub Actions, or Jenkins Strong coding and scripting skills (PowerShell, Bash, Python, or equivalent) Proficiency in Configuration Management tools like Ansible, Puppet, or Chef Experience managing and troubleshooting Linux servers Strong analytical and troubleshooting skills Exposure to security best practices and remediation Familiarity with security-related tools such as Wiz and Qualys Hands-on experience in Static/Dynamic Security Testing & Penetration Testing using tools like SonarQube, CheckMarx, AppScan, BurpSuite, OWASP ZAP Proxy, WebInspect, Fortify, Veracode, Nessus, etc. Good-to-Have Skills Knowledge of System and Application Monitoring tools (Prometheus, Grafana, CloudWatch) Experience with Log Management tools (Elastic Stack, Graylog, Splunk) Working experience with relational databases (MySQL, MS SQL Server, or similar) Use of Secret Management services like HashiCorp Vault Understanding of Change Control procedures Main Responsibilities Deliver resilient application stacks via Infrastructure as Code and DevOps practices Monitor and support critical, high-revenue business applications Diagnose and resolve complex system and application issues Implement and maintain security best practices and remediation strategies Work with cross-functional teams including Development, QA, IT Operations, and Project Management Write and maintain technical and non-technical documentation Skills Aws Cloud,Terraform,Powershell,Github Show more Show less

Ethical Hacking Intern Company: INLIGHN TECH Location: Remote (100% Virtual) Duration: 3 Months Stipend for Top Interns: ₹15,000 Certificate Provided | LOR | Potential Full-Time Offer Based on Performance About the Company: INLIGHN TECH is dedicated to preparing the next generation of cybersecurity professionals by offering hands-on, project-based internships. Our Ethical Hacking Internship provides a comprehensive opportunity to explore system vulnerabilities, learn penetration testing techniques, and gain practical skills essential for the cybersecurity field. Role Overview: As an Ethical Hacking Intern, you'll work closely with our cybersecurity experts to identify and analyze security flaws in systems and applications. This role provides exposure to real-world security challenges and helps you build foundational skills in ethical hacking and penetration testing. Key Responsibilities: Perform vulnerability assessments and penetration tests on simulated environments Analyze system security using tools like Nmap, Burp Suite, Wireshark, Metasploit, etc. Document findings and recommend mitigation strategies Assist in developing scripts or tools for automation of testing processes Stay updated with the latest cybersecurity threats and trends Create reports highlighting attack vectors and potential security improvements Qualifications: Pursuing or recently completed a degree in Cybersecurity, Computer Science, Information Technology, or related field Basic knowledge of ethical hacking techniques, OWASP Top 10, and Linux commands Familiarity with tools such as Kali Linux, Nmap, Wireshark, and Metasploit Strong curiosity and passion for cybersecurity Good analytical, problem-solving, and documentation skills Internship Benefits: Hands-on training in ethical hacking tools and techniques Certificate of Internship upon successful completion Letter of Recommendation for high-performing interns Opportunity to contribute to real-world security simulations and projects Top interns eligible for stipend and full-time job offers Show more Show less

Job title : Security Tester (Core Backend) Vacancy Position : 02 Experience Maximum Budget for 3-5 Years : 10-15% hike or Upto 12 LPA whichever is lower About company The National e-Governance Division has been set up by the Ministry of Electronics & Information Technology as an Independent Business Division under the Digital India Corporation {erstwhile Media Lab Asia}. Since 2009, NeGD has been playing a pivotal role in supporting MeitY in Programme Management and implementation of the e-Governance Projects; providing technical and advisory support to Ministries/ Departments, both at Central and State levels along with other Government organizations. NeGDs major operational areas include programme management, project development, technology management, capacity building, awareness and communications-related activities under the flagship Digital India Programme. NeGD has developed and is managing several National Public Digital Platforms such as DigiLocker, UMANG, Rapid Assessment System, OpenForge, API Setu, Poshan Tracker, Academic Bank of Credits, National Academic Depositories, National AI Portal, MyScheme, India Stack Global, Meri Pehchaan, etc. More details can be seen at https://negd.gov.in Overview The job holder will be designing and implementing security measures to protect