Security Consultant

Company Description

Bosch Global Software Technologies Private Limited is a 100% owned subsidiary of Robert Bosch GmbH, one of the world's leading global supplier of technology and services, offering end-to-end Engineering, IT and Business Solutions. With over 28,200+ associates, it’s the largest software development center of Bosch, outside Germany, indicating that it is the Technology Powerhouse of Bosch in India with a global footprint and presence in the US, Europe and the Asia Pacific region.

Job Description

• Roles & Responsibilities :
• ob Summary: 

We are looking for a Security Consultant with a strong background in security testing and Governance, Risk, and Compliance (GRC) to bolster our organization’s cybersecurity posture. This hybrid role demands hands-on technical expertise in identifying vulnerabilities and executing penetration tests, coupled with a deep understanding of risk frameworks, compliance standards, and regulatory requirements. 

Key Responsibilities:

Security Testing:

• Conduct penetration testing and vulnerability assessments across web, network, mobile, and cloud environments. 
• Identify and exploit vulnerabilities using tools such as Burp Suite, Metasploit, Nmap, Nessus, and OWASP ZAP. 
• Simulate real-world cyberattacks to evaluate system resilience and generate actionable remediation insights. 
• Perform Secure Development Lifecycle (SDL) reviews and threat modeling exercises. 
• Collaborate with application, DevOps, and infrastructure teams to validate fixes and improve security controls. 

Grc Responsibilities:

• Develop, implement, and maintain security policies, procedures, and controls aligned with leading frameworks and best practices. 
• Conduct risk assessments, maintain the enterprise risk register, and support risk mitigation activities. 
• Ensure and track compliance with standards including ISO 27001, NIST, PCI-DSS, GDPR, and HIPAA. 
• Facilitate internal/external audits by preparing documentation, conducting gap analyses, and driving remediation. 
• Collaborate with business and technical stakeholders to embed security into processes and projects. 
• Conduct privacy impact assessments and Responsible AI reviews. 
• Bachelor’s degree in Cybersecurity, Information Technology, or a related field. 
• 4 to 8 years of combined experience in security testing and GRC functions. 
• Proficient in the OWASP Top 10, CVE database analysis, and secure coding practices. 

Required Skills & Qualifications:

• Hands-on experience with SIEM tools, incident response, and threat modeling methodologies. 
• Strong analytical and problem-solving skills with excellent verbal and written communication abilities. 
• Ability to translate technical vulnerabilities into business impact and risk language. 
• Technical: CEH, OSCP, GPEN 
• GRC: CISA, CISM, CRISC, ISO 27001  

Preferred Certifications:

Lead Implementer/Auditor Experience with GRC platforms like RSA Archer, ServiceNow GRC, or LogicGate is a plus. 

Qualifications

Educational Qualification:

Experience :

Mandatory/Requires Skills :

Preferred Skills :

Additional Information

Experience - 4 to 8 years