Position Summary

Security Architecture ReviewSolution Delivery Advisor

Deloitte’s Cyber Risk Services help our clients to be secure, vigilant, and resilient in the face of an ever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner. Our services help organizations to address, in a timely manner, pervasive issues, such as identity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise.

Work you will do

As a Solution Delivery Advisor in the hybrid operate business, you are responsible for adhering to the defined operating procedures and guidelines in operating the application security services in the Managed Services model, which includes the following:

·       Deep knowledge of application security engineering principles and helping client’s development team to follow secure development practices which includes primarily monitoring and performing the security design review, architecture review, threat modeling.

·       Review and assess the security architecture and design of software applications, infrastructure, and network systems.

·       Lead and conduct in-depth reviews of application security architectures, with a focus on cloud-based environments (e.g., AWS, Azure, Google Cloud).

·       Identify weaknesses, flaws, and vulnerabilities in the security architecture, considering industry best practices and regulatory requirements.

·       Assess the design of cloud services and resources, identifying potential security vulnerabilities and risks.

·       Ensure that security controls, encryption methods, and authentication mechanisms are appropriately integrated into the architecture.

·       Provide recommendations and guidelines for enhancing the security of the architecture, such as recommending secure design patterns and access control mechanisms.

·       Understand application architecture controls & design based on security standards and regulations such as NIST, PCI-DSS, ISO etc.

·       Well versed with the application deployment and configuration baselines and understanding of how the application environment operates in a secure environment and how exceptions are handled during operations.

·       Understand security architecture concepts including topology, protocols, components, and principles to perform threat modeling.

·       Facilitate use of technology-based tools or methodologies to continuously improve the monitoring, management, and reliability of the service.

·       Be a liaison between the Application development and infrastructure team and integrate the processes between infrastructure monitoring and operations processes with the secure development/testing and management processes.

·       Identifying, researching, and analyzing application security events which may include emerging and existing persistent threats to the client's environment; and

·       Conduct comprehensive threat modeling exercises to identify potential security vulnerabilities and risks within software applications, systems, and networks.

·       Collaborate with development teams, architects, and other stakeholders to understand the design and functionality of systems, enabling you to assess potential threats accurately.

·       Create threat models and diagrams to document identified security threats and their possible impact on the organization.

·       Analyze and prioritize threats based on their potential impact and likelihood, providing actionable recommendations for mitigation.

·       Prepare detailed reports and documentation summarizing the results of application security architecture reviews for cloud-based systems.

·       Communicate findings and recommendations clearly to technical and non-technical stakeholders.

·       Create and maintain security guidelines, policies, and procedures for cloud application security.

The team

Deloitte’s Application Security Managed Services is a standardized process, to help clients with large development functions, and application dependencies for their day-to-day operations. The process enables the client to address key vulnerabilities and risks and with their various application environment at different stages of their development lifecycle.

At the core of our Application Security Managed Services Team professionals’ monitors, collects and analyses security related issues on application environment (both at code level and infrastructure level), that may potentially become a threat to an organization. This detection of application threats/vulnerabilities is carried out using a unique blend of our application security testing and monitoring tools and intelligence data collected through our vast experience within the Advice and Implement business.

Required:

·       Approx 3-5 years’ experience in application security testing, deployment, and security management phases

·       A strong foundation in security principles and concepts, including confidentiality, integrity, availability, authentication, authorization, encryption, and secure coding practices.

·       Proficiency in threat modeling methodologies and tools to identify and assess potential security threats and vulnerabilities in software and systems.

·       Deep interest in application specific vulnerabilities, infrastructure knowledge.

·       Experience in collecting, analyzing, and interpreting qualitative and quantitative data from defined application security services related sources (tools, monitoring techniques etc.)

·       In-depth knowledge of security architecture design and best practices, including secure design patterns, access control, and data protection

·       Knowledge of cloud security frameworks (e.g., AWS Well-Architected Framework, Azure Security Benchmark) to assess and improve security measures.

·        Familiarity with security standards and frameworks, such as OWASP Top Ten, NIST Cybersecurity Framework, ISO 27001, and CIS Controls.

·       Ability to conduct risk assessments to evaluate the potential impact and likelihood of security risks and provide risk mitigation strategies.

·        Familiarity with security testing tools like vulnerability scanners, penetration testing tools, and code analysis tools.

·       Understanding of network and system architecture, protocols, and configurations to assess security at the infrastructure level.

·       Understanding of industry-specific regulations, compliance requirements, and security challenges relevant to the organization's sector (e.g., healthcare, finance, or government).

·       Awareness of the current threat landscape, emerging security threats, and attack vectors.

·        Familiarity with software development methodologies (e.g., Agile, DevOps) to integrate security into the development process.

·       Experience with performing application threat modeling using tools and manual techniques

·       Understanding of leading vulnerability scoring standards, such as CVSS, and ability to translate vulnerability severity as security risk.

·       Knowledge of cloud environments and deployment solutions such as server less computing.

·       Possession of excellent oral and written communication skill.

Preferred:

·       Bachelor’s in computer science or other technical fields;

·       Experience in conducting security Architecture reviews and thread modeling on cloud and onprem solutions.

·       Understanding of security essentials including networking concepts, defense strategies, and current security technologies

·       Ability to research and characterize security threats to include identification and classification of application related threat indicators;

·       Must have cloud security specialization in Security any relevant certifications, such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or Certified Information Systems Auditor (CISA), are a plus

Shift Timings:

  • Rotational night shifts are a pre-requisite
  • The role may require Permanent night shifts basis Client/Project demands
Recruiting tips

From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.
Benefits

At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.
Our people and culture

Our diverse, equitable, and inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our client most complex challenges. This makes Deloitte one of the most rewarding places to work. Learn more about our inclusive culture.
Our purpose

Deloitte’s purpose is to make an impact that matters for our clients, our people, and in our communities. We are creating trust and confidence in a more equitable society. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. We are focusing our collective efforts to advance sustainability, equity, and trust that come to life through our core commitments. Learn more about Deloitte's purpose, commitments, and impact.
Professional development

From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.

Requisition code: 182358