computer systems, networks, and data from unauthorized access, attacks, and other security threats, as well as conducting security assessments of existing systems and identifying vulnerabilities or weaknesses that need to be addressed. He/ She may be used in other projects of Digital India as well, whenever required. Roles and Responsibilities The security test engineer will be part of the audit team that shall conduct security audits for web-application security, mobile app security, Network security and IT infrastructure security. Shall be responsible for the development and execution of the individual audit tasks assigned to them and prepares a detailed report in its regards as desired. Conduct post-release/ post-implementation testing. Shall prepare VAPT (Vulnerability Assessment & Penetration Testing) reports using defined templates and assist the management for finalization of audit reports. Shall prepare the audit plans, test cases, and test scenarios to perform the security audit. Create logs to document testing phases and defects. Essential Qualification Graduation/B.E/B. Tech./ MCA or equivalent. Qualification can be relaxed in the case of exceptional candidates. Experience & Skill Experience in Vulnerability Assessment and Penetration testing. Experience in project management and QA methodology. Experience in analysing and in identifying vulnerabilities manually. Experience in web application, MobileApp and network Vulnerability Assessment & Penetration Testing. Experience in Vulnerability Assessment and Penetration testing using industry standard tools such as Vulnerability Scanners for e.g. OWASP ZAP, Nessus, Sqlmap, Acunetix, Nmap, Burp Suite Pro, Netsparker etc. Experience and knowledge of Web Application Security standards such as OWASP/SANS etc. Show more Show less

Role Description Role Proficiency: Act under guidance of DevOps; leading more than 1 Agile team. Outcomes Interprets the DevOps Tool/feature/component design to develop/support the same in accordance with specifications Adapts existing DevOps solutions and creates relevant DevOps solutions for new contexts Codes debugs tests and documents and communicates DevOps development stages/status of DevOps develop/support issues Selects appropriate technical options for development such as reusing improving or reconfiguration of existing components Optimises efficiency cost and quality of DevOps process tools and technology development Validates results with user representatives; integrates and commissions the overall solution Helps Engineers troubleshoot issues that are novel/complex and are not covered by SOPs Design install and troubleshoot CI/CD pipelines and software Able to automate infrastructure provisioning on cloud/in-premises with the guidance of architects Provides guidance to DevOps Engineers so that they can support existing components Good understanding of Agile methodologies and is able to work with diverse teams Knowledge of more than 1 DevOps toolstack (AWS Azure GCP opensource) Measures Of Outcomes Quality of Deliverables Error rate/completion rate at various stages of SDLC/PDLC # of components/reused # of domain/technology certification/ product certification obtained SLA/KPI for onboarding projects or applications Stakeholder Management Percentage achievement of specification/completeness/on-time delivery Outputs Expected Automated components : Deliver components that automates parts to install components/configure of software/tools in on premises and on cloud Deliver components that automates parts of the build/deploy for applications Configured Components Configure tools and automation framework into the overall DevOps design Scripts Develop/Support scripts (like Powershell/Shell/Python scripts) that automate installation/configuration/build/deployment tasks Training/SOPs Create Training plans/SOPs to help DevOps Engineers with DevOps activities and to in onboarding users Measure Process Efficiency/Effectiveness Deployment frequency innovation and technology changes. Operations Change lead time/volume Failed deployments Defect volume and escape rate Meantime to detection and recovery Skill Examples Experience in design installation and configuration to to troubleshoot CI/CD pipelines and software using Jenkins/Bamboo/Ansible/Puppet /Chef/PowerShell /Docker/Kubernetes Experience in Integrating with code quality/test analysis tools like Sonarqube/Cobertura/Clover Experience in Integrating build/deploy pipelines with test automation tools like Selenium/Junit/NUnit Experience in Scripting skills (Python Linux/Shell Perl Groovy PowerShell) Experience in Infrastructure automation skill (ansible/puppet/Chef/Poweshell) Experience in repository Management/Migration Automation – GIT BitBucket GitHub Clearcase Experience in build automation scripts – Maven Ant Experience