Job
Description
Position Summary JobDescription:CyberRiskApplication Security Senior Consultant Are you interested in improving the cyber and organizationalrisk profiles of leading companies? Do youwanttobeinvolvedindeliveringAttackSurfaceManagement(ASM)Services including identifying potentially vulnerable IT assets or weak security configurations within their networks in real time? Are you excited about rapidly changing operational environments, learning what you need to get the job done, and producing accurate and timely results? Ifyes,thenDeloitte’s Attack Surface Management (ASM) teamcould betheplaceforyou!Transparency, innovation,collaboration,sustainability:thesearethehallmarkissuesshaping cyberinitiativestoday. Deloitte’s ASM business is passionate about making an impact with lasting change.Delivering our industry leading services requires fresh thinking and a creative approach. We collaborate with teams from across our organization to bring the fullbreadth ofDeloitte, its commercialand public sector expertise, to best support our clients.Our aspiration is to be the premier integrated services provider in helping to transform the cyber security services marketplace. Ourteamisclientfocusedandmissiondriven.AsaCyberRiskAttackSurfaceSeniorConsultant inDeloitte'sAttackSurfaceManagement(ASM) Services,you’llworkwithourdiverseteamsofpassionateprofessionals to help solve for some of today’s toughest cybersecurity challenges to enable or clients to achieve business growth and manage risk. Workyou’ll do AsanAttackSurface Management SeniorConsultant,youwillassistourclientswithdiscoveringvulnerabilitiesand rogue assets (such as shadow IT)in their networks as part of a team of engineers and analysts around the world who specialize in the tactics, tools and proceduresused by cyber criminals. Conduct vulnerability assessments and manual penetration testing for Web, API, Thick Client and mobile applications. Perform Secure code review and false positive analysis for vulnerabilities reported by industry standard tools. Respond torequestsfor ad-hocreporting andresearchtopicsfrommanagementand analysts as required Develop and implement application security policies and procedures. Identify and prioritizes security vulnerabilities. Coordinate with the application development teams and operations teams to assist with the remediations plans and securing the applications Quicklyunderstandanddeliver oncompanyandclient requirements Aidinandparticipateindaily,weekly,quarterly,andyearlyreporting forclients, partners, and internal teams AdheretointernaloperationalsecurityandotherDeloitte policies Qualifications Required: Bachelor'sdegreeorhigherinComputer Science, or equivalent experience. 5-9 years of hands-on experience in application security, vulnerability assessment, penetration testing, mobile application security, Thick Client and Web API security assessments. Strong understanding of OWASP Top 10 vulnerabilities but not limited to. Strong experience in manual assessment and exploitation of vulnerabilities such as Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling etc. Strong understanding of OAUTHv2/OpenID standards and associated vulnerabilities. Strong understanding of business logic vulnerabilities. Experience in Secure Code Review in-line with OWASP Secure Coding Practices. Proficiency in industry standard tools such as Burp Suite, Fiddler, Sysinternals suite, Veracode, DnSpy, Olly debugger, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida etc. Ability to perform manual penetration testing and security assessments using automated tools. Excellent technical report writing skillset. Knowledge of web application components like frontend, backend, databases and application servers. Understanding in web development technologies like HTML, CSS, JavaScript, PHP, JAVA, .Net and backend databases. Experience with reviewing application security architectures and threat modelling. Understand on the basic concepts of reverse engineering, memory analysis etc. Understanding of basic networking protocols such as TCP/IP, DNS, HTTP/s Understanding of vulnerability classification using National Vulnerability Database nomenclature such as CVE/CVSS Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professionals (OSCP), Offensive Security Web Expert (OSWE), Burp Suite Certified Practitioner (BSCP), Web Application Penetration Tester (GWAPT). Preferred: Proficiency in Web and Mobile application security assessments, penetration testing and secure code review. Relevant publications such as blogs, tools, conference presentations and CVEs are preferred. Offensive Security Web Expert (OSWE) and Burp Suite Certified Practitioner (BSCP) certifications are preferred. Experience with automation and scripting (Python) are preferred. OutstandingEnglishwrittenand oralcommunicationskillsand theabilitytoprioritize work Strongunderstandingofweb, mobile and microservices vulnerabilities. Workingknowledgeofhowmaliciouscodeoperatesandhowtechnicalvulnerabilitiesare exploited. Stronganalyticalandproblem-solving skills. Self-motivatedtoupskill and learn new attack vectors. Astrongdesiretounderstandthewhat aswellasthewhy andthehowof security vulnerabilities. The team Deloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth,innovation,andperformanceagendasthroughproactivemanagementoftheassociatedcyber risks.Our professionalsprovideadvisory and implementation servicesthat integraterisk,regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient. TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory’s Cyber Risk Services practice. Howyou’ll grow AtDeloitte,ourprofessionaldevelopmentplanfocusesonhelpingpeopleateveryleveloftheircareer to identify and use their strengths todo their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help sharpenskills in addition to hands-on experience in the global, fast-changing business world.From on-the-job learningexperiencestoformaldevelopmentprogramsatDeloitteUniversity,ourprofessionalshavea variety of opportunitiestocontinuetogrowthroughout their career. ExploreDeloitteUniversity,The Leadership Center. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employeesabroadrangeofbenefits. LearnmoreaboutwhatworkingatDeloittecanmeanforyou. Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them theflexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programsandarecontinuouslylookingfornewwaystomaintainaculturewhereourpeopleexceland lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters.This purposedefines who we are and extendsto relationships with our clients, our people and our communities.We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadershiptohelpdrivepositivesocialimpactinourcommunities. LearnmoreaboutDeloitte’simpact on the world. Recruiter tips WewantjobseekersexploringopportunitiesatDeloittetofeelpreparedandconfident.Tohelpyou with your interview, we suggest that you do your research: know some background about the organizationandthebusinessareayou’reapplyingto. CheckoutrecruitingtipsfromDeloitte professionals. #CA-LD Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Professional development From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. Requisition code: 301459 Show more Show less
