Grant Thornton (US)
GTIL - Application Security Engineer (Sr. Associate)
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Grant Thornton (US)
Grant Thornton LLP (US) is a prominent professional services firm that specializes in accounting, tax, and business advisory services, primarily aimed at mid-sized companies. Founded in 1924 in Chicago, the firm has evolved into a significant player in the global professional services market. The company provides a wide range of services, including audit and assurance, tax consulting, advisory, and management consulting. Its offerings are tailored to meet the needs of mid-market clients, with a focus on industry-specific consulting and business transformation. Grant Thornton serves a diverse customer base, including privately held businesses, public companies, and nonprofit organizations. As part of Grant Thornton International, the firm benefits from a global network, allowing it to support clients with international operations while delivering personalized service.
Security at Grant Thornton (US)
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
- Grant Thornton (US) emphasizes securing the Software Development Life Cycle (SDLC) and integrating security and testing into the CI/CD pipeline.
- Their philosophy includes refining and maintaining security training for engineering teams, suggesting a focus on developer enablement.
- They are ISO/IEC 27001:2022 certified, indicating a commitment to established security standards.
- The company also believes that embedding cybersecurity, resilience, and compliance enhances agility and innovation.
- They formally track and resolve all critical, high, and medium security findings.
Security Team
Key Public-Facing Leader: Partho Ghatak, Managing Director, Chief Information Security Officer. He "steers Grant Thornton's information security needs". Org Structure & Reporting Line: A job posting indicates that an Application Security Engineer reports to an Application Security Manager, suggesting a structured AppSec team. However, the overall organizational structure (centralized vs. embedded) and the reporting line of the AppSec team within the broader organization are not explicitly stated beyond the CISO's role. Team Size Estimate: Information not publicly available. Active AppSec Job Postings: At least one active AppSec job posting was found. Common Skill/Tool Patterns: The job posting for an Application Security Engineer mentions "Securing the Software Development Life Cycle", "Combination of static and dynamic application security testing (SAST/DAST)", "SCA to track all open-source components in the developer's code base.", "Maintain security issue tracking and reporting using Azure DevOps (ADO)", and "CICD code analysis (SAST/DAST) ideally using Veracode".
Key Initiatives
Security Champions Program: Information not publicly available. "Shift Left"in Practice: Grant Thornton aims to "implement technologies to integrate security and testing into the CI/CD pipeline"and perform "CICD code analysis (SAST/DAST)". They also "refine and maintain security training programs for your engineering teams". Vulnerability Management Process: "All critical, high, and medium findings are validated and formally tracked through resolution."They use "security issue tracking and reporting using Azure DevOps (ADO)". Secure SDLC Artifacts: "Securing the Software Development Life Cycle"is a key responsibility. They conduct "Application Security Testing (DAST & SAST)"and use "SCA to track all open-source components in the developer's code base."Recent Initiatives: A LinkedIn post mentions "introduced 4 AI agents that help security and vulnerability management teams".
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.