Deloitte | India Offices of the US

Cyber -  Defense & Resilience - ASM+MPT -Senior Consultant 

Attack Surface Management (ASM) Services

Overview

Are you interested in improving the cyber and organizational risk profiles of leading companies? Do you want to deliver Attack Surface Management (ASM) services, identifying vulnerable IT assets and weak security configurations in real time? If you thrive in dynamic environments and are passionate about cybersecurity, Deloitte’s ASM team could be the place for you.

About Deloitte’s ASM Team

• Focus: Transparency, innovation, collaboration, and sustainability.
• Mission: Deliver industry-leading services with fresh thinking and a creative approach.
• Collaboration: Work with teams across Deloitte, leveraging both commercial and public sector expertise.
• Goal: Be the premier integrated services provider transforming the cybersecurity services marketplace.

As a Senior Consultant, you will:

• Work with global teams of engineers and analysts specializing in cybercriminal tactics, tools, and procedures.
• Help clients discover vulnerabilities and rogue assets (e.g., shadow IT) in their networks.
• Enable clients to achieve business growth while managing risk.

Key Responsibilities

• Conduct vulnerability assessments and manual penetration testing for:
• Web applications
• APIs
• Thick client applications
• Mobile applications
• Perform secure code reviews and analyze false positives from industry-standard tools.
• Respond to ad-hoc reporting and research requests from management and analysts.
• Develop and implement application security policies and procedures.
• Identify and prioritize security vulnerabilities.
• Coordinate with development and operations teams to assist with remediation plans and secure applications.
• Rapidly understand and deliver on company and client requirements.
• Participate in regular reporting (daily, weekly, quarterly, yearly) for clients, partners, and internal teams.
• Adhere to internal operational security and other Deloitte policies.

Required Qualifications

• Education: Bachelor’s degree or higher in Computer Science, or equivalent experience.
• Experience: 5–9 years of hands-on experience in:
• Application security
• Vulnerability assessment
• Penetration testing
• Mobile application security
• Thick client and Web API security assessments
• Technical Skills:
• Strong understanding of OWASP Top 10 and other vulnerabilities.
• Manual assessment and exploitation of vulnerabilities (e.g., Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling).
• Understanding of OAUTHv2/OpenID standards and associated vulnerabilities.
• Business logic vulnerability identification.
• Secure code review following OWASP Secure Coding Practices.
• Proficiency with tools: Burp Suite, Fiddler, Sysinternals, Veracode, DnSpy, OllyDbg, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida, etc.
• Manual penetration testing and use of automated tools.
• Strong technical report writing skills.
• Knowledge of web application components (frontend, backend, databases, application servers).
• Understanding of web development technologies (HTML, CSS, JavaScript, PHP, Java, .NET, backend databases).
• Experience with application security architecture review and threat modeling.
• Basic concepts of reverse engineering and memory analysis.
• Understanding of networking protocols (TCP/IP, DNS, HTTP/S).
• Familiarity with vulnerability classification (CVE/CVSS).
• Certifications: One or more of the following:
• CISSP
• OSCP
• OSWE
• BSCP
• GWAPT

Preferred Qualifications

• Proficiency in web and mobile application security assessments, penetration testing, and secure code review.
• Relevant publications (blogs, tools, conference presentations, CVEs).
• Preferred certifications: OSWE, BSCP.
• Experience with automation and scripting (Python).
• Outstanding English written and oral communication skills.
• Strong understanding of web, mobile, and microservices vulnerabilities.
• Knowledge of malicious code operation and exploitation of technical vulnerabilities.
• Strong analytical and problem-solving skills.
• Self-motivated to upskill and learn new attack vectors.
• Desire to deeply understand the what, why, and how of security vulnerabilities.

If you are passionate about cybersecurity and ready to make an impact, Deloitte’s ASM team offers a collaborative and innovative environment to grow your career.