Cybersecurity Manager_MPIN

Job Description

Key Responsibilties

Cybersecurity Manager is required to have the following 02 key responsibilities :-

1. Project Security Manager
. Support the IT Owner or Product Responsible Office in the implementation of the cybersecurity requirements, as per Cybersecurity related policies and procedures
. Support the creation and maintenance of cybersecurity relevant documentation
. Act as the first point of contact regarding cybersecurity within the team developing or operating the IT System or Bosch Product
. Distribute information regarding Cybersecurity related policies and procedures within the team developing or operating the IT System or Bosch Product
. Support decisions on how to proceed with cybersecurity-relevant changes, vulnerabilities, and cybersecurity incident response

2. Penetration Tester

. Scoping and execution of penetration tests against a variety of technologies including web application, mobile and infrastructure
. Simulate cyber attacks to identify system vulnerabilities
. Develop penetration testing methodologies
. Prepare detailed reports on the findings of penetration tests
. Recommend and implement improvements to security policies
. Keep abreast of the latest penetration testing tools and techniques
. Train staff on security awareness and procedures
. Collaborate with IT staff to improve system security
. Conduct security audits and provide recommendations for improvements
. Identify and report findings to management
. Act as the subject matter expert for the firm on all aspects of Penetration Testing

Qualifications

Required Competencies

As Project Security Manager
. Must have a suitable academic background, e.g., Bachelor's in Computer Science
. Must have the necessary communication and networking skills to communicate with the Project Teams, for both internal and external customers
. Deep understanding of the Cybersecurity related policies and procedures
. Any Three (03) of the following Domain-specific competencies :-
 Secure Software Development
 Security Testing
 Communication and Network Security
 Cloud security
 Web Security and Application Security
 Cryptography
 Identity and Access Management
 Security Architectures and Engineering
 Security of Connected Products
 Hardware Security
 Embedded Security

All of the following competencies :-
 Incident Response
 Risk Management
 Vulnerability Management
 Cybersecurity relevant Laws, Regulations, and Standards
 Product Liability
 Project Management Skills
 Knowledge of the Target Domain
 Knowledge of the MPS's operational procedures along the product or IT System life cycle
 Leadership skills
 Communication and Moderation skills
 Cooperation and Networking skills
 Trainings and Coaching skills

As Penetration Tester
. Networking Fundamentals: Understanding TCP/IP, DNS, HTTP/HTTPS, routing, subnets, NAT, common ports and services is crucial for analyzing attack paths and understanding how data flows through networks
. Operating System Mastery: Proficiency in Linux and Windows is essential for handling various operating systems and their unique vulnerabilities
. Programming & Scripting: Skills in Python for automation and Bash for Linux workflows are valuable for building and managing penetration testing tools
. Web Application Security: Knowledge of OWASP Top 10 vulnerabilities, authentication flaws, session issues, SQL injection, cross-site scripting, and other web application security risks is critical
. Mobile Application Security: Knowledge of OWASP Top 10 vulnerabilities, and latest tools and techniques for Android and iOS App Penetration Testing
. Protocol Level Exploitation: Port Scanning, SQL Injection, DNS Spoofing, HTTP/HTTPS/TLS Attacks
. Cloud Security Basics: Understanding cloud security concepts, identity and access management, and storage exposure is important
. Tool Mastery: Familiarity with various penetration testing tools and the ability to perform manual testing and report findings is necessary. Mastery over following tools is mandatory :-
 Burpsuite
 Nessus
 OpenVAS
 Metasploit
 NMAP
. Communication & Report Writing: Effective communication and the ability to write clear and concise reports are essential for conveying findings and recommendations to clients
. Certifications (desirable): Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or CompTIA Security+ Secure