Join Deloitte Cyber to help organizations identify, assess, and reduce exposure across their attack surface. As a Senior Consultant, you will support vulnerability management and attack surface management activities by analyzing findings, improving coverage across environments, and helping drive remediation outcomes. You will work with global teams, security tools, and threat intelligence sources to produce actionable reporting and strengthen cyber situational awareness.
Work you'll do
As a Senior Consultant on the Cyber Defense & Resilience team, you will be responsible for:
- Configure and execute internal and external vulnerability scans to identify vulnerabilities and rogue assets across client environments
- Analyze, enrich, and prioritize findings to support remediation activities, including patch deployment, configuration hardening, and risk treatment decisions
- Maintain vulnerability management coverage by validating tool configuration, integrations, and reporting accuracy across asset inventories and assessment platforms
- Produce recurring and ad hoc reporting by correlating vulnerability data, threat feeds, asset information, and reporting frameworks for stakeholders
- Identify asset data gaps, support service-level performance, and coordinate with leadership and remediation partners to improve program execution
The team
Cyber Defense & Resilience teams assist clients in identifying, prioritizing, and remediating vulnerabilities across their digital ecosystem through robust Attack Surface Management (ASM). By continuously monitoring client environments—networks, applications, cloud assets, and endpoints—they proactively uncover potential exposure points before threat actors can exploit them. Attack Surface Management (ASM) is a foundational capability within the Cyber Defense & Resilience portfolio, enabling proactive identification and mitigation of security vulnerabilities across an organization’s digital landscape.
Location: Bengaluru/Hyderabad/Pune/Chennai
Shift Timings: General
Qualifications
Required:
- 6-10 years of experience in vulnerability management, information security, or technical cybersecurity roles
- Bachelor’s degree in Computer Science or equivalent experience
- Certified Information Systems Security Professional (CISSP), GIAC Certified Intrusion Analyst (GCIA), or GIAC Continuous Monitoring Certification (GMON)
- Experience conducting vulnerability scans across internal and external networks
- Experience with Qualys, Tenable, Rapid7, SafeBreach, BloodHound, XM Cyber, Wiz, or Splunk
- Experience with networking protocols, including Transmission Control Protocol/Internet Protocol (TCP/IP), Domain Name System (DNS), and Hypertext Transfer Protocol (HTTP)
- Experience with Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS), threat modeling, and attack path analysis
Preferred:
- Experience developing vulnerability management policies, standards, and procedures
- Experience translating technical findings into remediation recommendations for stakeholders
- Experience with asset inventory, provisioning, or deprovisioning lifecycle processes
- Experience with cyber threat analysis, malicious code analysis, or enterprise mitigation strategies
- Experience with Confluence, Jira, or Configuration Management Databases (CMDBs) such as ServiceNow
- Experience with databases, query design, or data analysis
#Cyber_Defense & Resilience