USI - FY26 - Cyber Enterprise Security - DevSecOps - Manager

Job title: DevSecOps - Manager

About

At Deloitte, we do not offer you just a job, but a career in the highly sought-after risk Management field. We are one of the business leaders in the risk market. We work with a vision to make the world more prosperous, trustworthy, and safe. Deloittes clients, primarily based outside of India, are large, complex organizations that constantly evolve and innovate to build better products and services. In the process, they encounter various risks and the work we do to help them address these risks is increasingly important to their successand to the strength of the economy and public security.

By joining us, you will get to work with diverse teams of professionals who design, manage, and implement risk-centric solutions across a variety of domains. In the process, you will gain exposure to the risk-centric challenges faced in todays world by organizations across a range of industry sectors and become subject matter experts in those areas.

Our Risk and Financial Advisory services professionals help organizations effectively navigate business risks and opportunitiesfrom strategic, reputation, and financial risks to operational, cyber, and regulatory risksto gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries. We use cutting-edge technology like AI/ML techniques, analytics, and RPA to solve Deloittes clients most complex issues. Working in Risk and Financial Advisory at Deloitte US-India offices has the power to redefine your ambitions.

 The Team

The cyber risk servicesIdentity & access management (IAM) practice helps organizations in designing, developing, and implementing industry-leading IAM solutions to protect their information and confidential data, as well as help them build their businesses and supporting technologies to be more secure, vigilant, and resilient. The IAM team delivers service to clients through following key areas:

• User provisioning
• Access certification
• Access management and federation
• Entitlements management

Work youll do

Roles & Responsibilities:

As a DevSecOps Manager, your core responsibility will be leading the implementation and ongoing management of DevSecOps practices across client's cloud and on-premises environments, which includes the following:

       Conduct interviews and assessments to understand client requirements, current state and DevSecOps practice maturity.

       Define strategy and take responsibility in driving adoption of security automation, continuous integration/continuous delivery (CI/CD), and compliance within the software development lifecycle of client's environment.

       Understand and be compliant with the Service Level Agreements defined for the DevSecOps services

       Oversee the development and integration of security tools and automation for services such as threat modeling, security architecture reviews, secure development practices, code analysis, vulnerability scanning, API security, configuration management etc.

       Manage and mentor DevSecOps team and client's cross-functional teams, setting goals and tracking performance.

       Report on DevSecOps metrics, security posture, and process improvements to leadership and client stakeholders.

       Stay current with emerging DevSecOps tools, security threats, and regulatory requirements.

       Facilitate use of technology-based tools or methodologies to continuously improve the monitoring, management and reliability of the services provided to client.

Required skills

• 9+ years of experience in application security development, security testing, integrating security tools, deployment and security management phases, with atleast 2+ years of leading the Devsecops projects.
• Strong understanding of security frameworks (e.g., NIST 800-53, PCI DSS,, ISO 27001, CIS Controls) and regulatory requirements (e.g., GDPR, HIPAA, PCI DSS)
• Investigative and analytical problem-solving skills along with excellent communication, project management, and stakeholder engagement skills.
• Experience in collecting, analyzing, and interpreting qualitative and quantitative data from defined application security services related sources (tools, monitoring techniques etc.)
• Understanding of solution designs and technical architectures to identify potential security risks and recommend mitigation strategies. Exposure to threat modeling exercise, zero trust architecture principles and secure by design practice.
• Knowledge and experience of OWASP Top 10, SANS Secure Programming, Security Engineering Principles;
• Hands-on experience in performing secure code reviews and penetration testing
• Hands-on experience in running, installing and managing SAST, DAST , SCA and IAST solutions, such as Checkmarx, Fortify and Contrast in large enterprise
• Understanding of leading vulnerability scoring standards, such as CVSS, and ability to translate vulnerability severity as security risk;
• Strong knowledge of CI/CD tools and hands on experience on at least one CI/CD tool set and building pipelines (including in cloud) using Team city, Bamboo, Jenkins, Chef, Puppet, selenium, AWS and AZURE DevOps;
• Hands on experience on container technology such as Kubernetes, Dockers, AKS, EKS.
• Knowledge of cloud environments and deployment solutions such as server less computing;
• Must have cloud security specialization in Security; and Certification such as EC-Council CEH (Certified Ethical Hacker), DevSecOps Professional (CDP) , ISC2 Certified Cloud Security Professional (CCSP), Certified API Security Professional (CASP) , CTMP (Certified Threat Modeling Professional) etc. are preferred.

Qualification

• Bachelor's degree or higher in Computer Science, IT or equivalent experience.
• Experience in cloud service providers such as AWS, GCP, Azure, Oracle and multi-cloud DevSecOps implementations.
• Background in Agile or Scrum methodologies.
• Solid and demonstrable comprehension of Information Security including OWASP/SANS, Security Test Case development (or mis-use case).
• Understanding of security essentials including; networking concepts, defense strategies, and current security technologies
• Experience with securing IaC templates (e.g., Terraform, CloudFormation) and integrating IaC scanning tools into pipelines to detect misconfigurations and vulnerabilities early in the provisioning process
• Experience in implementing and managing security measures within Kubernetes environments, designing and enforcing advanced security protocols for API infrastructure, managing and optimizing our containerized applications using Docker, automating and managing our infrastructure as code using Terraform, automating IT processes and configurations using Ansible, and identifying and mitigating potential security threats through comprehensive threat modeling practices.
• Familiarity with container security best practices, including image scanning, runtime protection, and orchestration security (e.g., Docker, Kubernetes).
• Experience with secrets management tools (e.g., HashiCorp Vault, AWS Secrets Manager).
• Ability to research and characterize security threats to include identification and classification of application related threat indicators.

Good to have:

Skills in scripting languages (e.g., Groovy for Jenkins, Bash, Python) to customize pipeline steps and automate repetitive tasks.

How youll grow

At Deloitte, weve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunitiesincluding exposure to leaders, sponsors, coaches, and challenging assignmentsto help accelerate their careers along the way. No two people learn in the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our peoples growth and development. Explore DU: The Leadership Center in India.

Deloittes culture

Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. Deloitte is committed to achieving diversity within its workforce, and encourages all qualified applicants to apply, irrespective of gender, age, sexual orientation, disability, culture, religious and ethnic background. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte.

Corporate citizenship

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with Deloittes clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.

About Company

Deloitte is a global professional services firm that provides a wide range of services, including audit and assurance, consulting, tax, risk management, and financial advisory. With a presence in over 150 countries and a network of member firms, Deloitte serves clients across various industries, helping them solve complex business challenges, improve operations, and innovate. Known for its expertise in management consulting, technology solutions, and strategy, Deloitte is one of the Big Four accounting firms and is recognized for its commitment to quality, integrity, and making an impact in the marketplace.