Red Team Service Delivery Lead

Deloitte & Touche L.L.P. Chicago , IL 60602

Posted 2 months ago

Are you attracted to the opportunity to build and lead a world class, innovative Red Team function to meet today and tomorrow's cybersecurity needs, challenging a complex, dynamic, global organization with a network of member firms to improve its security effectiveness? Deloitte Global is seeking a creative, energetic person who is an expert and a pioneer in the development of offensive security approaches and a seasoned and effective manager of teams to build a Global Red Team under the umbrella of our multi-year Cyber Acceleration program.

Work you'll do:

Our global network of member firms is strongly committed to securing our data and systems. To continuously deliver on this commitment, we have embarked on a multi-year Cyber Acceleration program, a five-point initiative comprising of 40 global projects. Taken together, these projects will further strengthen our global risk posture and lead to measurable risk reduction.

In this role, you will work across Deloitte Global and the member firms across the Deloitte network to meet that commitment. You will develop a formalized Red Team structure which will reside within the construct of the Penetration Testing service, assuming an adversarial role in a variety of capacities. The Red Team Leader has day-to-day oversight of the globally distributed Red Team, and is primary POC for operational requests and issues within the Deloitte network of member firms. The Red Team will deliver an auditable evaluation process, assessing the effectiveness of and making recommendations for the controls required for digital assets to meet the Deloitte network's risk appetite.

What you'll be part ofour Deloitte Global culture

At Deloitte, we expect results. Incredibletangibleresults. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and lead global strategies and provide programs and services that unite our network.

In Deloitte Global, everyone has an opportunity to lead. We see the importance of your perspective and your ability to create value. We want you to fit inwith an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand outwith opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.

Deloitte Global supports our talented professionals in answering the question: What impact will you make?

Who you'll work with:

The Deloitte Global Cybersecurity function is responsible for the firm's overall objectives of enhancing data protection, standardizing and securing critical infrastructure and gaining cyber visibility through security operations centers. The Cybersecurity organization delivers a comprehensive set of cybersecurity services to Deloitte member firms through regional delivery hubs and a Global Fusion Center.

Responsibilities

As part of the Global Cybersecurity team, the Global Red Team Leader will have organizational, project, leadership and operational responsibilities that include, but are not limited to, the following:

  • Broad responsibilities will be to work with Deloitte network member firms globally to determine criticality, priority and timing of Red Team testing

  • Oversee testing of member firm services to identify vulnerabilities and attack vectors

  • Day-to-day management of Red Team testing providers/vendors

  • Ongoing liaising with member firm stakeholders to provide:

  • Communications on how to effectively engage red team services and what capabilities are available

  • Provide consultative guidance on remediation's and paths for effectively addressing identified vulnerabilities

  • Plan, scope and oversee Red Team engagements for both strategic and targeted testing for member firms

  • Coordinate additional security services requested by member firms, including ad-hoc requests to test the security of software, configurations, implementations and/or any other services offered under the Deloitte Global security strategy

  • Escalation of issues experienced to the Service Leader

  • Compile relevant security metrics and deliver them to the penetration testing Service Leader

Daily activities will consist of:

  • Service management of ongoing and future Red Team operations

  • Managing operational processes of the Red Team's services to member firms

  • Resolving Deloitte member firm inquiries or support escalations to the Global Information Security Officer Penetration Testing Service Lead

  • Recommending solution improvements/enhancements (e.g. technology, processes and governance)

  • Regional vendor management and ongoing coordination of Red Team activities

How you'll grow:

Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible.

Benefits you'll receive:

Deloitte's Total Rewards program reflects our continued commitment to lead from the front in everything we do that's why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.

To be considered for this role, there are certain qualifications you'll have to have. And others that would be really, really nice.

Required:

  • Bachelor's and/or Master's Degree in business administration, commerce, computer science, engineering or related field or significant relevant industry experience

  • A minimum of 10 years of experience, including people and process management experience

  • Thought-leader level knowledge with, and a proven record of success directing efforts in Red Team requirements, techniques, and activities

  • A proven record of success in establishing strategic direction for a Cyber Red Team and leading teams to execute against that strategy

  • Experience with secure coding best practices, application and network attack vectors and vulnerabilities

  • Success with building and maintaining relationships across a network to effectively deliver Cyber Red Team activities

  • Strong understanding and experience with solution design, architecture, deployment and management in a large, preferably global, enterprise

  • Extensive stakeholder management experience. Ability to work with multiple internal stakeholders and external vendors will be critical keys to success

  • Exposure to and experience with cyber security industry standards and trends

  • Knowledge of the following:

