Senior Cyber Security Consultant

Date: 8 Sept 2025

Location:

Sydney, NSW, AU

Department: Enabling Areas

Description:

Job Requisition ID: 39356

Thrive in an innovative, collaborative people culture

Mentoring, coaching and leadership programs to help you make an impact that matters

We support flexibility and choice. We encourage you to find the right balance between connecting in person with your clients and teams and meeting your own personal needs

Are you a Cyber Security expert with an architectural mindset and 6+ years of experience embedding security practices early in the Software Development Lifecycle (SDLC)?

What will your typical day look like?

This role focuses on secure architectural design, cloud security, and DevSecOps enablement, with opportunities to work on AI security and other emerging technologies. You will play a key role in left-shifting security, ensuring robust architectures for applications, infrastructure, and multi-cloud environments (AWS, Azure, Kubernetes).

We require a strategic thinker who can embed security early in the SDLC, conduct architectural reviews, and integrate security into CI/CD pipelines, along with the ability to communicate complex security concepts to diverse stakeholders.

Key responsibilities include:

Architectural Security Review: Design and review secure architectures for enterprise and multi-cloud environments.

Cloud Security: Implement and enforce best practices for AWS and Azure, including IAM, encryption, logging, and incident response. Secure Kubernetes clusters and containerized workloads.

Authentication & Authorization: Design and review solutions using SAML, OIDC, OAuth2, and implement RBAC/ABAC models.

Encryption & Data Protection: Ensure use of strong encryption standards (TLS 1.2/1.3, AES-256) and key management best practices.

Logging & Auditing: Define and implement centralized logging, monitoring, and auditing strategies for compliance and incident response.

Threat Modeling & Risk Analysis: Apply frameworks like MITRE ATT&CK and STRIDE to identify and mitigate risks.

DevSecOps & Security Testing: Integrate security into CI/CD pipelines using Azure DevOps (ADO) and GitHub; and perform and automate security testing, including penetration testing, SAST, DAST, IAST, and IaC scanning

Secure SDLC & Code Review: Promote SSDLC practices and conduct secure code reviews.

AI Security: Define security measures for AI/ML development and deployment.

Compliance & Standards: Align with frameworks such as NIST, CIS, ISO 27001, PCI-DSS, ASD Essential 8, and ISM.

Incident Response: Develop and manage incident response strategies and investigations.

About the team

Our CISO team is a diverse and highly skilled group dedicated to securing Deloitte against evolving cyber threats. We operate across multiple security disciplines to govern, design, defend, operate, and enhance our cybersecurity capabilities, ensuring resilience and regulatory compliance. Within the CISO function, our specialized teams include Governance, Risk, and Compliance; Cyber Assurance; Cyber Defence; Cyber Operations; and Vendor Cyber Risk Management.

Enough about us, let's talk about you.

You may have all or some of the following skills / experiences / attributes:

5+ years in Security Architecture, designing and implementing secure network architectures in large-scale enterprise or multi-cloud environments.

Bachelor's degree in Cybersecurity, Information Technology, or related field.

Certifications (Preferred): CISSP, CCSP, CCSK, AWS/Azure Security Specialty, Kubernetes Security Specialist (CKS). Offensive Security certifications (OSCP, OSWE, GPEN) are highly desirable.

Strong understanding of networking protocols (TCP/IP, VPN, BGP, OSPF, MPLS, VLANs, VXLANs) and cloud networking (AWS VPC, Azure Virtual Network, ExpressRoute, Direct Connect).

Proficiency in authentication and authorization protocols (SAML, OIDC, OAuth2), encryption standards, and logging/auditing frameworks.

Experience with cloud security tools (AWS Security Hub, Azure Security Center) and DevSecOps tools (Azure DevOps, GitHub, Prisma Cloud, Qualys, Checkmarx).

Penetration Testing Expertise: Web, API, and cloud environments.

Threat Modeling: Experience with MITRE ATT&CK, STRIDE.

Regulatory Knowledge: GDPR, ISO 27001, PCI-DSS, ASD Essential 8, ISM.

Strong communication skills to articulate complex security concepts to non-technical stakeholders.

Why Deloitte?

At Deloitte, we focus our energy on interesting and impactful work. We're always learning, innovating and setting the standard; making a positive difference to our clients and our society. We put coaching at the heart of what we do, helping our people grow their careers in any direction – whether it be up, moving into something new, or even moving across the world.

We embrace diversity, equity and inclusion. We have a diverse collection of people from different backgrounds, with different experiences, gender identities, abilities and thinking styles. What binds us together is a shared commitment to value everyone's perspective and to cultivate inclusion; so that our work environment is a safe space we can all belong.

We support flexibility and choice. We encourage you to find the right balance between connecting in person with your clients and teams and meeting your own personal needs.

We help you live and work well. To support your personal and professional life, we offer a range of perks and benefits, including retail discounts, wellbeing leave, paid volunteering days, twelve flexible working options, market-leading parental leave and return to work support package.