Summary Position Summary Job Description: Cyber Risk Application Security Consultant Attack Surface Management (ASM) Services Overview Are you interested in improving the cyber and organizational risk profiles of leading companies? Do you want to deliver Attack Surface Management (ASM) services, identifying vulnerable IT assets and weak security configurations in real time? If you thrive in dynamic environments and are passionate about cybersecurity, Deloitte’s ASM team could be the place for you. Deloitte’s ASM business is committed to transparency, innovation, collaboration, and sustainability. We deliver industry-leading services through fresh thinking and creative approaches, collaborating across the organization to support our clients. Our goal is to be the premier integrated services provider transforming the cybersecurity marketplace. Role: Cyber Risk Attack Surface Consultant As a Consultant, you will: Work with global teams to identify vulnerabilities and rogue assets (e.g., shadow IT). Help clients achieve business growth while managing risk. Key Responsibilities Conduct vulnerability assessments and manual penetration testing for web, API, thick client, and mobile applications. Perform secure code reviews and analyze false positives from industry-standard tools. Respond to ad-hoc reporting and research requests. Develop and implement application security policies and procedures. Identify and prioritize security vulnerabilities. Coordinate with development and operations teams on remediation plans. Quickly understand and deliver on company and client requirements. Participate in regular reporting for clients, partners, and internal teams. Adhere to internal operational security and Deloitte policies. Required Qualifications Bachelor’s degree or higher in Computer Science, or equivalent experience. 3–5 years of hands-on experience in: Application security Vulnerability assessment Penetration testing Mobile application security Thick client and Web API security assessments Strong understanding of OWASP Top 10 and related vulnerabilities. Experience in manual assessment and exploitation (e.g., Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling). Understanding of OAUTHv2/OpenID standards and business logic vulnerabilities. Experience with secure code review (OWASP Secure Coding Practices). Proficiency with tools: Burp Suite, Fiddler, Sysinternals, Veracode, DnSpy, OllyDbg, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida, etc. Ability to perform manual penetration testing and use automated tools. Excellent technical report writing skills. Knowledge of web application components (frontend, backend, databases, application servers). Understanding of web development technologies (HTML, CSS, JavaScript, PHP, Java, .NET, backend databases). Experience with application security architecture review and threat modeling. Basic concepts of reverse engineering and memory analysis. Understanding of networking protocols (TCP/IP, DNS, HTTP/S). Familiarity with vulnerability classification (CVE/CVSS). Certifications: CISSP, OSCP, OSWE, BSCP, GWAPT. Preferred Qualifications Proficiency in web and mobile application security assessments, penetration testing, and secure code review. Relevant publications (blogs, tools, conference presentations, CVEs). Preferred certifications: OSWE, BSCP. Experience with automation and scripting (Python). Outstanding English written and oral communication skills. Strong understanding of web, mobile, and microservices vulnerabilities. Knowledge of malicious code operation and exploitation. Strong analytical and problem-solving skills. Self-motivated and eager to learn new attack vectors. Desire to deeply understand the what, why, and how of security vulnerabilities. If you are passionate about cybersecurity and ready to make an impact, Deloitte’s ASM team offers a collaborative and innovative environment to grow your career. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Professional development From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. Requisition code: 302277 Show more Show less
