Cyber - Defense & Resilience - ASM+MPT - Senior Consultant

Same job available in 7 locations

Bengaluru, Karnataka, India

Chennai, Tamil Nadu, India

Gurugram, Haryana, India

Hyderabad, Telangana, India

Kolkata, West Bengal, India

Mumbai, Maharashtra, India

Pune, Maharashtra, India

Back to search results
Back to search results

Position Summary

Cyber - Defense & Resilience  – Attack Surface Management (ASM) Services – Senior Consultant

Overview

Are you interested in improving the cyber and organizational risk profiles of leading companies? Do you want to be involved in delivering Attack Surface Management (ASM) Services, including identifying potentially vulnerable IT assets or weak security configurations within networks in real time? Are you excited about rapidly changing operational environments, learning what you need to get the job done, and producing accurate and timely results?

If yes, then Deloitte’s Attack Surface Management (ASM) team could be the place for you! Transparency, innovation, collaboration, and sustainability are the hallmark issues shaping cyber initiatives today. Deloitte’s ASM business is passionate about making an impact with lasting change. Delivering our industry-leading services requires fresh thinking and a creative approach. We collaborate with teams from across our organization to bring the full breadth of Deloitte’s commercial and public sector expertise to best support our clients. Our aspiration is to be the premier integrated services provider in helping to transform the cybersecurity services marketplace.

Our team is client-focused and mission-driven. As a Cyber Risk Attack Surface Senior Consultant in Deloitte's ASM Services, you’ll work with our diverse teams of passionate professionals to help solve some of today’s toughest cybersecurity challenges, enabling our clients to achieve business growth and manage risk.

Work You’ll Do

As an Attack Surface Management Senior Consultant, you will assist our clients with discovering vulnerabilities and rogue assets (such as shadow IT) in their networks as part of a team of engineers and analysts around the world who specialize in the tactics, tools, and procedures used by cyber criminals.

  • Conduct vulnerability assessments and manual penetration testing for Web, API, Thick Client, and mobile applications.
  • Perform secure code review and false positive analysis for vulnerabilities reported by industry-standard tools.
  • Respond to requests for ad-hoc reporting and research topics from management and analysts as required.
  • Develop and implement application security policies and procedures.
  • Identify and prioritize security vulnerabilities.
  • Coordinate with application development and operations teams to assist with remediation plans and secure applications.
  • Quickly understand and deliver on company and client requirements.
  • Aid in and participate in daily, weekly, quarterly, and yearly reporting for clients, partners, and internal teams.
  • Adhere to internal operational security and other Deloitte policies.

Qualifications Required

  • Bachelor’s degree or higher in Computer Science, or equivalent experience.
  • 5–9 years of hands-on experience in application security, vulnerability assessment, penetration testing, mobile application security, Thick Client, and Web API security assessments.
  • Strong understanding of OWASP Top 10 vulnerabilities (and beyond).
  • Strong experience in manual assessment and exploitation of vulnerabilities such as Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling, etc.
  • Strong understanding of OAUTHv2/OpenID standards and associated vulnerabilities.
  • Strong understanding of business logic vulnerabilities.
  • Experience in secure code review in line with OWASP Secure Coding Practices.
  • Proficiency in industry-standard tools such as Burp Suite, Fiddler, Sysinternals suite, Veracode, DnSpy, OllyDbg, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida, etc.
  • Ability to perform manual penetration testing and security assessments using automated tools.
  • Excellent technical report writing skills.
  • Knowledge of web application components like frontend, backend, databases, and application servers.
  • Understanding of web development technologies like HTML, CSS, JavaScript, PHP, Java, .Net, and backend databases.
  • Experience with reviewing application security architectures and threat modeling.
  • Understanding of basic concepts of reverse engineering, memory analysis, etc.
  • Understanding of basic networking protocols such as TCP/IP, DNS, HTTP/s.
  • Understanding of vulnerability classification using National Vulnerability Database nomenclature such as CVE/CVSS.
  • Certifications: CISSP, OSCP, OSWE, BSCP, GWAPT.

Preferred Qualifications

  • Proficiency in web and mobile application security assessments, penetration testing, and secure code review.
  • Relevant publications such as blogs, tools, conference presentations, and CVEs.
  • OSWE and BSCP certifications are preferred.
  • Experience with automation and scripting (Python) is preferred.
  • Outstanding English written and oral communication skills and the ability to prioritize work.
  • Strong understanding of web, mobile, and microservices vulnerabilities.
  • Working knowledge of how malicious code operates and how technical vulnerabilities are exploited.
  • Strong analytical and problem-solving skills.
  • Self-motivated to upskill and learn new attack vectors.
  • A strong desire to understand the what, why, and how of security vulnerabilities.
Our purpose

Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. 
Our people and culture

Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work.
Professional development

At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse   learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India.
Benefits to help you thrive

At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you.
Recruiting tips

From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.

Requisition code: 301459