in Artefact repository management – Nexus/Artifactory Experience in Dashboard Management & Automation- ELK/Splunk Experience in configuration of cloud infrastructure (AWS Azure Google) Experience in Migration of applications from on-premises to cloud infrastructures Experience in Working on Azure DevOps ARM (Azure Resource Manager) & DSC (Desired State Configuration) & Strong debugging skill in C# C Sharp and Dotnet Setting and Managing Jira projects and Git/Bitbucket repositories Skilled in containerization tools like Docker & Kubernetes Knowledge Examples Knowledge of Installation/Config/Build/Deploy processes and tools Knowledge of IAAS - Cloud providers (AWS Azure Google etc.) and their tool sets Knowledge of the application development lifecycle Knowledge of Quality Assurance processes Knowledge of Quality Automation processes and tools Knowledge of multiple tool stacks not just one Knowledge of Build and release Branching/Merging Knowledge about containerization Knowledge of Agile methodologies Knowledge of software security compliance (GDPR/OWASP) and tools (Blackduck/ veracode/ checkmarxs) Additional Comments 8 to 12 years of experience candidate who has strong knowledge on below skills: Terraform Using terraform Modules Deploying AWS Infrastructure (Setting up IAC), especially following services EKS, ECS, AWS API Gateway, ALB, NLB, Route 53, s3 etc Experience around Build and Deploy setting up CICD Pipelines Artifactory Branching strategy Harness (Optional) Skills Iac,Jenkins,Aws Cloud Show more Show less

We are seeking a Technical Lead – PHP Fullstack with 8+ years of hands-on experience in web application development to lead the design, architecture, and implementation of scalable systems. This is a high-impact, leadership role that combines strategic thinking with deep technical execution. You will guide a team of developers, shape technical direction, and ensure the timely delivery of high-quality solutions. Key Responsibilities Technical Leadership Architect and develop scalable Fullstack applications using PHP (Laravel, Symfony, or similar) and modern JavaScript frameworks (Node, React, Vue.js, or Angular). Drive end-to-end ownership of projects, from technical design through development, testing, and deployment. Define and enforce coding standards, best practices, and documentation protocols. Team Management & Mentorship Lead and mentor a team of backend and frontend developers. Conduct regular code reviews, performance evaluations, and knowledge-sharing sessions. Act as the go-to technical authority within the team and provide hands-on guidance for complex issues. Collaboration & Delivery Collaborate with Product Managers, UX Designers, and QA teams to deliver robust and user-centric solutions. Participate in sprint planning, architecture discussions, and project estimations. Ensure projects are delivered on time with a focus on quality, scalability, and performance. DevOps & Quality Drive automation in testing, build, and deployment pipelines (CI/CD). Ensure application performance, security, and responsiveness. Work closely with DevOps/Infrastructure teams for deployments and monitoring in cloud environments (AWS, GCP, or Azure). Required Skills & Qualifications 8+ years of hands-on experience in web application development. Expert-level proficiency in PHP with strong knowledge of frameworks like Laravel, Symfony, or CodeIgniter. Solid experience with JavaScript, HTML5, CSS3, and modern frameworks such as Node, React, Vue.js, or Angular. Strong database experience with MySQL, PostgreSQL, and NoSQL databases (e.g., MongoDB). Experience with RESTful API design, third-party integrations, and asynchronous communication. Strong understanding of Git, Docker, CI/CD, and cloud-based deployments. Proven track record of leading development teams and delivering high-quality software. Excellent problem-solving, debugging, and analytical skills. Strong written and verbal communication skills. Preferred Qualifications Experience with microservices architecture and event-driven systems. Familiarity with unit testing, integration testing, and automated QA pipelines. Knowledge of security best practices (OWASP, data encryption, etc.). Background in Agile/Scrum environments. Contributions to open-source projects or active GitHub profile. APPLY NOW Show more Show less

