Senior Security Engineer
- Bachelor's degree in Computer Science, Engineering or related
- 3-8 years of relevant information security experience
- 2+ years Java, .Net or similar technology stack field
- Prior experience of auditing experience like ISO27001/PCI based security assessments is a plus
- Excellent skills in penetration testing of applications (web, mobile) and network infrastructure
- Ability to perform security assessments of existing and newly developed applications, infrastructure, libraries, and open source projects
- Ability to automate possible scenarios of the identification of security issues throughout development work flow
- Ability to review identified vulnerabilities and develop new code, patterns or tools to prevent them in future development.
- Experience of using tools like Burpsuite, Appscan, Nessus, Metasploit, Fortify, Veracode etc
- Experience with DevOps processes and culture
- Experience with DevOps tools (e.g. GoCD, GitHub, Ansible)
- Experience in an Agile development environment; Continuous delivery/integration experience is a plus
- Experience with containerized environments (Dockers, DC/OS, Kubernetes)
- Exposure to one of the major cloud IaaS providers (AWS, Azure, Google)
- CISSP / CSSLP/CEH certification is a plus.
- Excellent communication, analytical, problem solving and troubleshooting skills
- Strong team-oriented interpersonal and collaboration skills
- Self-starter, proactive in nature
Who You'll Work With
You will be a core member of the Information Security team working out of our Gurgaon office. You will be part of a global team that is distributed across New York, London, Prague and San José.
The goal of the Information Security team is to establish and maintain a comprehensive IT security strategy and architecture that builds awareness and ensures the integrity, availability and confidentiality of critical data and systems for the firm.
What You'll Do
You will be involved in all phases of the product development, including requirements, design, code, development and deployment.
You will be embedded within the cross-functional product teams (Dev/QA/DevOps) throughout development lifecycle. You will be given guidance from information security and you will represent the security stakeholders.
You will work closely with product managers, technical leads and developers to define and validate security aspects. For a product, you will be sharing security requirements, assisting the team in developing secure design, performing secure code reviews and validating by performing the pentest of the applications before being rolled out to production. You will be responsible for designing, developing and executing manual and automated security tests using modern tools and techniques.
You will have the opportunity to research new security tools and participate in initiatives to implement those that will cost-effectively enhance testing capabilities and product security.
Meet Some of McKinsey's Employees
Danielle is one of the leaders of McKinsey’s business with retail and consumer clients. She oversees client projects and helps her teams and her clients utilize McKinsey’s resources.
Back to top