Deloitte | India Offices of the US

Cyber

Deloitte Cyber understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful insights to help our clients navigate the ever-changing threat landscape. Through powerful insights and managed services that simplify complexity, we enable businesses to operate with resilience, grow with confidence, and proactively manage to secure achievements.

Position Summary

Level: Lead Solution Advisor

Work you’ll do: 

As a Senior Consultant in the Security architecture review domain, you are responsible for performing the following activities:

• Conduct comprehensive security architecture reviews for new and existing systems, applications, and infrastructure and assist by providing security overlays for any solution diagrams
• Evaluate solution designs and technical architectures to identify potential security risks and recommend mitigation strategies.
• Collaborate with IT, development, and business teams to integrate security requirements into project designs.
• Develop and maintain security architecture documentation, standards, and guidelines.
• Review and assess third-party/vendor solutions for security risks and compliance.
• Provide expert guidance on secure design patterns and critical security controls such as encryption, authentication, and access control.
• Be an active member of the projects and assist with any security related questions or issues

The Team:

Enterprise Security teams embed security in all aspects of digital transformation by securing a client’s “technical backbone” while also enabling secure digital transformation. Services include security architecture, secure development and deployment, end-to-end cyber cloud capabilities, application security, and security for emerging technologies and connected products. Examples of work include Secure by Design, Cloud Security Orchestration & Automation, Core Infrastructure Security, and Secure Software Enablement.  

Qualifications  

Must Have Skills/Project Experience/Certifications: 

• Knowledge of infrastructure and network security
• Exposure to microservices architecture concepts
• Strong understanding of security frameworks (e.g., NIST 800-53, PCI DSS,, ISO 27001, CIS Controls) and regulatory requirements (e.g., GDPR, HIPAA, PCI DSS)
• Experience with cloud security (AWS, Azure, GCP) and on-premises environments.
• Familiarity with secure software development lifecycle (SDLC) practices.
• Proficiency in risk assessment methodologies.
• Excellent communication and documentation skills.
• Exposure to threat modeling exercise and zero trust architecture principles
• Knowledge of cloud security best practices.
• Exposure to secure by design methodology.

Good to Have Skills/Project Experience/Certifications: 

• 5-7 years of experience reviewing application security architectures and threat modeling.
• Experience with TOGAF or SABSA frameworks, preferably holding certifications and understanding of how security can be integrated.
• Certified Cloud Security Architect (Azure, AWS, or GCP)

• Experience with integrating and operating SAST tools to identify code-level vulnerabilities in the development lifecycle.
• Familiarity with DAST tools and methodologies for identifying runtime vulnerabilities in web applications and APIs.
• Proficiency in using SCA tools to detect and manage risks from third-party and open-source components,
• Hands-on experience in embedding security controls and automated testing (SAST, DAST, SCA) into CI/CD pipelines
• Experience with integrating threat modeling tool into CICD pipeline
• Hands on experience on Microsoft Visio, Lucidchart, Microsoft Threat modeling tool etc or any other DFD, architecture drafting tool

Education: 

• Bachelor's degree or higher in Computer Science, or equivalent experience.