Cyber
Deloitte Cyber understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful insights to help our clients navigate the ever-changing threat landscape. Through powerful insights and managed services that simplify complexity, we enable businesses to operate with resilience, grow with confidence, and proactively manage to secure achievements.
Enterprise Security:
Enterprise Security teams embed security in all aspects of digital transformation by securing a clients technical backbone while also enabling secure digital transformation. Services include security architecture, secure development and deployment, end-to-end cyber cloud capabilities, application security, and security for emerging technologies and connected products. Examples of work include Secure by Design, Cloud Security Orchestration & Automation, Core Infrastructure Security, and Secure Software Enablement.
Work youll do:
As a Senior Consultant in the Security architecture review domain, you are responsible for performing the following activities:
- Conduct comprehensive security architecture reviews for new and existing systems, applications, and infrastructure and assist by providing security overlays for any solution diagrams
- Evaluate solution designs and technical architectures to identify potential security risks and recommend mitigation strategies.
- Collaborate with IT, development, and business teams to integrate security requirements into project designs.
- Develop and maintain security architecture documentation, standards, and guidelines.
- Review and assess third-party/vendor solutions for security risks and compliance.
- Provide expert guidance on secure design patterns and critical security controls such as encryption, authentication, and access control.
- Be an active member of the projects and assist with any security related questions or issues
Qualifications
Must Have Skills/Project Experience/Certifications:
- Knowledge of infrastructure and network security
- Exposure to microservices architecture concepts
- Strong understanding of security frameworks (e.g., NIST 800-53, PCI DSS,, ISO 27001, CIS Controls) and regulatory requirements (e.g., GDPR, HIPAA, PCI DSS)
- Experience with cloud security (AWS, Azure, GCP) and on-premises environments.
- Familiarity with secure software development lifecycle (SDLC) practices.
- Proficiency in risk assessment methodologies.
- Excellent communication and documentation skills.
- Exposure to threat modeling exercise and zero trust architecture principles
- Knowledge of cloud security best practices.
- Exposure to secure by design methodology.
Good to Have Skills/Project Experience/Certifications:
- 5-7 years of experience reviewing application security architectures and threat modeling.
- Experience with TOGAF or SABSA frameworks, preferably holding certifications and understanding of how security can be integrated.
- Certified Cloud Security Architect (Azure, AWS, or GCP)
- Experience with integrating and operating SAST tools to identify code-level vulnerabilities in the development lifecycle.
- Familiarity with DAST tools and methodologies for identifying runtime vulnerabilities in web applications and APIs.
- Proficiency in using SCA tools to detect and manage risks from third-party and open-source components,
- Hands-on experience in embedding security controls and automated testing (SAST, DAST, SCA) into CI/CD pipelines
- Experience with integrating threat modeling tool into CICD pipeline
- Hands on experience on Microsoft Visio, Lucidchart, Microsoft Threat modeling tool etc or any other DFD, architecture drafting tool
Education:
Bachelor's degree or higher in Computer Science, or equivalent experience.