Job Portal Logo
LoginSign Up

Cyber - Defense & Resilience - ASM+MPT - Senior Consultant

Deloitte

5 - 10 years

Bengaluru, Chennai, Gurugram, Hyderabad, Kolkata, Mumbai, Pune

Posted: 21/06/2025

Job Description

Position Summary

Cyber -  Defense & Resilience - ASM+MPT -Senior Consultant 

Attack Surface Management (ASM) Services

Overview

Are you interested in improving the cyber and organizational risk profiles of leading companies? Do you want to deliver Attack Surface Management (ASM) services, identifying vulnerable IT assets and weak security configurations in real time? If you thrive in dynamic environments and are passionate about cybersecurity, Deloittes ASM team could be the place for you.

About Deloittes ASM Team

  • Focus: Transparency, innovation, collaboration, and sustainability.
  • Mission: Deliver industry-leading services with fresh thinking and a creative approach.
  • Collaboration: Work with teams across Deloitte, leveraging both commercial and public sector expertise.
  • Goal: Be the premier integrated services provider transforming the cybersecurity services marketplace.

As a Senior Consultant, you will:

  • Work with global teams of engineers and analysts specializing in cybercriminal tactics, tools, and procedures.
  • Help clients discover vulnerabilities and rogue assets (e.g., shadow IT) in their networks.
  • Enable clients to achieve business growth while managing risk.

Key Responsibilities

  • Conduct vulnerability assessments and manual penetration testing for:
    • Web applications
    • APIs
    • Thick client applications
    • Mobile applications
  • Perform secure code reviews and analyze false positives from industry-standard tools.
  • Respond to ad-hoc reporting and research requests from management and analysts.
  • Develop and implement application security policies and procedures.
  • Identify and prioritize security vulnerabilities.
  • Coordinate with development and operations teams to assist with remediation plans and secure applications.
  • Rapidly understand and deliver on company and client requirements.
  • Participate in regular reporting (daily, weekly, quarterly, yearly) for clients, partners, and internal teams.
  • Adhere to internal operational security and other Deloitte policies.

Required Qualifications

  • Education: Bachelors degree or higher in Computer Science, or equivalent experience.
  • Experience: 59 years of hands-on experience in:
    • Application security
    • Vulnerability assessment
    • Penetration testing
    • Mobile application security
    • Thick client and Web API security assessments
  • Technical Skills:
    • Strong understanding of OWASP Top 10 and other vulnerabilities.
    • Manual assessment and exploitation of vulnerabilities (e.g., Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling).
    • Understanding of OAUTHv2/OpenID standards and associated vulnerabilities.
    • Business logic vulnerability identification.
    • Secure code review following OWASP Secure Coding Practices.
    • Proficiency with tools: Burp Suite, Fiddler, Sysinternals, Veracode, DnSpy, OllyDbg, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida, etc.
    • Manual penetration testing and use of automated tools.
    • Strong technical report writing skills.
    • Knowledge of web application components (frontend, backend, databases, application servers).
    • Understanding of web development technologies (HTML, CSS, JavaScript, PHP, Java, .NET, backend databases).
    • Experience with application security architecture review and threat modeling.
    • Basic concepts of reverse engineering and memory analysis.
    • Understanding of networking protocols (TCP/IP, DNS, HTTP/S).
    • Familiarity with vulnerability classification (CVE/CVSS).
  • Certifications: One or more of the following:
    • CISSP
    • OSCP
    • OSWE
    • BSCP
    • GWAPT

Preferred Qualifications

  • Proficiency in web and mobile application security assessments, penetration testing, and secure code review.
  • Relevant publications (blogs, tools, conference presentations, CVEs).
  • Preferred certifications: OSWE, BSCP.
  • Experience with automation and scripting (Python).
  • Outstanding English written and oral communication skills.
  • Strong understanding of web, mobile, and microservices vulnerabilities.
  • Knowledge of malicious code operation and exploitation of technical vulnerabilities.
  • Strong analytical and problem-solving skills.
  • Self-motivated to upskill and learn new attack vectors.
  • Desire to deeply understand the what, why, and how of security vulnerabilities.

If you are passionate about cybersecurity and ready to make an impact, Deloittes ASM team offers a collaborative and innovative environment to grow your career.
Our purpose

Deloittes purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. 
Our people and culture

Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work.
Professional development

At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse   learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India.
Benefits to help you thrive

At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financiallyand live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you.
Recruiting tips

From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.

Requisition code: 301462

About Company

Deloitte is a global professional services firm that provides a wide range of services, including audit and assurance, consulting, tax, risk management, and financial advisory. With a presence in over 150 countries and a network of member firms, Deloitte serves clients across various industries, helping them solve complex business challenges, improve operations, and innovate. Known for its expertise in management consulting, technology solutions, and strategy, Deloitte is one of the Big Four accounting firms and is recognized for its commitment to quality, integrity, and making an impact in the marketplace.

Services you might be interested in

One-Shot Campaign

Reach out to ideal employees in one shot!

The intelligent campaign for reaching out to the ideal audience to whom you can ask for help (guidance or referral).

getmereferred logo Know more