Role: Cyber Risk Management Lead Experience: 5 to 10 Years Office location-Sector-125, Noida Required Qualification: Bachelor of Engineering - Bachelor of Technology (B.E./B.Tech.) Additional Information There are 2-3 rounds in the interview process. This is 5 days’ work from office role (No Hybrid/ Remote options available) Final round will be F2F (Mandatory) About role: We are seeking a Cyber Risk Management Lead to identify and remediate or mitigate risks . Candidate should have effective task management skills and the ability to communicate effectively. The individual must be able to rapidly respond to security incidents and should have at least 5 years of relevant experience in Cyber security Risk management. Candidates Should have deeper understanding with some hands-on experience on enterprise IT infra components such as O365 suite, advanced firewalls, IPS/IDS/HIPS, routers/switches, VPN, proxy, AV/EDR, DNS, DHCP, multi factor authentication, virtualization, Email systems/security, Web Proxy, WAF, DLP etc. along with cloud environments like AWS (Must) , Azure etc. Job Description Understanding applicable regulations, guidelines, and industry best practices to manage risk and ensure compliance Developing, maintaining, or auditing security documentation such as policies, standards, and procedures Monitoring security internal control effectiveness for EDR, Email Security, Server security, Cloud security etc Conducting internal security assessments to ensure continued compliance Explaining roles in managing risk to cross team functions and getting buy-in to improve the organizational risk posture Managing SOC 2 Type 2 assessment and provide adequate support for collecting relevant evidence for all relevant controls Should be able to review RFPs (request for proposal) and provide responses for Cyber security related items Manage Risk Governance Implement/govern AWS Cloud and Office 365 Security Manage and support internal and external audits Follow up till closure on audit findings if any Manage dashboards and reports to keep track of priority events for IT and IS Create MOM for Board Meetings Vendor Evaluation for cyber security controls Firewall rules review for On-premises and AWS firewall Security Awareness: Create materials PPT/e-mailers and provide training as needed Incident management and Business continuity CISO dashboard and success reports Meet with business team to understand their business requirements from cyber security perspective Has basic knowledge of audit requirements (SOC2, HIPPA, ISO27001, etc.) Understanding of respective industry best practices (e.g., NIST, ISO, OWASP, ITIL) At least one security certification is strongly preferred, such as Certified Information Security Management (CISM), Certified Risk Information Security Control (CRISC), or Certified Information Systems Security Professional (CISSP) Prior experience of management of technology infrastructure is preferred Skills: multi-factor authentication,dns,security awareness,security documentation,ips/ids/hips,business continuity,switches,task management,auditing,vpn,cyber security risk management,routers,virtualization,audit management,internal security assessments,o365 suite,cyber risk management,soc assesment,aws cloud security,cyber security,dlp,risk assessment,regulatory compliance (soc2, hipaa, iso27001),it infrastructure security,security document auditing,waf,email systems/security,office 365 security,web proxy,av/edr,vendor evaluation,cybersecurity risk management,nist, iso, owasp, itil best practices,aws,azure,risk governance,cloud environments,advanced firewalls,risk management,ciso dashboard management,compliance,security awareness training,email security,firewall rules review,cyber risk management lead,proxy,effective communication,dhcp,enterprise it infrastructure,cloud security,security assessments,o365,routers/switches,incident response,incident management Show more Show less

Greetings from Peoplefy! We're looking for a hands-on Application Security and DevSecOps Engineer to help drive secure development practices, enforce security by design, and shape a culture of responsible security behavior. Location - Pune Experience - 4+ years Notice Period - immediate to 60 days What You’ll Do Serve as the primary point of contact for application security across multiple teams Define and drive security roadmaps and ensure adoption Guide development teams on secure coding, vulnerability management, and patching Lead security activities like SAT (Security Acceptance Testing), threat modeling, and penetration test follow-ups Implement strong authentication, privilege management, and obsolescence control Support DevSecOps practices and ensure compliance with security frameworks Raise awareness and foster a security-first mindset across technical and business teams What You Bring Solid understanding of application security principles and frameworks (e.g., OWASP, CIS) Experience with vulnerability scanning tools, patch management, and risk analysis Strong grasp of secure development practices in cloud-native and DevOps environments Ability to collaborate cross-functionally and communicate security risks effectively Familiarity with lifecycle management for systems, middleware, libraries, and authentication mechanisms like MFA, PKI Interested candidates please share your updated resumes on amruta.bu@peoplefy.com Show more Show less

