Cybersecurity ManagerMPIN

Key Responsibilties

Cybersecurity Manager is required to have the following 02 key responsibilities :-

1. Project Security Manager
Support the IT Owner or Product Responsible Office in the implementation of the cybersecurity requirements as per Cybersecurity related policies and procedures
Support the creation and maintenance of cybersecurity relevant documentation
Act as the first point of contact regarding cybersecurity within the team developing or operating the IT System or Bosch Product
Distribute information regarding Cybersecurity related policies and procedures within the team developing or operating the IT System or Bosch Product
Support decisions on how to proceed with cybersecurity-relevant changes vulnerabilities and cybersecurity incident response

2. Penetration Tester

Scoping and execution of penetration tests against a variety of technologies including web application mobile and infrastructure
Simulate cyber attacks to identify system vulnerabilities
Develop penetration testing methodologies
Prepare detailed reports on the findings of penetration tests
Recommend and implement improvements to security policies
Keep abreast of the latest penetration testing tools and techniques
Train staff on security awareness and procedures
Collaborate with IT staff to improve system security
Conduct security audits and provide recommendations for improvements
Identify and report findings to management
Act as the subject matter expert for the firm on all aspects of Penetration Testing

Qualifications :

Required Competencies

As Project Security Manager
Must have a suitable academic background e.g. Bachelors in Computer Science
Must have the necessary communication and networking skills to communicate with the Project Teams for both internal and external customers
Deep understanding of the Cybersecurity related policies and procedures
Any Three (03) of the following Domain-specific competencies :-
Secure Software Development
Security Testing
Communication and Network Security
Cloud security
Web Security and Application Security
Cryptography
Identity and Access Management
Security Architectures and Engineering
Security of Connected Products
Hardware Security
Embedded Security

All of the following competencies :-
Incident Response
Risk Management
Vulnerability Management
Cybersecurity relevant Laws Regulations and Standards
Product Liability
Project Management Skills
Knowledge of the Target Domain
Knowledge of the MPSs operational procedures along the product or IT System life cycle
Leadership skills
Communication and Moderation skills
Cooperation and Networking skills
Trainings and Coaching skills

As Penetration Tester
Networking Fundamentals: Understanding TCP/IP DNS HTTP/HTTPS routing subnets NAT common ports and services is crucial for analyzing attack paths and understanding how data flows through networks
Operating System Mastery: Proficiency in Linux and Windows is essential for handling various operating systems and their unique vulnerabilities
Programming & Scripting: Skills in Python for automation and Bash for Linux workflows are valuable for building and managing penetration testing tools
Web Application Security: Knowledge of OWASP Top 10 vulnerabilities authentication flaws session issues SQL injection cross-site scripting and other web application security risks is critical
Mobile Application Security: Knowledge of OWASP Top 10 vulnerabilities and latest tools and techniques for Android and iOS App Penetration Testing
Protocol Level Exploitation: Port Scanning SQL Injection DNS Spoofing HTTP/HTTPS/TLS Attacks
Cloud Security Basics: Understanding cloud security concepts identity and access management and storage exposure is important
Tool Mastery: Familiarity with various penetration testing tools and the ability to perform manual testing and report findings is necessary. Mastery over following tools is mandatory :-
Burpsuite
Nessus
OpenVAS
Metasploit
NMAP
Communication & Report Writing: Effective communication and the ability to write clear and concise reports are essential for conveying findings and recommendations to clients
Certifications (desirable): Certified Ethical Hacker (CEH) Offensive Security Certified Professional (OSCP) or CompTIA Security Secure

Remote Work :

No

Employment Type :

Full-time