Boston Consulting Group Hiring for IT Security Lead II – Vulnerability Management at London, England Full Time

You will work in the Enterprise Security Service team with BCG’s Information Security & Risk Management organization. Primary activities would be to perform full lifecycle Vulnerability Management of different asset types hosted within BCG data centre and cloud. This will mostly be an individual contribution role but will often need working closely with other colleagues to solve a problem collaboratively.

YOU’RE GOOD AT

You should be good at performing vulnerability management, penetration testing and red team exercise and articulate the findings in an easily comprehensible manner to the asset owners. Hence it is expected to have good collaborative skills as well.

You’ll be responsible for

• Provide expert guidance to the Vulnerability Management team by coordinating with various stakeholders within the IT organization, monitor progress of risk remediation and help the asset owners with subject matter expertise in resolving vulnerabilities
• Vulnerability research and cyber threat intelligence to release security advisory to IT Infrastructure hosting and application development team for remediating risks
• Develop and execute the roadmap of Internal Red Teaming to be implemented within BCG
• Perform assessment of critical and zero-day vulnerabilities as may impact BCG information assets and interact with asset owners to get the vulnerabilities remediated
• Analyze existing vulnerabilities and find out root cause issues to resolve security gaps
• Develop PowerPoint presentation to represent issues and resolutions
• Building and maintaining relationships within relevant internal IT team stakeholders
• Demonstrating experience with common Penetration testing and Red Team tools such as Cobalt Strike, Mimikatz, Kali Linux, and BurpSuite Pro etc
• Developing custom scripts using either of Python, PowerShell, Azure CLI, C, C# etc. to solve various enumeration problem
• Develop and review security policies and standards to solve an administrative problem
• Motive other ISRM staffs and contractor to proactively deal with vulnerabilities
• Train and guide the vulnerability management team members to act appropriately in different situations.

YOU BRING (EXPERIENCE & QUALIFICATIONS)

• 15+ years of experience in performing red team exercise, penetration testing, vulnerability assessment and vulnerability research
• Knowledge of Windows Internals, Linux, Active Directory, Azure Cloud, AWS Cloud and common scripting and programming languages
• Strong technical skills in application security and network security to analyze various vulnerabilities
• Outstanding verbal and written communications skills are a must because of the requirement to represent BCG in communications with clients.
• High level of initiative and self-motivation, resourceful, and patient with an iterative process
• Ability to gain trust and commitment of others at different levels of the organization
• Successful maintenance of certification i.e. OSCP/OSCE, CISSP, CISM, CISA, SANS etc.

YOU’LL WORK WITH

BCG’s Business Services Team (BST) is the operational heart of our business and is invaluable to our success. Within BST, functions support Local offices and Regional jurisdictions. Global and centralized initiatives sit with Global Services (GS), a network of 1000 + professionals in 30 countries though the majority of GS staff sit in ‘hub’ cities eg Boston, New Delhi, London, Munich and Madrid. Global Services (GS) consists of a varied range of functions providing corporate support of BCG’s business and strategic priorities for example, Finance, Legal, HR, Marketing, IT, Risk, Partner Services and more. This diverse team of experts, operators and specialists represent all levels from Partner to entry level Staff, operating across the globe in multiple countries.
Global Services rapid growth and expansion over the last few years has created a need for strong operations management, governance and leadership to better enable Global Services to support BCG’s world class Consulting & Knowledge and Analytics divisions. Global Services is in short the backbone of BCG and our ability grow apace with the other divisions and to continue to attract and develop top talent, directly impacts the entire Group.
• You will work in a fast-paced, intellectually intense, service-oriented environment and to interpret rules and guidelines flexibly to enhance the business and in keeping with BCG’s values and culture.
• Experience working successfully within a complex matrix structured organization is essential.
• It is necessary to have the ability to understand and manage complex reporting relationships and incorporate multiple cultures.