Senior Cybersecurity Specialist Are you an experienced cybersecurity professional who is excited about practical application of cybersecurity into industrial and IoT environments? We would like to have you on our team to keep smart cities cybersecure! The KONE Technology and Innovation (KTI) function is where the magic happens at KONE. It's where we combine the physical world – escalators and elevators – with smart and connected digital systems. We are changing and improving the way billions of people move within cities every day. Within the KONE Technology & Innovation unit, we have a dedicated Cybersecurity team for assuring the security of KONE’s products and solutions as well as applications used by KONE’s business lines. Buzzwords: Application security, Cloud security, SDL, DevSecOps We are now looking for a person to support and drive the Security Development Lifecycle (SDL) activities in KONE solution development projects. Our solutions range from connected elevator systems to cloud services and to mobile applications for technicians and for end users. As a Senior Cybersecurity Specialist, you will be responsible for supporting KONE development teams globally to identify and implement security requirements and to review and test the solutions as they have been implemented. You enjoy working in co-operation with development teams to offer solutions for security problems and practical guidelines on how to implement security in the projects. You get to conduct threat analysis and identify the appropriate security requirements. You don’t shy away from getting hands on with application owners and developers to guide them or help them implement the necessary security controls. Through validation and testing you ensure that controls are implemented, and the requirements fulfilled. You support our becoming and existing Security Champions to succeed in their roles by guiding, identifying their skill gaps, and providing training. You might be an experienced security-minded software developer, or perhaps you are a cybersecurity professional who has specialized in application security. You can communicate with various audiences, and you can deal both with the big picture as well as with details when so required. The position is located in Pune, India. Responsibilities Act as a cybersecurity advisor and provide security expertise and guidance to development and operations teams. Conduct risk-based security impact assessments to classify applications and assign appropriate security requirements. Translate requirements into actionable tasks and guide stakeholders in understanding and implementing them. Detect security issues during validation and operation using automation and scenario-based testing. Help teams to understand and mitigate risks and vulnerabilities. Review and enhance security documentation and assessments from Security Champions, offering constructive feedback. Monitor R&D and IT stakeholder needs and deliver targeted security training or clinics. Collaborate within the Cybersecurity team to improve KONE’s security management system, SDL standards, processes, and tools. Requirements 5+ years of experience in cybersecurity. CISSP, CSSLP or other relevant certifications are considered a plus. Educational qualifications (B. Sc. or M Sc. in computer science, business administration, information technology management, information systems security or related) Practical experience in implementing Security Development Lifecycle (SDL) in agile software projects (for example, Microsoft SDL, OWASP, BSIMM) Familiarity with security standards and best practices (for example: ISO 27001, IEC 62443, OWASP) Experience in threat modeling and security risk assessment Experience with DevSecOps practices and tools (SCA, SAST, DAST) Experience with cloud platforms (AWS or Microsoft Azure) Why to join KONE’s cybersecurity team? We at KONE’s cybersecurity team are at an interesting point currently. Our focus has been on modernizing enterprise cybersecurity to limit risks with day-to-day operations but at the same time, we are building our industrial and product cybersecurity. KONE is on a digitalization journey and our elevators are transforming from a steel box on the end of a rope into central platforms of smart buildings. We are bringing totally new kinds of innovative solutions to the market to enable even smarter people flow. As our offering becomes more digital, excellent cybersecurity plays a crucial role in building customer trust. KONE Technology and Innovation We are changing and improving the way billions of people move within buildings every day. Hardware is where we've always shined, but today, digital expertise – IoT, analytics, AI, automation, simulation, to name a few – is equally