Global Security Application Analyst
Deloitte Global Job title:
Global Security Application Analyst
Are you energized by helping organizations protect their data and build client trust? Do you want to work in one of the world's largest holistic internal cybersecurity organizations? If you're interested in proactively preventing, detecting, and responding to cyber attacks across a complex global footprint, then Deloitte Global could be the perfect place for you. We're looking for an analytical thinker passionate about cybersecurity to join our team. Work you'll do:
The Global Security Application Analyst
is a part of the Cybersecurity Architecture and Engineering team and reports to the DevSecOps Security Transformation Leader.
This role focuses on partnering with the GTS Product Development & Solution Engineering teams' leaders to create, implement and apply DevSecOps principles, processes and culture.
They are also to provide subject matter expertise on DevSecOps, leading our engineering teams in building secure software and implementing security controls and tests in an Agile development environment.
On the software side, the candidate is expected to advocate to the engineering teams advanced Cybersecurity, DevSecOps, and Agile engineering procedures such as secure coding practices, code reviews, quality engineering practices (i.e., unit, full-build, and security testing) and advanced requirement capturing techniques for improving end-to-end secure delivery practices.
On the infrastructure side, the candidate will work to harden cloud infrastructure from attacks by implementing automated and integrated release cycles incorporated within the Agile Security Software Development Lifecycle's (SSDL) tools and processes.
The candidate will strive to bring excellence and simplicity in DevSecOps design, adoption and implementation, acting as trusted cybersecurity advisor to the engineering teams across GTS and member firms.
As part of the global Cybersecurity team, this professional: Strategic
• Be responsible for day-to-day collaboration with the engineering teams to ensure successful implementation of secure coding practices and consistent automation and integration of the DevSecOps processes across Deloitte.
• Supports and maintains the Secure Systems Development Lifecycle (SSDLC), including functional and non-functional cybersecurity requirements for all new applications
Works with the Cybersecurity Strategy and Governance group, to implement setup and updates in the cybersecurity assessment process
Works with global business functions (e.g. Tax, Audit, Consulting, Advisory) and Global Digital Application Studios (GDAS) to automate and integrate application and system cybersecurity assessments into their processes to ensure consistent implementation of security controls.
Understands the impact these security controls have on the respective organizations and their ability to effectively deliver client services
Performs in-depth vulnerability management analysis and remediation prioritization for Global Digital Application Studios
Working with the Cybersecurity Architecture team, learns and applies reference architectures for security solutions design and implementation
Assists with the design and implementation of new technical cybersecurity shared services
Working with the Cyber Defense group and the Security Operations Center, evaluates the effectiveness of the security controls and architectures in relationship to actual intrusions seen on the Deloitte network, reported threats at peer organizations and overall cybersecurity threats in the internet ecosystem. Operational
• Collaborates with the development studios to apply the best practices of secure engineering/ development/ coding to include, but not limited to cloud technology, internet servers, application whitelisting, virtualized containers and orchestration, web-enabled database applications and databases, network security, security engineering, data integrity, intrusion detection, firewall management, forensic and legal information security, virtual private networks, public key/infrastructure/digital signatures, encryption, network security architecture and DNS Policy.
• Champions the Security Software Development Lifecycle (SSDLC) by discovering and raising security concerns in the existing development workflow and help development team to build security awareness and thinking into every stage of the software development process. Recognize security implications in the software/code acceptance phase, including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.
• Participates in daily scrums of the agile software development teams he/she is supporting to address cybersecurity requirements.
• Coordinates with teams across the enterprise on the migration of existing IT services to the cloud and identifies security technical requirements, potential problems and issues
• Supports SOC and thread intelligence capabilities by customizing tools and automating processes for SOC and IR analysts.
• Applies coding and testing standards, security testing tools (including 'fuzzing' static-analysis code scanning tools), Identify common coding flaws, threat modelling, and conducts code reviews
• Participates in application, network, and system design to ensure implementation of appropriate systems security policies, designs and implement systems security and data assurance What you'll be part of-our Deloitte Global culture:
At Deloitte, we expect results. Incredible-tangible-results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and lead global strategies and provide programs and services that unite our network.
In Deloitte Global, everyone has an opportunity to lead. We see the importance of your perspective and your ability to create value. We want you to fit in-with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out-with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.
Deloitte Global supports our talented professionals in answering the question: What impact will you make? Who you'll work with:
The Deloitte Global Cybersecurity function is responsible for enhancing data protection, standardizing and securing critical infrastructure, and gaining cyber visibility through security operations centers. The Cybersecurity organization delivers a comprehensive set of security services to Deloitte's global network of firms around the globe. Relationship Management
Holds a strong working relationship with the GDAS development studios and supports their automation and integration efforts in evolving DevOps to DevSecOps
• Works closely with the Shared Security Service Owners to ensure new IT solutions and major changes receive appropriate implementation, optimization, and testing prior to deployment into production
• Works with the Global Business Services and Member Firm Services organizations to ensure new products and services follow the best practices for secure engineering and supports the automation and integration of such in the development CI/CD pipelines
#GLBCyber To be considered for this role, there are certain qualifications you'll have to have. And others that would be really, really nice. Required: Skills/abilities
• Previous professional experience with performing integrated quality assurance testing for security functionality and resiliency to attacks.
Previous professional experience with secure programming and identifying potential flaws in codes to mitigate vulnerabilities.
Good understanding of common security practices (e.g., penetration testing) and how they impact the implementation of DevSecOps automation.
Ability to translate traditional SDLC approach (plan, code, build, test, release, deploy and monitor) to the phases of agile development when writing software to automate security related tasks.
Advanced technical skills and experiences with Cloud Service (AWS, Azure, Google), continuous delivery systems and enhancing security processes and operations through automation.
Hands-on experience with containerization, orchestration, and advanced techniques in Cloud infrastructure management (e.g., Infrastructure as Code, immutable infrastructure, Configuration as Code, etc.)
Advanced knowledge of Source Code Management concepts (code lines, branching, merging, integration, versioning, etc.)
Advanced working knowledge of the following: Encryption algorithms, secure communications, network and data communication protocols.
Excellent problem solving, analytical skills and technical troubleshooting skills
Ability to collaborate with customers/stakeholders, developers, testers, project managers, support staff
Extensive experience acquiring in-depth understanding of large complex software systems to isolate defects, reproduce defects, assess risk, and understand varied customer deployment
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels
• Good knowledge of key cybersecurity technologies such as application security design principles, authentication and authorization models, secure coding, application and penetration testing, encryption, vulnerability management, and security information and event management (SIEM)
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework
• Ability to travel as needed (no more than 15%) Education and experience:
Bachelor's degree in Computer Science, Computer Engineering, technology-related field, or equivalent work experience Preferred:
Master's degree preferred
Pro fessional security management certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) are strongly desirable, but not required
Relevant technical certification preferred (CISSP-ISSEP, CEH, CCNP Security, GSEC)
Relevant Dev and DevOps Certifications (e.g., AWS, DevOps Certs, RHCE, Docker, Kubernetes How you'll grow:
Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible. Benefits you'll receive:
Deloitte's Total Rewards program reflects our continued commitment to lead from the front in everything we do - that's why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status, or any other legally protected basis, in accordance with applicable law. Disclaimer:
Nothing in this job description/posting shall constitute an offer or promise of employment. If you are not reviewing this job posting on our Careers' site (jobs2.deloitte.com) or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at jobs2.deloitte.com
Requisition code: D51185