Cyber
Deloitte Cyber understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful insights to help our clients navigate the ever-changing threat landscape. Through powerful insights and managed services that simplify complexity, we enable businesses to operate with resilience, grow with confidence, and proactively manage to secure achievements.
Position Summary
Level: Lead Solution Advisor
Work you’ll do:
As a Senior Consultant, you are responsible for performing following activities as a SAST/DAST professional:
- Integrate SAST and DAST tools into CI/CD pipelines to automate security testing throughout the development lifecycle.
- Perform regular static (SAST) and dynamic (DAST) security assessments on applications to identify vulnerabilities such as SQL injection, cross-site scripting, and other OWASP Top 10 risks.
- Analyze scan results, triage findings, and provide actionable remediation guidance to development teams.
- Collaborate with developers to ensure secure coding practices and support secure design reviews.
- Define and maintain security roles, responsibilities, and ownership between Deloitte and client stakeholders for test preparation, execution, and support.
- Ensure that vulnerabilities are tracked, reported, and resolved in accordance with organizational policies and client requirements.
- Conduct root cause analysis (RCA) workshops and publish performance and security testing reports.
- Stay current with industry trends, emerging threats, and advancements in SAST/DAST tools and methodologies.
The Team:
Enterprise Security teams embed cybersecurity across all facets of digital transformation by securing a client’s technical infrastructure, while enabling innovation and agility. Their services span security architecture, secure development, cloud cyber capabilities, application and emerging technology security, and secure-by-design initiatives. DevSecOps further integrates automated security into the software development lifecycle, embedding testing and remediation within CI/CD pipelines for agile, risk-aware deployment. Through Deloitte’s DevSecOps framework, teams drive operational efficiency and secure design principles, ensuring robust protection in cloud and application environments.
Qualifications
Must Have Skills/Project Experience/Certifications:
- 5-7 years of hands-on experience with leading SAST and DAST tools (e.g., Checkmarx, Veracode, Fortify, Burp Suite, OWASP ZAP).
- Strong understanding of secure software development lifecycle (SSDLC) principles and OWASP Top 10 vulnerabilities.
- Experience integrating security testing into CI/CD pipelines (e.g., Jenkins, Azure DevOps, GitLab CI).
- Ability to interpret and communicate vulnerability findings and remediation steps to technical and non-technical stakeholders.
- Familiarity with both black-box (DAST) and white-box (SAST) testing methodologies.
- Excellent collaboration, communication, and documentation skills.
- Excellent collaboration, communication, and documentation skills.
Good to Have Skills/Project Experience/Certifications:
- Experience participating in or conducting security architecture reviews to identify design-level vulnerabilities and ensure alignment with security best practices and organizational standards.
- Proficiency in performing threat modeling exercises (e.g., using STRIDE, PASTA, or other frameworks) to systematically identify, document, and prioritize potential threats and attack vectors in applications and systems.
- Skill in translating threat model findings into actionable SAST/DAST test cases and ensuring that identified threats are adequately tested and mitigated.
- Security certifications such as CSSLP, CEH, or similar.
- Experience with cloud-native application security and container security.
- Knowledge of regulatory and compliance requirements related to application security.
Education:
- Bachelor's degree or higher in Computer Science, or equivalent experience.