important for our continued success. What's KONE Technology & Innovation like as a workplace? We like to think of ourselves as a diverse tribe, pulling together to understand and meet the ever-changing needs of our customers, from concept through to design, down to every single finished product. This all happens in an atmosphere of trust and respect, typified by our Nordic values, a healthy work-life balance, and a flat hierarchy. At KONE, we are focused on creating an innovative and collaborative working culture where we value the contribution of each individual. Employee engagement is a key focus area for us and we encourage participation and the sharing of information and ideas. Sustainability is an integral part of our culture and the daily practice. We follow ethical business practices and we seek to develop a culture of working together where co-workers trust and respect each other and good performance is recognized. In being a great place to work, we are proud to offer a range of experiences and opportunities that will help you to achieve your career and personal goals and enable you to live a healthy and balanced life. Read more on www.kone.com/careers Show more Show less

Senior Cybersecurity Specialist Are you an experienced cybersecurity professional who is excited about practical application of cybersecurity into industrial and IoT environments? We would like to have you on our team to keep smart cities cybersecure! The KONE Technology and Innovation (KTI) function is where the magic happens at KONE. It's where we combine the physical world – escalators and elevators – with smart and connected digital systems. We are changing and improving the way billions of people move within cities every day. Within the KONE Technology & Innovation unit, we have a dedicated Cybersecurity team for assuring the security of KONE’s products and solutions as well as applications used by KONE’s business lines. Buzzwords: Application security, Cloud security, SDL, DevSecOps We are now looking for a person to support and drive the Security Development Lifecycle (SDL) activities in KONE solution development projects. Our solutions range from connected elevator systems to cloud services and to mobile applications for technicians and for end users. As a Senior Cybersecurity Specialist, you will be responsible for supporting KONE development teams globally to identify and implement security requirements and to review and test the solutions as they have been implemented. You enjoy working in co-operation with development teams to offer solutions for security problems and practical guidelines on how to implement security in the projects. You get to conduct threat analysis and identify the appropriate security requirements. You don’t shy away from getting hands on with application owners and developers to guide them or help them implement the necessary security controls. Through validation and testing you ensure that controls are implemented, and the requirements fulfilled. You support our becoming and existing Security Champions to succeed in their roles by guiding, identifying their skill gaps, and providing training. You might be an experienced security-minded software developer, or perhaps you are a cybersecurity professional who has specialized in application security. You can communicate with various audiences, and you can deal both with the big picture as well as with details when so required. The position is located in Pune, India. Responsibilities Act as a cybersecurity advisor and provide security expertise and guidance to development and operations teams. Conduct risk-based security impact assessments to classify applications and assign appropriate security requirements. Translate requirements into actionable tasks and guide stakeholders in understanding and implementing them. Detect security issues during validation and operation using automation and scenario-based testing. Help teams to understand and mitigate risks and vulnerabilities. Review and enhance security documentation and assessments from Security Champions, offering constructive feedback. Monitor R&D and IT stakeholder needs and deliver targeted security training or clinics. Collaborate within the Cybersecurity team to improve KONE’s security management system, SDL standards, processes, and tools. Requirements 5+ years of experience in cybersecurity. CISSP, CSSLP or other relevant certifications are considered a plus. Educational qualifications (B. Sc. or M Sc. in computer science, business administration, information technology management, information systems security or related) Practical experience in implementing Security Development Lifecycle (SDL) in agile software projects (for example, Microsoft SDL, OWASP, BSIMM) Familiarity with security standards and best practices (for example: ISO 27001, IEC 