Job Description

:
Grant Thornton's Cybersecurity & Privacy Advisory practice provides risk management consulting and advisory services to the clients. Cybersecurity & Privacy Advisory practice offers an excellent opportunity to leverage your information security consulting knowledge and experience to broaden your business and project management skills in a rewarding and challenging environment. Cyber Risk team is responsible for delivering a full range of services to clients and all phases of project and engagement management for multiple clients. Responsibilities include engagement planning, directing, and completion of Security Framework assessment, Vulnerability Testing, Application Security Testing, GRC Management using tools like ServiceNow, RSA Archer, Third Party Risk Assessment, and Information Security architectural design, Privacy regulations such as GDPR, CCPA; developing and supervising other Grant Thornton engagement staff; assisting in assigned client management and practice development activities.
Responsibilities
Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) across web, mobile, and API applications.
Identify, validate, and document security vulnerabilities, misconfigurations, and weaknesses in applications.
Strong knowledge of Industry standard application security tools (e.g., Burp Suite, Nmap, Zap proxy)
Collaborate with development and DevOps teams to provide remediation guidance and verify fixes.
Integrate security testing into CI/CD pipelines and DevSecOps workflows to ensure secure SDLC practices.
Conduct API security testing and ensure compliance with industry standards (OWASP Top 10, ASVS, NIST).
Prepare detailed security assessment reports and communicate findings to stakeholders.
Required Technical Skills
Hands-on experience with SAST and DAST tools (e.g., Veracode, Fortify, AppScan, Burp Suite).
Strong knowledge of API security testing methodologies and tools.
Understanding of secure coding practices, SDLC, and threat modeling.
Ability to analyze source code and debug applications for security flaws.
Familiarity with DevSecOps practices and integrating security controls into CI/CD pipelines.
Knowledge of vulnerability management and common security standards (OWASP, NIST).
About Company:
'Grant Thornton INDUS' comprises GT U.S. Shared Services Center India Pvt Ltd and Grant Thornton U.S. Knowledge and Capability Center India Pvt Ltd. Grant Thornton INDUS is the shared services center supporting the operations of Grant Thornton LLP, the U.S. member firm of Grant Thornton International Ltd. Established in 2012, Grant Thornton INDUS employs professionals across a wide range of disciplines including Tax, Audit, Advisory, and other operational functions. What sets us apart isn't just what we do - it's how we do it. We support and enable the firm's purpose of making business more personal and building trust into every result. We're collaborators - obsessed with quality and ready for anything - who understand the value of strong relationships. Our professionals are well integrated to seamlessly support the U.S. engagement teams, help increase Grant Thornton's access to a wide talent pool, and improve operational efficiencies. Empowered people, bold leadership, and distinctive client service are imbibed in the culture at Grant Thornton INDUS. We are a transparent, competitive, and excellence-driven firm that offers an opportunity to be part of something significant. In addition, professionals at Grant Thornton INDUS serve communities in India through inspirational and generous services to give back to the communities they work in. Grant Thornton INDUS has its offices in two locations in India - Bengaluru and Kolkata

Skills Required