  • ISO 27000 series such as 27001, 27002, 27032, 27035

  • NIST SP 800 series

  • PCI DSS

  • ITIL

  • COBIT

  • OWASP Top Ten

  • SANS Institute - CIS Critical Security Controls

  • Standard of Good Practice for Information Security

  • Security architectures and designs (e.g. SIEM, IDS/IPS)

  • Security operations center (SOC) functions and activities

  • Incident management and response

  • Vulnerability management

  • Demonstrated experience working with diverse stakeholders, preferably on a global, multi-national basis

  • Ability to manage concurrent initiatives and use effective judgment in prioritization and time management

  • Strong written and verbal communication skills

  • Proven ability to communicate with and present materials to senior audiences

  • Ability to translate technical requirements and challenges to leadership

  • Creative, self-motivated, highly energetic and results oriented

  • Excellent analytical/problem solving ability

  • Strong influence, negotiation and relationship management skills

  • Proficiency with Microsoft Office tools, especially collaboration tools

Preferred:

Although not required, possessing any of the following will be an asset:

  • Cyber security related certifications/designations, such as:

  • Certified Information Systems Security Professional (CISSP)

  • Certified Ethical Hacker (CEH)

  • GIAC Security Certification (GSEC, GCIH, GPEN)

  • Offensive Security certifications such as OSCE or OSCP

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Disclaimer: Nothing in this job description/posting shall constitute an offer or promise of employment. If you are not reviewing this job posting on our Careers' site (jobs2.deloitte.com) or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at jobs2.deloitte.com

Requisition code: DE19EMAGTS006MB0590


See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Sr Infrastrucutre Service Delivery Analyst

Hcsc

Posted 4 days ago

VIEW JOBS 11/11/2018 12:00:00 AM 2019-02-09T00:00 Job ID: ZB-1028019 Description: As the health care industry continues to rapidly transform, our IT team conceives, develops and delivers impactful technology solutions to support access to quality, affordable health care for our members. We are driven by our collective company purpose: To do everything in our power to stand with our members in sickness and in health®. Our IT team unleashes the power of this purpose through technology. We come to work every day to make a difference, and we deliver the highest quality and best solutions to our members. Job Purpose: * This position is responsible for providing operations infrastructure support services of all non-production and production environments for Middleware; the use of analytics to improve service and application availability; lead Middleware outsourcing vendors in customer interactions with application support and release teams; address incident resolution, support issues and root cause analysis working with Middleware vendors; transition knowledge from design/build engineering teams; assist in managing vendor performance and monitoring of SLAs. Required Job Qualifications: * Bachelors Degree and 4 years in Information Technology experience OR Associates degree, Technical Certification and/or College Courses and 6 years of Information Technology experience OR 8 years of Information Technology experience. * Extensive administrative experience in multiple Middleware technologies that support various java web application servers * Extensive experience in IBM Websphere & Portal administration * Experience in Tomcat, JBoss EAP and Apache HTTP web server * Experience in troubleshooting, reviewing logs and identifying issues in IBM WAS/Portal/Tomcat/JBOSS middleware implemented in legacy and PaaS cloud infrastructures * Experience in evaluating, installing, and applying product upgrades, support packs or security patches as required * Experience or knowledge in Websphere clustering and SSL security configurations * Experience or knowledge in monitoring the systems daily and in responding immediately to security or usability concerns * Scripting knowledge to produce automation of routine support tasks and monitoring capability (shell, python, ansible scripting) * Experience or knowledge in use of application performance and monitoring tools such as CA Wily, Dynatrace and AppDynamics * Ability to lead a small team for projects * DR/Business Continuity experience * Customer service oriented * Adaptability and ability to introduce / manage change * Drive conflict management in high pressure situations * Performance / metrics-driven decision making * Basic understanding of Health Care insurance goals and practices Preferred Job Qualifications: * Middleware messaging technologies exposure or experience in IBM MQ Series system administration, Integration Bus (Message Broker) and Datapower * Mulesoft exposure or experience * Strong Oral and Written Communication skills * Past HCSC application or infrastructure Middleware experience * Experience with Middleware, including Server, OS, Virtualization, and Container technologies * CA HCSC is committed to diversity in the workplace and to providing equal opportunity and affirmative action to employees and applicants. We are an Equal Opportunity Employment / Affirmative Action employer dedicated to workforce diversity and a drug-free and smoke-free workplace. Drug screening and background investigation are required, as allowed by law. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status. Requirements: Expertise Information Technology Job Type Full-Time Regular Location IL - Downers Grove, IL - Naperville, IL - Waukegan, IL - Chicago, TX - Richardson Hcsc Chicago IL

Red Team Service Delivery Lead

Deloitte & Touche L.L.P.