Work you'll do:
Deloitte leads with purpose, solving complex issues for our clients and communities. Across disciplines and across borders, Deloitte Touche Tohmatsu Limited (DTTL) Global supports our network of national member firms by developing and driving global strategy, programs, and platforms, and creating new solutions and transformational experiences. Our people share a passion for igniting change and a strong service orientation that shapes our organization and those it supports.
The Deloitte Global Cybersecurity function is responsible for the firm's overall objectives of enhancing data protection, standardizing and securing critical infrastructure.
The Global Security Application Analyst is a part of the Cybersecurity Architecture and Engineering team and reports to the Application Security & Design Leader. This role focuses on partnering with the GTS Product Development & Solution Engineering teams' leaders to create, implement and apply application security principles, DevSecOps, processes and culture. They are also to provide subject matter expertise on application security and design, leading our engineering teams in building secure software and implementing security controls and tests in an Agile development environment.
Be responsible for day-to-day collaboration with the engineering teams to ensure successful implementation of secure coding practices, and integration of secure application and design processes across Deloitte
Supports and maintains the Secure Systems Development Lifecycle (SSDLC), including functional and non-functional cybersecurity requirements for all new applications
Works with the Cybersecurity Strategy and Governance group, to implement setup and updates in the cybersecurity assessment process Works with global business functions to automate and integrate application and system cybersecurity assessments into their processes .
Working with the Cybersecurity Architecture team, learns and applies reference architectures for security solutions design and implementation
Champions the Security Software Development Lifecycle (SSDLC) by discovering and raising security concerns in the existing development workflow and help development team to build security awareness and thinking into every stage of the software development process. Recognize security implications in the software/code acceptance phase, including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.
Applies secure application principles to the testing and validation of security requirements derived in the SSDLC processes. Identifies common coding flaws, threat modeling, conducts code reviews and applies threat intelligence to support analysis of application security issues.
Bachelor's degree in Computer Science, Computer Engineering, technology-related field, or equivalent work experience
Master's degree preferred
Minimum of 4 years of combined experience in software engineering, and DevOps/DevSecOps, preferably in an information security context
Certifications preferred but not mandatory.
Relevant Dev and DevOps Certifications are preferred. (e.g., AWS, DevOps Certs, RHCE, Docker, Kubernetes
Professional security management certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) are strongly desirable, but not required
Relevant technical certification preferred (CISSP-ISSEP, CEH, CCNP Security, GSEC)
Previous professional experience with secure programming and identifying potential flaws in codes to mitigate vulnerabilities.
Experience with threat modeling of application designs and data flows to identify potential weaknesses
Ability to translate traditional SDLC approach (plan, code, build, test, release, deploy and monitor) to the phases of agile development when writing software to automate security related tasks.
Hands-on experience with containerization, orchestration, and Cloud infrastructure management (e.g., Infrastructure as Code, immutable infrastructure, Configuration as Code, etc.)
Knowledge of Source Code Management concepts (code lines, branching, merging, integration, versioning, etc.)
Knowledge and experience with enterprise level applications & Platforms (Eg: SAP, salesforce)
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels
Good knowledge of key cybersecurity technologies such as application security design principles, authentication and authorization models, secure coding, application and penetration testing, encryption, vulnerability management, and security information and event management (SIEM)
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status, or any other legally protected basis, in accordance with applicable law.
Disclaimer: Nothing in this job description/posting shall constitute an offer or promise of employment. If you are not reviewing this job posting on our Careers' site (jobs2.deloitte.com) or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at jobs2.deloitte.com
Requisition code: D70806
Deloitte & Touche L.L.P.