Cybersecurity Manager_MPIN

Company Description

About Mobility Platform & Solutions (MPS)

Mobility Platform & Solutions (MPS) is a rapidly scaling mobility platform business within the Bosch ecosystem, building coordination infrastructure for the mobility and logistics ecosystem across India, Europe, and North America.
The business is currently at ~€12M revenue and is on a strategic growth trajectory toward €100M and beyond, with long-term ambitions toward €1B scale. This requires building a workforce architecture capable of supporting a platform organization operating across multiple geographies and partner ecosystems.

Job Description

Key Responsibilties

Cybersecurity Manager is required to have the following 02 key responsibilities :-

1. Project Security Manager
• Support the IT Owner or Product Responsible Office in the implementation of the cybersecurity requirements, as per Cybersecurity related policies and procedures
• Support the creation and maintenance of cybersecurity relevant documentation
• Act as the first point of contact regarding cybersecurity within the team developing or operating the IT System or Bosch Product
• Distribute information regarding Cybersecurity related policies and procedures within the team developing or operating the IT System or Bosch Product
• Support decisions on how to proceed with cybersecurity-relevant changes, vulnerabilities, and cybersecurity incident response

2. Penetration Tester

• Scoping and execution of penetration tests against a variety of technologies including web application, mobile and infrastructure
• Simulate cyber attacks to identify system vulnerabilities
• Develop penetration testing methodologies
• Prepare detailed reports on the findings of penetration tests
• Recommend and implement improvements to security policies
• Keep abreast of the latest penetration testing tools and techniques
• Train staff on security awareness and procedures
• Collaborate with IT staff to improve system security
• Conduct security audits and provide recommendations for improvements
• Identify and report findings to management
• Act as the subject matter expert for the firm on all aspects of Penetration Testing

Qualifications

Required Competencies

As Project Security Manager
• Must have a suitable academic background, e.g., Bachelor's in Computer Science
• Must have the necessary communication and networking skills to communicate with the Project Teams, for both internal and external customers
• Deep understanding of the Cybersecurity related policies and procedures
• Any Three (03) of the following Domain-specific competencies :-
 Secure Software Development
 Security Testing
 Communication and Network Security
 Cloud security
 Web Security and Application Security
 Cryptography
 Identity and Access Management
 Security Architectures and Engineering
 Security of Connected Products
 Hardware Security
 Embedded Security

All of the following competencies :-
 Incident Response
 Risk Management
 Vulnerability Management
 Cybersecurity relevant Laws, Regulations, and Standards
 Product Liability
 Project Management Skills
 Knowledge of the Target Domain
 Knowledge of the MPS’s operational procedures along the product or IT System life cycle
 Leadership skills
 Communication and Moderation skills
 Cooperation and Networking skills
 Trainings and Coaching skills

As Penetration Tester
• Networking Fundamentals: Understanding TCP/IP, DNS, HTTP/HTTPS, routing, subnets, NAT, common ports and services is crucial for analyzing attack paths and understanding how data flows through networks
• Operating System Mastery: Proficiency in Linux and Windows is essential for handling various operating systems and their unique vulnerabilities
• Programming & Scripting: Skills in Python for automation and Bash for Linux workflows are valuable for building and managing penetration testing tools
• Web Application Security: Knowledge of OWASP Top 10 vulnerabilities, authentication flaws, session issues, SQL injection, cross-site scripting, and other web application security risks is critical
• Mobile Application Security: Knowledge of OWASP Top 10 vulnerabilities, and latest tools and techniques for Android and iOS App Penetration Testing
• Protocol Level Exploitation: Port Scanning, SQL Injection, DNS Spoofing, HTTP/HTTPS/TLS Attacks
• Cloud Security Basics: Understanding cloud security concepts, identity and access management, and storage exposure is important
• Tool Mastery: Familiarity with various penetration testing tools and the ability to perform manual testing and report findings is necessary. Mastery over following tools is mandatory :-
 Burpsuite
 Nessus
 OpenVAS
 Metasploit
 NMAP
• Communication & Report Writing: Effective communication and the ability to write clear and concise reports are essential for conveying findings and recommendations to clients
• Certifications (desirable): Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or CompTIA Security+ Secure

Additional Information