WHAT YOU'LL DO
The IT Security Lead works in the Enterprise team with BCG's Information Security and Risk Management (ISRM), Legal, Procurement, Risk, Client Services Officers and client case teams to address BCG and client information security concerns. This includes, but is not limited to:
- Tactically execute the Vulnerability Management Program by coordinating with various stakeholders within the IT organization, monitor progress of risk remediation and support the asset owners with subject matter expertise in resolving vulnerabilities.
- Execute Penetration Testing, Red Team Exercise and Purple Team assignments as part of the Vulnerability Management Program either hands on or using existing suppliers of BCG wherever necessary.
- Develop the roadmap of Continuous Automated Red Teaming (CART) to be implemented within BCG.
- Perform assessment of critical vulnerabilities and zero-day attacks as may impact BCG digital ecosystem and interact with asset owners to get the vulnerabilities remediated.
- Vulnerability research and cyber threat intelligence to release security advisory to IT Infrastructure hosting and application development team.
- Analyze existing vulnerabilities and find out root cause issues to resolve security gaps.
- Develop PowerPoint presentation to represent issues and resolutions.
- Building and maintaining relationships within relevant internal IT team stakeholders.
- Executing tasks aligned to the Red Team with autonomy and authority.
- Demonstrating experience with common Penetration testing and Red Team tools such as Cobalt Strike, Mimikatz, Kali Linux, and BurpSuite Pro etc.
- Developing custom scripts using either of Python, PowerShell, Azure CLI, C, C# etc to solve an enumeration problem.
- Develop and review security policies and standards to solve an administrative problem.
- Motive other ISRM staffs and contractor to proactively deal with vulnerabilities.
YOU'RE GOOD AT
- Hands on expertise on performing red team exercise, penetration testing, vulnerability assessment and vulnerability research.
- Maintain up-to-date knowledge of the emerging cyber threat, related mitigation solutions and hands on ability to resolve or reduce risks arising out of software vulnerabilities.
- Latest offensive security technologies, solutions, and industry framework like MITRE Att&CK.
- Leading and executing red team exercise within complex technology environment and matrix organization.
- Breadth and depth of knowledge about cloud services relating to AWS or Azure.
- High level understanding of laws and regulations impacting Information Security like EU GDPR.
- Industry frameworks and certifications like MITRE Attack Framework, NIST and ISO27001
- Provide input, feedback towards the development of security policies, standards and architecture.
- Review and prepare weekly and monthly status reports and statistics on various tasks.
- Strike an effective balance between security and user experience
YOU BRING (EXPERIENCE & QUALIFICATIONS)
- 10+ years of experience in performing red team exercise, penetration testing, vulnerability assessment and vulnerability research.
- Knowledge of Active Directory, Azure Cloud, AWS Cloud and common scripting and programming languages.
- Strong technical skills to help analyze risk in context to BCG business interest
- Outstanding verbal and written communications skills are a must because of the requirement to represent BCG in communications with clients.
- High level of initiative and self-motivation, resourceful, and patient with an iterative process
- Ability to gain trust and commitment of others at different levels of the organization
- Successful maintenance of certification i.e. OSCP/OSCE, CISSP, CISM, CISA.
YOU'LL WORK WITH
BCG’s Business Services Team (BST) is the operational heart of our business and is invaluable to our success. Within BST, functions support Local offices and Regional jurisdictions. Global and centralized initiatives sit with Global Services (GS), a network of 1000 + professionals in 30 countries though the majority of GS staff sit in ‘hub’ cities eg Boston, New Delhi, London, Munich and Madrid. Global Services (GS) consists of a varied range of functions providing corporate support of BCG's business and strategic priorities for example, Finance, Legal, HR, Marketing, IT, Risk, Partner Services and more. This diverse team of experts, operators and specialists represent all levels from Partner to entry level Staff, operating across the globe in multiple countries.
Global Services rapid growth and expansion over the last few years has created a need for strong operations management, governance and leadership to better enable Global Services to support BCG’s world class Consulting & Knowledge and Analytics divisions. Global Services is in short the backbone of BCG and our ability grow apace with the other divisions and to continue to attract and develop top talent, directly impacts the entire Group.
- You will work in a fast-paced, intellectually intense, service-oriented environment and to interpret rules and guidelines flexibly to enhance the business and in keeping with BCG’s values and culture.
- Experience working successfully within a complex matrix structured organization is essential.
- It is necessary to have the ability to understand and manage complex reporting relationships and incorporate multiple cultures.