Are you interested in working in a dynamic environment that offers opportunities for professional growth and new responsibilities?Â If so, Deloitte & Touche LLP could be the place for you. Traditional security programs have often been unsuccessful in unifying the need to both secure and support technology innovation required by the business. Join Deloitte's Advisory Cloud Adversarial Simulation (AS) Services team to help drive our clientâs innovations and become a member of the largest group of cybersecurity professionals worldwide.
Work youâll do
As a Sr. Cloud Adversarial Simulation Security Consultant, you will be on the front lines with our clients supporting them with their cloud and Adversarial Simulation security needs. You will work with our Adversarial Simulation team to provide attack-oriented professional services such as (but not limited to): Red/Purple Team Operations, Penetration Testing, Breach and Attack Simulations, Cloud Penetration Testing, Social Engineering, and a variety of ad-hoc custom assessments to address unique information security concerns for clients. In this role you will:
Deliver professional services, including but not limited to Red Team Assessments, Purple Team Assessments, Network Penetration Tests, Wireless Security Assessments, Onsite and Remote Social Engineering, and a variety of custom assessments
Create and write comprehensive assessment reports that are technical and managerial to describe the engagement, scope, risks, and remediation recommendations
Develop marketing materials and participate in marketing activities such as creating research, speaking at conferences, authoring materials and presenting thought leadership
Knowledge of security testing frameworks and standards such as OSSTMM, OWASP, NIST SP 800-115, Lockheed Martinâs Kill Chain, and MITRE ATT&CK
Use automation, orchestration, and scripting to reduce manual processes, improving overall efficiency while also enabling new capabilities to meet the rapidly changing needs of our clients
Mastery of commercial and open source security tools including, but not limited to: Nmap, Nessus, BurpSuite, Cobalt Strike, Metasploit, Wireshark, and Aircrack-ng
Assist with Practice development, including improving existing offerings, creating new offerings, and mentoring team members
Perpetually strengthen relevant skills, knowledge, and abilities to stay at the forefront of the information security industry
Foster client relationships by providing support, information, and guidance
Maintain a strong desire to learn, adapt, and improve along with a rapidly growing company
Perform other duties as assigned
Serve as a subject matter expert on cloud cyber risk for at least one of the leading cloud platforms preferably AWS, Microsoft Azure/ Office 365.
Provide technical security support for cloud-native (e.g., AAD) and third-party security services and resolve service-related issues through research, troubleshooting, and working with cloud service providers and third-party security solution vendors.
Support proof of concept and production deployments of these cloud technologies.
Perform technical health checks for cloud platforms/environments prior to broader deployment and assist clients with configuration of cloud platform scanning tools, and delivery of cloud security and compliance reports.
Design and develop cloud platform-specific security policies, standards, and procedures for management group and account/subscription management and configuration (e.g. Azure Policy, Azure Security Center, AWS Config), identity management and access control, firewall management, auditing and monitoring, security incident and event management, data protection, user and administrator account management, SSO, conditional access controls and password/secrets management.
Troubleshoot problems with cloud infrastructure (e.g., domain name service, virtual network peering, dedicated cloud connectivity services â Azure ExpressRoute, AWS DirectConnect, Google Cloud Dedicated Interconnect) and resources (e.g., virtual machines, virtual networks, cloud databases) in a multi-cloud vendor environment and document technical platform issues, analysis, client communication, and resolution as part of cyber risk mitigation steps.
Assist clients in the selection and tailoring of approaches, methods, and tools to support cloud adoption for secure migration of existing workloads to a cloud vendor. This may cover services such as tenant setup and service configuration focused on cloud cyber risk mitigation, IAM (e.g., PIM/PAM, MFA, SSO, Conditional Access), data protection (e.g., DLP, encryption, PKI), network security (e.g., firewalls, WAF), etc.
Perform cloud orchestration and automation (Continuous Integration and Continuous Delivery (CI/CD)) in single and multi-tenant environments using tools like Terraform, Ansible, Puppet, Chef, Salt etc.
Design, implement, manage, and automate DevSecOps capabilities in cloud offerings using CI/CD toolsets and automation (e.g., Boto3, Lambda, Azure Functions, Google Functions, Python, JSON).
Support and enable junior team members across both technical and management leadership capacities.
Provide internal cloud security technical training to Advisory personnel as needed.
Support the team on proposals, whitepapers, proof of concepts, technical eminence materials and firm initiatives.
At Deloitte, our Cyber Specialists help organizations manage cyber risk and create value through enhanced security, visibility, and privacy into an organizationâs DNAâour program design, implementation, operation, and response services, coupled with our deep industry and mission knowledge, help us protect and defend our clientsâ most valuable assets, facilitate secure digital transformation efforts, and adapt rapidly to emerging threats.Learn More about Advisory's Cyber practice
Internal Number: 12376201
About Deloitte Consulting
At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits.Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture where our people excel and lead healthy, happy lives. Deloitte is led by a purpose: to make an impact that matters. This purpose... defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you’re applying to.