Boston Consulting Group

Global Cybersecurity Associate - Security Operations

Boston Consulting Group · Gurgaon, Haryana, India

Business Consulting and Services · 10,001+ employees

23 h ago
Mid (2-5 yrs) Full-time India
Log in to apply, save this posting, or score it against your profile with AI.

About the role

Perform penetration testing on web, mobile, and AI-integrated applications to identify and remediate vulnerabilities. Manage security assessments, coordinate with external vendors, and develop automation scripts to improve security operations.

What they look for

Penetration Testing Application Security Vulnerability Management Python PowerShell DAST SAST API Security AI Security Network Protocols Burp Suite Kali Linux CI/CD GitHub Actions Cloud Security Identity and Authentication

Requirements

Requires 1-3 years of experience in application and infrastructure penetration testing with proficiency in Python and security tools like Veracode and Acunetix. A bachelor's degree in Computer Science or a related field is required, and security certifications are a plus.

Full description

Who We Are

Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.

To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.

What You'll Do

As part of BCG's Information Security & Risk Management, you will support application security assessments. This includes managing and performing penetration testing of applications across various platforms to identify vulnerabilities and support remediation efforts.

 

Your responsibilities include:

  • Perform penetration testing on:
  • Web applications
  • Mobile applications (iOS & Android)
  • APIs
  • AI-integrated applications, LLM-powered systems, AI agents, and Model Context Protocol (MCP) implementations.
  • Perform penetration testing activities as per BCG’s established process.
  • Analyze and validate vulnerabilities identified through both automated and manual testing, including the identification and elimination of false positives.
  • Report, monitor, and support remediation efforts while coordinating with stakeholders to address and close identified vulnerabilities.
  • Triage and validate security issues reported through the Responsible Disclosure Program.
  • Perform configuration reviews and security assessments of SaaS and COTS products.
  • Maintain penetration testing, vulnerability management, and application compliance trackers.
  • Maintain and update security process documentation, standards, and operational procedures.
  • Develop and maintain automation scripts and processes to improve the efficiency of application security operations.
  • Prepare and deliver periodic vulnerability, risk, and program status reporting to technical and business stakeholders.
  • Manage and maintain GitHub Actions and CI/CD workflows to support application security processes.
  • Develop and execute Python scripts to extract, consolidate, and maintain application security findings within the organization's vulnerability management platform.
  • Coordinate and manage penetration testing engagements performed by external vendors, including scope validation, scheduling, stakeholder communication, report review, remediation tracking, and overall engagement management.
  • Collaborate with application owners, development teams, infrastructure teams, and other stakeholders to gather testing prerequisites, facilitate assessments, and support remediation activities.

What You'll Bring

  • 1-3 years of experience in application & infrastructure penetration testing
  • Approximately 1 year of experience with DAST tools such as Acunetix360/Invicti and SAST tools such as Veracode.
  • Hands-on experience in application security testing, vulnerability management, and remediation workflows.
  • Experience coordinating with internal stakeholders and external security testing vendors is preferred.
  • Familiarity with identity and authentication technologies such as IdPs, SSO, SAML, OAuth 2.0, and OpenID Connect (OIDC).
  • Working knowledge of Windows and Linux OS, Active Directory, and network protocols (TCP/IP, IPv4, IPv6, DNS, HTTP/HTTPS).
  • Proficiency with scripting (Python, PowerShell).
  • Bachelor’s degree (or equivalent) in Computer Science, IT, or a related field
  • Exposure to security testing of AI-integrated applications, LLM-powered systems, AI agents, or MCP implementations is a plus.
  • Exposure to cloud platforms such as AWS, Azure, or GCP is a plus.
  • Industry certifications such as OSCP, eJPT, CEH, or equivalent are a plus.
  • Experience testing Kubernetes environments is a plus.

Additional info

You’re Good At

 

  • Conducting automated and manual penetration test.
  • Managing and troubleshooting automated scanners (DAST).
  • Working with API documentation and tools like Swagger and Postman.
  • Reviewing and analyzing findings from SAST/DAST tools.
  • Understanding security risks associated with AI-integrated applications, LLM-powered systems, AI agents, APIs, and agentic workflows.
  • Creating concise, actionable reports for technical and non-technical audiences.
  • Communicating technical security findings and remediation recommendations to both technical and non-technical stakeholders.
  • Collaborating effectively with cross-functional teams.
  • Writing scripts (Python, PowerShell) for automation and data manipulation.
  • Using security and collaboration tools such as Burp Suite, Jira, Confluence, Kali Linux, and Acunetix360, and related application security and vulnerability management tooling.
  • Familiar with basic Windows and Linux server administration to manage vulnerability scanners.

Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.

BCG is an E - Verify Employer. Click here for more information on E-Verify.