Global Security Application Analyst

Deloitte & Touche L.L.P. Hermitage , TN 37076

Posted 2 months ago

Work you'll do:

Deloitte leads with purpose, solving complex issues for our clients and communities. Across disciplines and across borders, Deloitte Touche Tohmatsu Limited (DTTL) Global supports our network of national member firms by developing and driving global strategy, programs, and platforms, and creating new solutions and transformational experiences. Our people share a passion for igniting change and a strong service orientation that shapes our organization and those it supports.

The Deloitte Global Cybersecurity function is responsible for the firm's overall objectives of enhancing data protection, standardizing and securing critical infrastructure.

The Global Security Application Analyst is a part of the Cybersecurity Architecture and Engineering team and reports to the Application Security & Design Leader. This role focuses on partnering with the GTS Product Development & Solution Engineering teams' leaders to create, implement and apply application security principles, DevSecOps, processes and culture. They are also to provide subject matter expertise on application security and design, leading our engineering teams in building secure software and implementing security controls and tests in an Agile development environment.


  • Be responsible for day-to-day collaboration with the engineering teams to ensure successful implementation of secure coding practices, and integration of secure application and design processes across Deloitte

  • Supports and maintains the Secure Systems Development Lifecycle (SSDLC), including functional and non-functional cybersecurity requirements for all new applications

  • Works with the Cybersecurity Strategy and Governance group, to implement setup and updates in the cybersecurity assessment process Works with global business functions to automate and integrate application and system cybersecurity assessments into their processes .

  • Working with the Cybersecurity Architecture team, learns and applies reference architectures for security solutions design and implementation


  • Champions the Security Software Development Lifecycle (SSDLC) by discovering and raising security concerns in the existing development workflow and help development team to build security awareness and thinking into every stage of the software development process. Recognize security implications in the software/code acceptance phase, including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.

  • Applies secure application principles to the testing and validation of security requirements derived in the SSDLC processes. Identifies common coding flaws, threat modeling, conducts code reviews and applies threat intelligence to support analysis of application security issues.



  • Bachelor's degree in Computer Science, Computer Engineering, technology-related field, or equivalent work experience

  • Master's degree preferred

Work experience

Minimum of 4 years of combined experience in software engineering, and DevOps/DevSecOps, preferably in an information security context


Certifications preferred but not mandatory.

  • Relevant Dev and DevOps Certifications are preferred. (e.g., AWS, DevOps Certs, RHCE, Docker, Kubernetes

  • Professional security management certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) are strongly desirable, but not required

  • Relevant technical certification preferred (CISSP-ISSEP, CEH, CCNP Security, GSEC)


  • Programming skills in one or more of the following programming and markup languages: Java, .Net, Terraform, Python, Visual Basic, PowerShell, Bash, C++, Django, JavaScript, HTML, CSS, etc.

  • Previous professional experience with secure programming and identifying potential flaws in codes to mitigate vulnerabilities.

  • Experience with threat modeling of application designs and data flows to identify potential weaknesses

  • Ability to translate traditional SDLC approach (plan, code, build, test, release, deploy and monitor) to the phases of agile development when writing software to automate security related tasks.

  • Hands-on experience with containerization, orchestration, and Cloud infrastructure management (e.g., Infrastructure as Code, immutable infrastructure, Configuration as Code, etc.)

  • Knowledge of Source Code Management concepts (code lines, branching, merging, integration, versioning, etc.)

  • Knowledge and experience with enterprise level applications & Platforms (Eg: SAP, salesforce)

  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels

  • Good knowledge of key cybersecurity technologies such as application security design principles, authentication and authorization models, secure coding, application and penetration testing, encryption, vulnerability management, and security information and event management (SIEM)

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Disclaimer: Nothing in this job description/posting shall constitute an offer or promise of employment. If you are not reviewing this job posting on our Careers' site ( or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at

Requisition code: D70806

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Manager Application Architecture Project Omnia

Deloitte & Touche L.L.P.