62443, OWASP) Experience in threat modeling and security risk assessment Experience with DevSecOps practices and tools (SCA, SAST, DAST) Experience with cloud platforms (AWS or Microsoft Azure) Why to join KONE’s cybersecurity team? We at KONE’s cybersecurity team are at an interesting point currently. Our focus has been on modernizing enterprise cybersecurity to limit risks with day-to-day operations but at the same time, we are building our industrial and product cybersecurity. KONE is on a digitalization journey and our elevators are transforming from a steel box on the end of a rope into central platforms of smart buildings. We are bringing totally new kinds of innovative solutions to the market to enable even smarter people flow. As our offering becomes more digital, excellent cybersecurity plays a crucial role in building customer trust. KONE Technology and Innovation We are changing and improving the way billions of people move within buildings every day. Hardware is where we've always shined, but today, digital expertise – IoT, analytics, AI, automation, simulation, to name a few – is equally important for our continued success. What's KONE Technology & Innovation like as a workplace? We like to think of ourselves as a diverse tribe, pulling together to understand and meet the ever-changing needs of our customers, from concept through to design, down to every single finished product. This all happens in an atmosphere of trust and respect, typified by our Nordic values, a healthy work-life balance, and a flat hierarchy. At KONE, we are focused on creating an innovative and collaborative working culture where we value the contribution of each individual. Employee engagement is a key focus area for us and we encourage participation and the sharing of information and ideas. Sustainability is an integral part of our culture and the daily practice. We follow ethical business practices and we seek to develop a culture of working together where co-workers trust and respect each other and good performance is recognized. In being a great place to work, we are proud to offer a range of experiences and opportunities that will help you to achieve your career and personal goals and enable you to live a healthy and balanced life. Read more on www.kone.com/careers Show more Show less

About the Company: VISO TRUST is the only SaaS third party cyber risk management platform that delivers the security intelligence needed for modern companies to make critical risk decisions at the speed of business. Assessing the risk of data breach third party relationships pose to their customers is a traditionally complex and labor intensive process that slows business, frustrates stakeholders and leaves security teams branded: the department of “no.” With VISO’s AI-based system, practitioners can instantly and continually assess any number of third parties while achieving on average a 90% boost in operational efficiency. At VISO, we are excited to be enabling customers to reduce risk and accelerate business at the same time. VISO TRUST is a venture-backed startup with a fully remote workforce based in North America. When hiring, we look for signs that a candidate will thrive in our culture, where we put people first and value ownership, curiosity, honesty and humility in the pursuit of excellence. We also value our differences, employing a team rich in diverse perspectives and experiences. We are dedicated to equal employment opportunities regardless of status or membership in a protected class or lack thereof. About the Job As a Third Party Risk Auditor at VISO TRUST, you will be responsible for analyzing security documents, conducting third-party risk assessments, and ensuring the accuracy of our AI-driven platform’s automated due diligence. You’ll collaborate with Product, Engineering, and Machine Learning teams to improve risk assessments and enhance platform efficiency. This role is ideal for someone with strong analytical skills and experience in cybersecurity frameworks, excited to work with AI to streamline third-party risk management. Key Responsibilities Analyzing security program related language and documents, recording text annotations for the training of machine learning models and ensuring quality assurance on the conclusions drawn by automated assessments Conducting domestic and global third party risk assessments including coordinating intake of new third parties and new engagements, third party security reviews, interacting with internal and external stakeholders, reporting on assessment outcomes and tracking remediation efforts Working closely with Product, Engineering, Customer Success and Machine Learning teams to contribute to automation logic and model training and ensure the success of reviews performed on the platform Apply VISO TRUST methodology to