Job Description: Cyber Risk Application Security Consultant

Are you interested in improving the cyber and organizational risk profiles of leading companies? Do you want to be involved in delivering Attack Surface Management (ASM) Services including identifying potentially vulnerable IT assets or weak security configurations within their networks in real time? Are you excited about rapidly changing operational environments, learning what you need to get the job done, and producing accurate and timely results?

If yes, then Deloittes Attack Surface Management (ASM) team could be the place for you! Transparency, innovation, collaboration, sustainability: these are the hallmark issues shaping cyber initiatives today. Deloittes ASM business is passionate about making an impact with lasting change. Delivering our industry leading services requires fresh thinking and a creative approach. We collaborate with teams from across our organization to bring the full breadth of Deloitte, its commercial and public sector expertise, to best support our clients. Our aspiration is to be the premier integrated services provider in helping to transform the cyber security services marketplace.

Our team is client focused and mission driven. As a Cyber Risk Attack Surface Senior Consultant in Deloitte's Attack Surface Management (ASM) Services, youll work with our diverse teams of passionate professionals to help solve for some of todays toughest cybersecurity challenges to enable or clients to achieve business growth and manage risk.

Work youll do

As an Attack Surface Management Consultant, you will assist our clients with discovering vulnerabilities and rogue assets (such as shadow IT) in their networks as part of a team of engineers and analysts around the world who specialize in the tactics, tools and procedures used by cyber criminals.

       Conduct vulnerability assessments and manual penetration testing for Web, API, Thick Client and mobile applications.

       Perform Secure code review and false positive analysis for vulnerabilities reported by industry standard tools.

       Respond to requests for ad-hoc reporting and research topics from management and analysts as required

       Develop and implement application security policies and procedures.

       Identify and prioritizes security vulnerabilities.

       Coordinate with the application development teams and operations teams to assist with the remediations plans and securing the applications

       Quickly understand and deliver on company and client requirements

       Aid in and participate in daily, weekly, quarterly, and yearly reporting for clients, partners, and internal teams

       Adhere to internal operational security and other Deloitte policies

Qualifications Required:

       Bachelor's degree or higher in Computer Science, or equivalent experience.

       3-5 years of hands-on experience in application security, vulnerability assessment, penetration testing, mobile application security, Thick Client and Web API security assessments.

       Strong understanding of OWASP Top 10 vulnerabilities but not limited to.

       Strong experience in manual assessment and exploitation of vulnerabilities such as Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling etc.

       Strong understanding of OAUTHv2/OpenID standards and associated vulnerabilities.

       Strong understanding of business logic vulnerabilities.

       Experience in Secure Code Review in-line with OWASP Secure Coding Practices.

       Proficiency in industry standard tools such as Burp Suite, Fiddler, Sysinternals suite, Veracode, DnSpy, Olly debugger, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida etc.

       Ability to perform manual penetration testing and security assessments using automated tools.

       Excellent technical report writing skillset.

       Knowledge of web application components like frontend, backend, databases and application servers.

       Understanding in web development technologies like HTML, CSS, JavaScript, PHP, JAVA, .Net and backend databases.

       Experience with reviewing application security architectures and threat modelling. 

       Understand on the basic concepts of reverse engineering, memory analysis etc.

       Understanding of basic networking protocols such as TCP/IP, DNS, HTTP/s

       Understanding of vulnerability classification using National Vulnerability Database nomenclature such as CVE/CVSS

       Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professionals (OSCP), Offensive Security Web Expert (OSWE), Burp Suite Certified Practitioner (BSCP), Web Application Penetration Tester (GWAPT).

Preferred:

       Proficiency in Web and Mobile application security assessments, penetration testing and secure code review.

       Relevant publications such as blogs, tools, conference presentations and CVEs are preferred.

       Offensive Security Web Expert (OSWE) and Burp Suite Certified Practitioner (BSCP) certifications are preferred.

       Experience with automation and scripting (Python) are preferred.      

       Outstanding English written and oral communication skills and the ability to prioritize work

       Strong understanding of web, mobile and microservices vulnerabilities.

       Working knowledge of how malicious code operates and how technical vulnerabilities are exploited.

       Strong analytical and problem-solving skills.

       Self-motivated to upskill and learn new attack vectors.

       A strong desire to understand the what as well as the why and the how of security vulnerabilities.

The team

Deloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth, innovation, and performance agendas through proactive management of the associated cyber risks. Our professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient.^TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisorys Cyber Risk Services practice.

How youll grow

At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to

senior leaders, we believe theres always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. Explore Deloitte University, The Leadership Center.

About Company

Deloitte is a global professional services firm that provides a wide range of services, including audit and assurance, consulting, tax, risk management, and financial advisory. With a presence in over 150 countries and a network of member firms, Deloitte serves clients across various industries, helping them solve complex business challenges, improve operations, and innovate. Known for its expertise in management consulting, technology solutions, and strategy, Deloitte is one of the Big Four accounting firms and is recognized for its commitment to quality, integrity, and making an impact in the marketplace.