Posted 3 weeks ago

VIEW JOBS 11/1/2020 12:00:00 AM 2021-01-30T00:00 Application Architect Location: Hermitage/Nashville, TN If you are passionate about how digital technology is transforming business, plan your next career move with Deloitte's ITS Application Studios. Deloitte's breadth, depth, and scale, combined with our relentless passion for innovation create powerful opportunities to help our clients and our own organization stay ahead of change, deliver impact that matters, and transform complexity and disruption into lasting value. Our teams are already leveraging Artificial Intelligence, analytics and cutting-edge capabilities to transform how we serve clients and operate our business. Moreover, the team is also actively exploring nascent applications such as Machine Learning, Blockchain and AR/VR. Work You'll Do: In your role, you will be responsible for envisioning and developing new digital products. You will execute day-to-day product development activities across design, development, stakeholder communication, technology vendor management and delivery. Act as the technical visionary and leader for ongoing and future software development efforts. You will also be evangelizing the Cloud-first strategy for software development teams Responsibilities: * Architect, design, implement world-class products and solutions. Develop functional architecture design and contribute to product vision * Manage clients, complex projects, drive business requirement gathering, manage scope and client expectations * Transforms detailed requirements into a complete, detailed systems design document * Supports creation of interface specifications and call flows for the various components in the design * Provide inputs to create Agile user stories based on marketing business requirements * Provide technical support for analysis of business requirements and applicability to the current or planned Platform/Enabler/API Platform capabilities Participate in E2E functionality assessment during Validation Testing phases (SIT, UAT) * Experience with technical programming; capable of managing and overseeing teams designing, programming and implementing various technical solutions * Serve as a technical liaison between the business, project team and developers/testers * Work with IT infrastructure teams to deploy and maintain applications * See projects through to completion and meet commitments regardless of obstacles. Insatiable appetite for learning new development techniques and technologies * Common sense approach to weighing constraints vs business drivers * Courage to stand up for what is right for our product, team, department and company * Motivated by mentoring others through technical and professional growth * Willingness to maintain a positive attitude regardless of external factors * Can handle the rush of each software change impacting 100's of 1000's of real people every day * Curiosity to understand "why" we build the features we choose The team Information Technology Services (ITS) helps power Deloitte's success. ITS is the engine that drives Deloitte, which serves many of the world's largest, most respected organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence. The ~2,200 professionals in ITS deliver services including: * Security, risk & compliance * Technology support * Infrastructure * Applications * Relationship management * Strategy * Deployment * PMO * Financials * Communications Deloitte Application Studios (DAS) Deloitte Application Studios (DAS) is the internal software and applications development team responsible for delivering leading-edge technologies to Deloitte professionals. Their broad portfolio includes web and mobile productivity tools which empower our people to log expenses, enter timesheets, book travel and more, anywhere, anytime. DAS enables our client service professionals through a comprehensive suite of applications across the business lines. In addition to application delivery, DAS offers full-scale design services, a robust mobile portfolio, cutting-edge analytics, and innovative custom development. Qualifications Required Qualifications: * Experience/institutional knowledge developing Project Omnia * A Bachelor's degree in Computer Science, Business Administration, or related discipline. While an advanced degree is preferred, the value is placed on the extent of the relevant experience and accomplishments * 5+ years hands-on experience in Object-Oriented Design (OOD), Unified Modeling Language (UML), stateless distributed architectures, and designing for scalability and performance, especially within, .Net, HTML5/CSS3, and WCF technologies. * Clear understanding of event-driven and delegate-based design paradigms. * Knowledge of Service-Oriented Architecture (SOA), its principles, and patterns at enterprise level. * Experience in data modeling techniques and knowledge and applicability of various normal forms. * Experience and knowledge of multi-tier and cross-platform architectures driven towards mobility. * Experience with architecting mobile enterprise solutions based on REST web services. * Experience in developing of IT architecture plans and software development methodologies. * Strong knowledge and understanding of .NET Framework development techniques * Working knowledge of web-based technologies; HTTP, AJAX, HTML5, JavaScript/jQuery and CSS3 * Microsoft .Net, ASP.NET Web API and complementary business layer and front-end technologies. * Microsoft SQL Server and other most common backend Microsoft technologies. * Ability to travel up to 25% (While 25% of travel is a requirement of the role, due to COVID-19, non-essential travel has been suspended until further notice.) * Limited immigration sponsorship may be available Preferred Qualifications: * Strong experience with Azure (Amazon and other cloud providers is a plus) * Strong experience with PaaS services; understands leading practices and adoption patterns. * TOGAF or SEI - Software Architecture Certification etc., * Exposure to BI Tools - like Tableau, PowerBI, Qliksense and DI Tools like Informatica etc., * Experience working with SAFe or Agile development processes. * Experience with Angular * Electronic commerce, EDI, B2B architectures * Messaging architectures SOAP and REST with JSON text encoding. * Usage of automated build and/or unit testing and integration systems * Excellent communication, presentation, influencing, and reasoning skills to earn support of business leaders, technology leaders, colleagues, and vendor representatives. * Experience with Microsoft and Apple frameworks, with extensive knowledge of technical design patterns and anti-patterns. * Capable of building sustainable relationships with colleagues and key individuals. * Creativity and ability to think outside-the-box while defining sound and practical solutions. * Desire to take the initiative, moving projects/ideas forward with clarity. * Adept negotiation skills in high-pressure situations. * Leadership skills to indirectly lead cross-functional teams towards common solutions. How you'll grow At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there's always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte's culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte's impact on the world. Recruiter tips We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you're applying to. Check out recruiting tips from Deloitte professionals. As used in this posting, "Deloitte" means Deloitte Services LP, a subsidiary of Deloitte LLP. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law. Requisition code: E21NATSMGRDD133-ITL5 * * * * * * Deloitte & Touche L.L.P. Hermitage TN

Global Security Application Analyst

Deloitte & Touche L.L.P.