Security Consultant

Bosch Global Software Technologies Private Limited is a 100% owned subsidiary of Robert Bosch GmbH, one of the world's leading global supplier of technology and services, offering end-to-end Engineering, IT and Business Solutions. With over 28,200+ associates, it’s the largest software development center of Bosch, outside Germany, indicating that it is the Technology Powerhouse of Bosch in India with a global footprint and presence in the US, Europe and the Asia Pacific region.

Roles & Responsibilities :
ob Summary:

We are looking for a Security Consultant with a strong background in security testing and Governance, Risk, and Compliance (GRC) to bolster our organization’s cybersecurity posture. This hybrid role demands hands-on technical expertise in identifying vulnerabilities and executing penetration tests, coupled with a deep understanding of risk frameworks, compliance standards, and regulatory requirements.

Key Responsibilities:

Security Testing:

• Conduct penetration testing and vulnerability assessments across web, network, mobile, and cloud environments.

• Identify and exploit vulnerabilities using tools such as Burp Suite, Metasploit, Nmap, Nessus, and OWASP ZAP.

• Simulate real-world cyberattacks to evaluate system resilience and generate actionable remediation insights.

• Perform Secure Development Lifecycle (SDL) reviews and threat modeling exercises.

• Collaborate with application, DevOps, and infrastructure teams to validate fixes and improve security controls.

GRC Responsibilities:

• Develop, implement, and maintain security policies, procedures, and controls aligned with leading frameworks and best practices.

• Conduct risk assessments, maintain the enterprise risk register, and support risk mitigation activities.

• Ensure and track compliance with standards including ISO 27001, NIST, PCI-DSS, GDPR, and HIPAA.

• Facilitate internal/external audits by preparing documentation, conducting gap analyses, and driving remediation.

• Collaborate with business and technical stakeholders to embed security into processes and projects.

• Conduct privacy impact assessments and Responsible AI reviews.

Required Skills & Qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.

• 4 to 8 years of combined experience in security testing and GRC functions.

• Proficient in the OWASP Top 10, CVE database analysis, and secure coding practices.

• Hands-on experience with SIEM tools, incident response, and threat modeling methodologies.

• Strong analytical and problem-solving skills with excellent verbal and written communication abilities.

• Ability to translate technical vulnerabilities into business impact and risk language.

Preferred Certifications:

• Technical: CEH, OSCP, GPEN

• GRC: CISA, CISM, CRISC, ISO 27001

Lead Implementer/Auditor Experience with GRC platforms like RSA Archer, ServiceNow GRC, or LogicGate is a plus.

Educational qualification:

Experience :

Mandatory/requires Skills :

Preferred Skills :

Experience - 4 to 8 years