USI - FY26 - Cyber Enterprise Security - Architecture Review - LSA

Cyber

Deloitte Cyber understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful insights to help our clients navigate the ever-changing threat landscape. Through powerful insights and managed services that simplify complexity, we enable businesses to operate with resilience, grow with confidence, and proactively manage to secure achievements.

Enterprise Security: 

Enterprise Security teams embed security in all aspects of digital transformation by securing a clients technical backbone while also enabling secure digital transformation. Services include security architecture, secure development and deployment, end-to-end cyber cloud capabilities, application security, and security for emerging technologies and connected products. Examples of work include Secure by Design, Cloud Security Orchestration & Automation, Core Infrastructure Security, and Secure Software Enablement.  

Work youll do: 

As a Senior Consultant in the Security architecture review domain, you are responsible for performing the following activities:

• Conduct comprehensive security architecture reviews for new and existing systems, applications, and infrastructure and assist by providing security overlays for any solution diagrams
• Evaluate solution designs and technical architectures to identify potential security risks and recommend mitigation strategies.
• Collaborate with IT, development, and business teams to integrate security requirements into project designs.
• Develop and maintain security architecture documentation, standards, and guidelines.
• Review and assess third-party/vendor solutions for security risks and compliance.
• Provide expert guidance on secure design patterns and critical security controls such as encryption, authentication, and access control.
• Be an active member of the projects and assist with any security related questions or issues

Qualifications  

Must Have Skills/Project Experience/Certifications: 

• Knowledge of infrastructure and network security
• Exposure to microservices architecture concepts
• Strong understanding of security frameworks (e.g., NIST 800-53, PCI DSS,, ISO 27001, CIS Controls) and regulatory requirements (e.g., GDPR, HIPAA, PCI DSS)
• Experience with cloud security (AWS, Azure, GCP) and on-premises environments.
• Familiarity with secure software development lifecycle (SDLC) practices.
• Proficiency in risk assessment methodologies.
• Excellent communication and documentation skills.
• Exposure to threat modeling exercise and zero trust architecture principles
• Knowledge of cloud security best practices.
• Exposure to secure by design methodology.

Good to Have Skills/Project Experience/Certifications: 

• 5-7 years of experience reviewing application security architectures and threat modeling.
• Experience with TOGAF or SABSA frameworks, preferably holding certifications and understanding of how security can be integrated.
• Certified Cloud Security Architect (Azure, AWS, or GCP)

• Experience with integrating and operating SAST tools to identify code-level vulnerabilities in the development lifecycle.
• Familiarity with DAST tools and methodologies for identifying runtime vulnerabilities in web applications and APIs.
• Proficiency in using SCA tools to detect and manage risks from third-party and open-source components,
• Hands-on experience in embedding security controls and automated testing (SAST, DAST, SCA) into CI/CD pipelines
• Experience with integrating threat modeling tool into CICD pipeline
• Hands on experience on Microsoft Visio, Lucidchart, Microsoft Threat modeling tool etc or any other DFD, architecture drafting tool

Education: 

Bachelor's degree or higher in Computer Science, or equivalent experience.