Application Security — Solution Delivery AdvisorDeloitte’s Cyber Risk Services help our clients to be secure, vigilant, and resilient in the face of an ever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner. Our services help organizations to address, in a timely manner, pervasive issues, such as identity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise.
Work you will do
As a Consultant in the Managed Services and Operate Business, you are responsible for adhering to the defined operating procedures and guidelines in the API security services, which includes the following:
- Support and consult with development and engineering teams in the areas of API security
- Educates development team on security procedure and standards, and ensures they are followed
- Research and help develop security solutions to help secure applications (API Security, Data Protection, Identity Protection)
- Create Security guidance/documentation for development/engineering teams
- Experience working with AWS or other cloud environments (development/architecture)
- Experience with cloud and API security standards (OWASP API Top 10, CIS Top 20)
- Perform security risk assessments for all proposed application-related (APIs) changes.
The team
Deloitte’s API Security s is a standardized process, to help clients with large development functions, and application dependencies for their day-to-day operations. The process enables the client to address key vulnerabilities and risks associated with their various application environment at different stages of their development lifecycle.
At the core of our Application Security Managed Services Team professional’s monitors, collects and analyses security related issues on application environment (both at code level and infrastructure level), that may potentially become a threat to an organization. This detection of application threats/vulnerabilities is carried out using a unique blend of our application security testing and monitoring tools and intelligence data collected through our vast experience within the Advise and Implement business.
Required:
· 5-7 years of experience in software development in one or more of the following programming languages, .NET, Python, Java/Springboot (REST), JavaScript (Node/React), and/or Go
· Experience with tools like OWASP ZAP, Veracode, Postman, etc.
· 3+ years of experience with API Security (Design patterns, Architecture, B2B/A2A/B2C Integration)
· Experience with API security tools like Noname, Salt, Neosec, etc.
· Experience with API Management solutions like Mulesoft, Apigee, etc.
· Technical and foundational knowledge of software engineering, computer systems, security engineering, authentication, and/or applied cryptography.
· Excellent knowledge of all web technologies, especially web services, web applications, Service Oriented Architectures, and network/web protocols
· Knowledge of application threat modeling, Remediation of OWASP API Top 10, CIS Top 10, SANS Top 25 a plus
· Experience with attacker tactics, techniques, and procedures, and corresponding mitigation methods.
· Sound knowledge of all procedures, standards, and regulations for authorization and authentication, applied cryptography, and security vulnerabilities.
Preferred:
· Bachelor’s in computer science or other technical fields.
· Experience with application monitoring, Managed Services business primarily on DevOps, Threat and Vulnerability Management for Application infrastructure, source code verification, link analysis, and threat modeling.
· Solid and demonstrable comprehension of Information Security including OWASP/SANS, Security Test Case development (or mis-use case), OOAD notations, emerging threats, attacks, and vulnerability management.
· Ability to research and characterize security threats to include identification and classification of application related threat indicators; and
· Certification such as SANS Secure Coding, Security Engineering, Web Application Security, ISC2 CSSLP, OSCP etc. are preferred.
Deloitte’s Cyber Risk Services help our clients to be secure, vigilant, and resilient in the face of an ever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner. Our services help organizations to address, in a timely manner, pervasive issues, such as identity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise.
Work you will do
As a Consultant in the Managed Services and Operate Business, you are responsible for adhering to the defined operating procedures and guidelines in the API security services, which includes the following:
- Support and consult with development and engineering teams in the areas of API security
- Educates development team on security procedure and standards, and ensures they are followed
- Research and help develop security solutions to help secure applications (API Security, Data Protection, Identity Protection)
- Create Security guidance/documentation for development/engineering teams
- Experience working with AWS or other cloud environments (development/architecture)
- Experience with cloud and API security standards (OWASP API Top 10, CIS Top 20)
- Perform security risk assessments for all proposed application-related (APIs) changes.
The team
Deloitte’s API Security s is a standardized process, to help clients with large development functions, and application dependencies for their day-to-day operations. The process enables the client to address key vulnerabilities and risks associated with their various application environment at different stages of their development lifecycle.
At the core of our Application Security Managed Services Team professional’s monitors, collects and analyses security related issues on application environment (both at code level and infrastructure level), that may potentially become a threat to an organization. This detection of application threats/vulnerabilities is carried out using a unique blend of our application security testing and monitoring tools and intelligence data collected through our vast experience within the Advise and Implement business.
Required:
· 5-7 years of experience in software development in one or more of the following programming languages, .NET, Python, Java/Springboot (REST), JavaScript (Node/React), and/or Go
· Experience with tools like OWASP ZAP, Veracode, Postman, etc.
· 3+ years of experience with API Security (Design patterns, Architecture, B2B/A2A/B2C Integration)
· Experience with API security tools like Noname, Salt, Neosec, etc.
· Experience with API Management solutions like Mulesoft, Apigee, etc.
· Technical and foundational knowledge of software engineering, computer systems, security engineering, authentication, and/or applied cryptography.
· Excellent knowledge of all web technologies, especially web services, web applications, Service Oriented Architectures, and network/web protocols
· Knowledge of application threat modeling, Remediation of OWASP API Top 10, CIS Top 10, SANS Top 25 a plus
· Experience with attacker tactics, techniques, and procedures, and corresponding mitigation methods.
· Sound knowledge of all procedures, standards, and regulations for authorization and authentication, applied cryptography, and security vulnerabilities.
Preferred:
· Bachelor’s in computer science or other technical fields.
· Experience with application monitoring, Managed Services business primarily on DevOps, Threat and Vulnerability Management for Application infrastructure, source code verification, link analysis, and threat modeling.
· Solid and demonstrable comprehension of Information Security including OWASP/SANS, Security Test Case development (or mis-use case), OOAD notations, emerging threats, attacks, and vulnerability management.
· Ability to research and characterize security threats to include identification and classification of application related threat indicators; and
· Certification such as SANS Secure Coding, Security Engineering, Web Application Security, ISC2 CSSLP, OSCP etc. are preferred.
Shift Timings:
- Rotational night shifts are a pre-requisite
- The role may require Permanent night shifts basis Client/Project demands