USI - FY26 - Cyber - Defense & Resilience - ASM+MPT - Consultant(SA) - Solution Delivery Advisor

Same job available in 5 locations

Bengaluru, Karnataka, India

Chennai, Tamil Nadu, India

Hyderabad, Telangana, India

Kolkata, West Bengal, India

Pune, Maharashtra, India

Back to search results
Back to search results

Position Summary

Cyber 

Deloitte Cyber understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful insights to help our clients navigate the ever-changing threat design, and technology as we partner with clients to transform finance. 

Position Summary 

Level: Solution Delivery Advisor 

Work you’ll do: 

As a Consultant, you will: 

  • Work with global teams to identify vulnerabilities and rogue assets (e.g., shadow IT). 
  • Help clients achieve business growth while managing risk. 
  • Conduct vulnerability assessments and manual penetration testing for web, API, thick client, and mobile applications. 
  • Perform secure code reviews and analyze false positives from industry-standard tools. 
  • Respond to ad-hoc reporting and research requests. 
  • Develop and implement application security policies and procedures. 
  • Identify and prioritize security vulnerabilities. 
  • Coordinate with development and operations teams on remediation plans. 
  • Quickly understand and deliver on company and client requirements. 
  • Participate in regular reporting for clients, partners, and internal teams. 
  • Adhere to internal operational security and Deloitte policies. 

The Team: 

Cyber Defense & Resilience teams support clients in defending against sophisticated cyber threats by transforming security operations through advanced technology, data analytics, and threat intelligence. They ensure organizations are ready to respond and recover from business disruptions by continuously monitoring client environments and delivering rapid crisis and cyber incident response. A cornerstone of their approach is robust Attack Surface Management (ASM), which enables proactive identification, prioritization, and remediation of vulnerabilities across networks, applications, cloud assets, and endpoints. Through these integrated services—operational resilience, incident response, and security operations center transformation—clients benefit from stronger protection of their dynamic digital ecosystems and enhanced resilience against evolving cyber risks. 

Qualifications 

Must Have Skills/Project Experience/Certifications: 

  • 3–5 years of hands-on experience in: 
  • Application security 
  • Vulnerability assessment 
  • Penetration testing 
  • Mobile application security 
  • Thick client and Web API security assessments 
  • Strong understanding of OWASP Top 10 and related vulnerabilities. 
  • Experience in manual assessment and exploitation (e.g., Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling). 
  • Understanding of OAUTHv2/OpenID standards and business logic vulnerabilities. 
  • Experience with secure code review (OWASP Secure Coding Practices). 
  • Proficiency with tools: Burp Suite, Fiddler, Sysinternals, Veracode, DnSpy, OllyDbg, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida, etc. 
  • Ability to perform manual penetration testing and use automated tools. 
  • Excellent technical report writing skills. 
  • Knowledge of web application components (frontend, backend, databases, application servers). 
  • Understanding of web development technologies (HTML, CSS, JavaScript, PHP, Java, .NET, backend databases). 
  • Experience with application security architecture review and threat modeling. 
  • Basic concepts of reverse engineering and memory analysis. 
  • Understanding of networking protocols (TCP/IP, DNS, HTTP/S). 
  • Familiarity with vulnerability classification (CVE/CVSS). 
  • Certifications: CISSP, OSCP, OSWE, BSCP, GWAPT. 

Good to Have Skills/Project Experience/Certifications: 

  • Proficiency in web and mobile application security assessments, penetration testing, and secure code review. 
  • Relevant publications (blogs, tools, conference presentations, CVEs). 
  • Preferred certifications: OSWE, BSCP. 
  • Experience with automation and scripting (Python). 
  • Outstanding English written and oral communication skills. 
  • Strong understanding of web, mobile, and microservices vulnerabilities. 
  • Knowledge of malicious code operation and exploitation. 
  • Strong analytical and problem-solving skills. 
  • Self-motivated and eager to learn new attack vectors. 
  • Desire to deeply understand the what, why, and how of security vulnerabilities. 

Education: 

Bachelor’s degree or higher in Computer Science, or equivalent experience. 
Our purpose

Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. 
Our people and culture

Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ways of thinking, ideas and perspectives, and bring more creativity and innovation to help solve our clients’ most complex challenges. This makes Deloitte one of the most rewarding places to work.
Professional development

At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse   learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India.
Benefits to help you thrive

At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you.
Recruiting tips

From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.

Requisition code: 302277