Job Title: Assistant Manager | Risk Management | Pune | Cyber Strategy & Transformation

Assistant Manager | Risk Management | Bengaluru | Cyber Strategy & Transformation
• Job requisition ID : 108631
• Location: Bengaluru
• Entity: Deloitte Touche Tohmatsu India LLP
The Team
Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks. Learn more about Cybersecurity
Your Work Profile
Responsible for validating security controls and remediation measures implemented by Development and DevOps teams, ensuring vulnerabilities are effectively addressed and applications meet Secure SDLC and compliance requirements.
Key Responsibilities
• Validate security controls and vulnerability remediations across applications and cloud environments.
• Verify authentication, authorization (RBAC/ABAC), input validation, secure configurations, and API security controls.
• Re-test vulnerabilities and confirm remediation effectiveness using positive, negative, and edge-case testing scenarios.
• Perform security regression testing to ensure fixes do not introduce new risks.
• Review and validate findings from SAST, DAST, SCA, and Threat Modeling activities.
• Collaborate with Development, DevOps, Security, and QA teams throughout the Secure SDLC lifecycle.
• Maintain security testing evidence, reports, and vulnerability tracking.
Core Skills
• Secure SDLC
• OWASP Top 10
• Threat Modeling
• Application Security Controls
• DevSecOps Practices
• Vulnerability Management
Security Testing Expertise
• SAST, DAST, SCA Validation
• Security Control Verification
• Remediation Testing & Validation
• REST API Security Testing
Tools & Technologies
SAST/SCA: SonarQube, Coverity, Black Duck, IriusRisk
Testing: Burp Suite, OWASP ZAP, Nmap, Postman, Swagger
Tracking/DevOps: Jira, Azure DevOps
Cloud Skills
• Azure Cloud Security (Preferred)
• AWS/GCP (Good to Have)
• IAM, Data Protection, Cryptography
• Cloud Security Controls & CIS Benchmarks
Good to Have
• CI/CD Security & DevSecOps Pipeline Experience
• Python, Bash, or JavaScript Scripting
• Security Design Reviews & Threat Model Validation
Certifications (Preferred)
CEH, CISSP, CISM, Microsoft Azure Security Engineer Associate, or equivalent
Ideal Candidate
Hands-on Application Security/DevSecOps professional with experience in security control verification, remediation validation, and secure application delivery, capable of partnering with engineering teams to strengthen overall security posture.
Education:: Btech. BE , BSC
