Red Team — Consultant 2 - Solution Delivery Advisor

Deloitte’s Cyber Risk Services help our clients to be secure, vigilant, and resilient in the face of an ever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner. Our services help organizations to address, in a timely manner, pervasive issues, such as identity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise.

Deloitte’s Cyber Risk Services have been recognized as a leader by a number of independent analyst firms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license.

Work you will do

• Works on projects with clearly defined guidelines as team member with responsibility for project delivery

• Works on the projects with clearly defined guidelines such as standard operating procedures

• Adhers to Service Level Agreements

• Works under general supervision with few direct instructions

• Performs development and customization work on larger security and data protection technology implementation projects

• Understands basic business and information technology management processes.

• Demonstrates knowledge of firm apposes methodologies, frameworks and tools (required)

• Participate in practice development initiatives

The Team

Deloitte’s Red Team is a standardized process, to help clients combat today’s growing array of system threats. We help organizations assess their infrastructure, networks and application environments to identify vulnerabilities and control weaknesses. We develop and deploy the technical and architectural improvements necessary to reduce attack exposure

Our Application and Vulnerability Management services help organizations identify the technical and architectural improvements needed to minimize exposure to attacks. With our customized methodology, we assess the many aspects of risk to support identification of both internal and external facing threats.

Required: -

Core Skills:

- Strong communication skills (written & verbal)

- Understanding of basic business and information technology management processes

- Knowledge and understanding of Dev-Sec-Ops Vulnerability Management, Threat Management, Penetration testing, Mobile Testing, Red Teaming, Phishing.

- Experience with tools related to the domains mentioned above

- Experienced in one or more of the above areas (as the career progresses)

- Deep knowledge of commonly used protocols such as TCP/IP, DNS

- Understanfing of ITIL and ITSM

- Understaing of SANS TOP 25 Additional Skills

- Familiarity with industry standards and frameworks such as OWASP, CIS, NIST ISO/IEC 17799, etc.

-Assist clients with discovering vulnerabilities and rogue assets (such as shadow IT) in their networks as part of a team of engineers and analysts around the world who specialize in the tactics, tools and procedures used by cyber criminals.

- Configure and execute vulnerability scans enumerating vulnerabilities within the internal and external network.

- Analyze, enrich and prioritize specific activities designed to remediate discovered vulnerabilities such as patch deployment or configuration hardening.

- Assist in producing a comprehensive operating picture and cyber security situational awareness.

- Work with various vulnerability threat feeds (such as vendor bulletins), assessment tools, asset inventory tools as well as reporting tools and frameworks to match assets to identified vulnerabilities and produce reports.

- Respond to requests for ad-hoc reporting and research topics from management and analysts as required. 

- Identify gaps in available asset information and engage with leadership on strategies to meet service-level requirements through affirmative handoff with remediation partners.

- Quickly understand and deliver on company and customer requirements Aid in and participate in daily, weekly, quarterly, and yearly production reporting for clients, partners, and internal teams Adhere to internal operational security and other

- Understanding of common network infrastructure devices such as routers and switches Understanding of basic networking protocols such as TCP/IP, DNS, HTTP Understanding of vulnerability classification using National Vulnerability Database nomenclature such as CVE/CVSS Basic knowledge in system security architecture and security solutions

- Mandatory Certification - CEH, Security+

- Preffered Certification: OSCP, OSWP, CRTO, CREST Certified Certified Web Application Tester, OSCE, CREST Certified Simulated Attack Specialist, CREST Certified Certified Simulated Attack Specialist), AWS Security Speciaist, CKE, Certified Information Systems Security Professional (CISSP), Certification in Certified Intrusion Analyst (GIAC), Continuous Monitoring (GMON), Certified Ethical Hacker (CEH) or equivalent Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc.

Preferred:

·       B. E / B.Tech (Tier 2 or 3)/ M.S in any engineering discipline; 3-5 years of cyber risk services experience.

·       Proven ability to emulate sophisticated adversary tactics, techniques, and procedures (TTPs) to identify and exploit weaknesses in organizational defenses. Familiarity with red teaming methodologies, offensive security tools, and frameworks such as MITRE ATT&CK. Experience with tools like Cobalt Strike, Metasploit, and Empire for command and control, exploitation, and lateral movement within environments. Proficiency in scripting languages like Python, PowerShell, or Bash for automation and custom tool creation. Knowledge of evasion techniques to bypass antivirus (AV), endpoint detection and response (EDR), and network monitoring tools.

·       Strong understanding of privilege escalation, lateral movement, and persistence mechanisms in both Windows and Linux environments.

·       Hands-on experience conducting phishing campaigns, social engineering attacks, and delivering payloads via HTML smuggling or other covert techniques.

·       Ability to assess and manipulate Active Directory configurations, conduct password spraying, and exploit common misconfigurations.

·       Strong knowledge of reverse engineering tools such as IDA Pro and Ghidra for analyzing malware or binaries.

·       Excellent ability to create detailed post-engagement reports and recommendations for improving detection and response capabilities.

·       Knowledge of operational security (OpSec) best practices to avoid detection during adversarial engagements.

·       Ability to think creatively in developing offensive strategies and adapting to blue team defenses.

·       Strong desire to continuously learn emerging attack vectors and defensive countermeasures.

·       Outstanding communication skills, with the ability to explain offensive security techniques to both technical and non-technical stakeholders.

How you will grow

At Deloitte, we have invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms,

team-based learning, and eLearning. Deloitte University (DU): The Leadership Center in India, our state-of-the-art, world-class learning center in the Hyderabad office, is an extension of the DU in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India.

Benefits

At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.

Deloitte’s culture

Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to