Cybersecurity Manager_MPIN

Key Responsibilties

Cybersecurity Manager is required to have the following 02 key responsibilities :

• 1. Project Security Manager

• Support the IT Owner or Product Responsible Office in the implementation of the cybersecurity requirements, as per Cybersecurity related policies and procedures

• Support the creation and maintenance of cybersecurity relevant documentation

• Act as the first point of contact regarding cybersecurity within the team developing or operating the IT System or Bosch Product

• Distribute information regarding Cybersecurity related policies and procedures within the team developing or operating the IT System or Bosch Product

• Support decisions on how to proceed with cybersecurity-relevant changes, vulnerabilities, and cybersecurity incident response

2. Penetration Tester

• Scoping and execution of penetration tests against a variety of technologies including web application, mobile and infrastructure

• Simulate cyber attacks to identify system vulnerabilities

• Develop penetration testing methodologies

• Prepare detailed reports on the findings of penetration tests

• Recommend and implement improvements to security policies

• Keep abreast of the latest penetration testing tools and techniques

• Train staff on security awareness and procedures

• Collaborate with IT staff to improve system security

• Conduct security audits and provide recommendations for improvements

• Identify and report findings to management

• Act as the subject matter expert for the firm on all aspects of Penetration Testing

Required Competencies As Project Security Manager

• Must have a suitable academic background, e.g., Bachelor's in Computer Science

• Must have the necessary communication and networking skills to communicate with the Project Teams, for both internal and external customers

• Deep understanding of the Cybersecurity related policies and procedures

• Any Three (03) of the following Domain-specific competencies :

•  Secure Software Development

 Security Testing

 Communication and Network Security

 Cloud security

 Web Security and Application Security

 Cryptography

 Identity and Access Management

 Security Architectures and Engineering

 Security of Connected Products

 Hardware Security

 Embedded Security

All of the following competencies :

•  Incident Response

 Risk Management

 Vulnerability Management

 Cybersecurity relevant Laws, Regulations, and Standards

 Product Liability

 Project Management Skills

 Knowledge of the Target Domain

 Knowledge of the MPS’s operational procedures along the product or IT System life cycle

 Leadership skills

 Communication and Moderation skills

 Cooperation and Networking skills

 Trainings and Coaching skills

As Penetration Tester

• Networking Fundamentals: Understanding TCP/IP, DNS, HTTP/HTTPS, routing, subnets, NAT, common ports and services is crucial for analyzing attack paths and understanding how data flows through networks

• Operating System Mastery: Proficiency in Linux and Windows is essential for handling various operating systems and their unique vulnerabilities

• Programming & Scripting: Skills in Python for automation and Bash for Linux workflows are valuable for building and managing penetration testing tools

• Web Application Security: Knowledge of OWASP Top 10 vulnerabilities, authentication flaws, session issues, SQL injection, cross-site scripting, and other web application security risks is critical

• Mobile Application Security: Knowledge of OWASP Top 10 vulnerabilities, and latest tools and techniques for Android and i

OS App Penetration Testing:

• Protocol Level Exploitation: Port Scanning, SQL Injection, DNS Spoofing, HTTP/HTTPS/TLS Attacks

• Cloud Security Basics: Understanding cloud security concepts, identity and access management, and storage exposure is important

• Tool Mastery: Familiarity with various penetration testing tools and the ability to perform manual testing and report findings is necessary. Mastery over following tools is mandatory :

•  Burpsuite

 Nessus

 OpenVAS

 Metasploit

 NMAP

• Communication & Report Writing: Effective communication and the ability to write clear and concise reports are essential for conveying findings and recommendations to clients

• Certifications (desirable): Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or CompTIA Security+ Secure