This job ad has been posted over 30 days ago...



Security Engineer - Pen Testing (Not for freshers. Please mail only if you meet the minimum experien Full-time

at Mckinsey&Company in Gurgaon (Published at 26-11-2014)

IMPORTANT - Not for freshers. Please mail only if you meet the minimum experience criteria


• Perform application penetration tests and review source code for security.
• Document vulnerabilities and provide recommendations / countermeasures.
• Provide consulting services as required to Firm staff on security risks security related issues.
•Keep up with industry trends in security space.
•Liaise with Application Development teams and work towards improving the security posture of applications.
• Be comfortable to work in 1 to 9 PM IST shift.


•Strong technical knowledge in performing manual ( should be strong here) and automated web application security assessments using open-source and commercial security tools (ex. IBM AppScan, Burp Suite, vulnerability scanners, local proxies etc) across web technologies and various operating systems.
•Hands on experience in identifying inherent vulnerabilities within Mobile applications (iOS, Android, Blackberry, web services) and recommend countermeasures.
•Ability to perform web services security testing.


•Proficient in Unix/Linux and Windows operating systems.
•Knowledge of Network penetration testing would be a plus.
•Strong knowledge of industry best practices and technologies to address common vulnerabilities.
•Ability to quickly learn new technologies and analyse their potential value within McKinsey's environment.
•Excellent communication, analytical, problem solving and troubleshooting skills.
•Strong team-oriented interpersonal and collaboration skills.
•Self-starter, proactive in nature
•Good to have security source code review skills for different languages/Frameworks (HTML, JavaScript, Ajax, Java, .NET, Ruby on Rails) and advice teams on secure coding guidelines.


•Bachelor's degree in Computer Science, Engineering or related field.
• 3-4 years of relevant industry experience.
•Prior experience of PCI based security assessments is a plus.
• CEH or other relevant certification is a plus.

Note: Applications have been closed.

Viewed: 2084 times
« Go back to category
Is this job ad fake? Report it!   
Recommend to a friend