to evaluate control presence and determine risk Document assessment procedures for subsequent automation Review business and technical assessments, questionnaires and related documentation Schedule and conduct review calls with third parties: ensure and track questionnaires sent to third parties, track and report on abandoned third parties, receive and review questionnaires responses and finalize reports Coordinate other due diligence that needs to be done in addition to security questionnaire when needed Collaborate with VISO Audit, Product, Engineering and Machine Learning personnel to develop continued program process and platform improvements Report on assessment outcomes, risk levels, and remediation progress Key Skills, Qualifications & Experience Strong analytical/critical thinking skills Excellent written, verbal communication and organizational skills Ability to perform policy and standard gap analyses based on leading security frameworks Knowledge of common control and policy taxonomies and hierarchies and related language Knowledge of common third party assurance related documents, their structure and analysis, such as AICPA SOC reports, PCI DSS ROC, HiTrust, ISO 27001 Statements of Applicability, etc. Deep knowledge and experience with regard to the VISO TRUST technology platform and it’s unique approach to text extraction and automated risk determination Bachelor’s degree with a major in Information Security or equivalent combination of education and experience, ie. CISSP, CISA, CIPP, CRISC, CEH, and/or CISM 2-5 years of experience with third party cyber risk management Have performed IT risk assessments against OWASP, PCI, GLBA, NIST, ISO, SIG/AUP or other standards Strong knowledge base in information security, risk management, privacy, operations, enterprise networking, systems evaluation, and architecture Ability to discern business relevant risk associated with technology control deficiencies, and to identify the corresponding remediation which is required to mitigate the business impact Knowledge of security, risk and privacy regulatory frameworks such as NIST, SOX, PCI, HIPAA, ISO, Safe Harbor, CSA, etc. Self-starter who can function independently with limited direction but work closely with others when necessary. Knowledge of security, risk and privacy regulatory frameworks such as NIST, SOX, PCI, HIPAA, ISO, Safe Harbor, CSA, etc. Self-starter who can function independently with limited direction but work closely with others when necessary Show more Show less

· Experience: 3-5 years in automation testing, with hands-on experience in Cypress, Selenium, or Playwright using JavaScript, or Selenium with Java. · API Testing: Proven experience with API testing using tools like Rest Assured, Postman, or Karate. · Performance Testing: Exposure to tools like JMeter. · Security Testing: Familiarity with OWASP tools (preferred). · Programming Skills: Strong understanding of programming concepts, frameworks, and debugging techniques. · Methodologies: In-depth knowledge of software testing methodologies, best practices, and quality assurance principles. · CI/CD Integration: Experience with continuous integration and continuous delivery pipelines. · Education: Bachelor's degree in computer science, Engineering, or a related field.

· Experience: 3-5 years in automation testing, with hands-on experience in Cypress, Selenium, or Playwright using JavaScript, or Selenium with Java. · API Testing: Proven experience with API testing using tools like Rest Assured, Postman, or Karate. · Performance Testing: Exposure to tools like JMeter. · Security Testing: Familiarity with OWASP tools (preferred). · Programming Skills: Strong understanding of programming concepts, frameworks, and debugging techniques. · Methodologies: In-depth knowledge of software testing methodologies, best practices, and quality assurance principles. · CI/CD Integration: Experience with continuous integration and continuous delivery pipelines. · Education: Bachelor's degree in computer science, Engineering, or a related field.

· Experience: 3-5 years in automation testing, with hands-on experience in Cypress, Selenium, or Playwright using JavaScript, or Selenium with Java. · API Testing: Proven experience with API testing using tools like Rest Assured, Postman, or Karate. · Performance Testing: Exposure to tools like JMeter. · Security Testing: Familiarity with OWASP tools (preferred). · Programming Skills: Strong understanding of programming concepts, frameworks, and debugging techniques. · Methodologies: In-depth knowledge of software testing methodologies, best practices, and quality assurance principles. · CI/CD Integration: Experience with continuous integration and continuous delivery pipelines. · Education: Bachelor's degree in computer science, Engineering, or a related field.