Lead Security Engineer

Huron is redefining what a global consulting organization can be. Advancing new ideas every day to build even stronger clients, individuals and communities. We’re helping our clients find new ways to drive growth, enhance business performance and sustain leadership in the markets they serve. And, we’re developing strategies and implementing solutions that enable the transformative change they need to own their future.

As a member of the Huron corporate team, you’ll help to evolve our business model to stay ahead of market forces, industry trends and client needs. Our accounting, finance, human resources, IT, legal, marketing and facilities management professionals work collaboratively to support Huron’s collective strategies and enable real transformation to produce sustainable business results.

Join our team and create your future.

The Lead security engineer – Senior Associate will play a critical role in strengthening the organization’s security posture through proactive identification, exploitation, and mitigation of security weaknesses across applications, networks, endpoints, and infrastructure. This role focuses on penetration testing, vulnerability assessment and management (using tools like Tenable), application security assessment, and custom security tool development, while also supporting incident investigation and continuous security improvement initiatives.

The individual will work closely with security, infrastructure, and application teams to identify risks, provide actionable remediation guidance, and help define and mature enterprise security best practices.

Requirements:

Application Security Assessments (AppSec)

• Perform application security assessments across web, API, and internal applications using OWASP methodologies (OWASP Top 10, OWASP ASVS, OWASP Testing Guide) and other industry‑accepted frameworks.
• Conduct Dynamic Application Security Testing (DAST) to identify runtime vulnerabilities such as injection flaws, authentication/authorization issues, session management weaknesses, and business logic flaws.
• Perform Static Application Security Testing (SAST) to analyze source code and binaries for insecure coding patterns, vulnerabilities, and compliance with secure coding standards.
• Carry out manual secure code reviews to identify complex vulnerabilities that automated tools may miss, including logic flaws, insecure cryptographic usage, and improper input validation.
• Provide clear, actionable remediation guidance to development teams, including secure coding recommendations and examples.
• Work closely with application owners and developers to retest fixes and confirm successful remediation.

Vulnerability Management

• Conduct vulnerability scanning, monitoring, and reporting across enterprise assets using Tenable and other relevant tools.
• Analyze vulnerability scan results, validate findings, eliminate false positives, and prioritize remediation activities.
• Provide clear mitigation and remediation recommendations to infrastructure, application, and operations teams.
• Proactively follow up on remediation efforts and track vulnerability closure to ensure risk reduction.

Offensive Security & Penetration Testing:

• Assist in designing, developing, and executing penetration testing plans for applications, networks, cloud, and infrastructure environments.
• Perform manual and automated security testing to identify vulnerabilities, misconfigurations, and exploitable weaknesses.
• Develop and maintain custom scripts and security tools to enhance penetration testing, automation, and validation efforts.
• Collaborate with cross‑functional teams to perform security reviews and assessments for applications and network components.

Threat, Malware & Research (Good to Have)

• Perform basic to intermediate threat analysis and malware analysis to understand attacker techniques and behaviors.
• Research emerging threats, vulnerabilities, exploits, and attack techniques relevant to the organization.
• Recommend security enhancements, tools, and process improvements based on threat intelligence and industry trends.

Preference:

• Bachelor’s or master’s degree in computer science or related on field experience is a must.
• Experience using Burp Suite, Owasp ZAP and other application security assessment tools.
• Experience of performing secure code reviews and static reviews using different tools or manually.
• Strong hands‑on experience with vulnerability assessment and penetration testing.
• Experience using Tenable (Nessus/Tenable.sc/Tenable.io) for vulnerability management and other penetration testing tools like nmap, Metasploit etc.
• Solid understanding of network, application, endpoint, and infrastructure security.
• Proficiency in scripting or programming (e.g., Python, Bash, PowerShell, or similar) for custom security tools and automation.
• Good understanding of TCP/IP, DNS, HTTP/HTTPS, authentication mechanisms, and common attack techniques.
• Ability to clearly document findings and communicate risks to both technical and non‑technical stakeholders.
• Proactive mindset with the ability to identify, track, and follow up on security risks.
• Good to have Knowledge or experience in threat intelligence, malware analysis, or reverse engineering

Position Level

Senior Associate

Country

India