Senior Cyber Security Consultant

Job Requisition ID: 39356 Thrive in an innovative, collaborative people culture
Mentoring, coaching and leadership programs to help you make an impact that matters
We support flexibility and choice.
We encourage you to find the right balance between connecting in person with your clients and teams and meeting your own personal needs Are you a Cyber Security expert with an architectural mindset and 6+ years of experience embedding security practices early in the Software Development Lifecycle (SDLC)?
What will your typical day look like?
This role focuses on secure architectural design, cloud security, and DevSecOps enablement, with opportunities to work on AI security and other emerging technologies.
You will play a key role in left-shifting security, ensuring robust architectures for applications, infrastructure, and multi-cloud environments (AWS, Azure, Kubernetes).
We require a strategic thinker who can embed security early in the SDLC, conduct architectural reviews, and integrate security into CI/CD pipelines, along with the ability to communicate complex security concepts to diverse stakeholders.
Key responsibilities include: Architectural Security Review: Design and review secure architectures for enterprise and multi-cloud environments.
Cloud Security: Implement and enforce best practices for AWS and Azure, including IAM, encryption, logging, and incident response.
Secure Kubernetes clusters and containerized workloads.
Authentication & Authorization: Design and review solutions using SAML, OIDC, OAuth2, and implement RBAC/ABAC models.
Encryption & Data Protection: Ensure use of strong encryption standards (TLS 1.2/1.3, AES-256) and key management best practices.
Logging & Auditing: Define and implement centralized logging, monitoring, and auditing strategies for compliance and incident response.
Threat Modeling & Risk Analysis: Apply frameworks like MITRE ATT&CK and STRIDE to identify and mitigate risks.
DevSecOps & Security Testing: Integrate security into CI/CD pipelines using Azure DevOps (ADO) and GitHub; and perform and automate security testing, including penetration testing, SAST, DAST, IAST, and IaC scanning
Secure SDLC & Code Review: Promote SSDLC practices and conduct secure code reviews.
AI Security: Define security measures for AI/ML development and deployment.
Compliance & Standards: Align with frameworks such as NIST, CIS, ISO 27001, PCI-DSS, ASD Essential 8, and ISM.
Incident Response: Develop and manage incident response strategies and investigations.
About the team
Our CISO team is a diverse and highly skilled group dedicated to securing Deloitte against evolving cyber threats.
We operate across multiple security disciplines to govern, design, defend, operate, and enhance our cybersecurity capabilities, ensuring resilience and regulatory compliance.
Within the CISO function, our specialized teams include Governance, Risk, and Compliance; Cyber Assurance; Cyber Defence; Cyber Operations; and Vendor Cyber Risk Management.
Enough about us, let's talk about you.
You may have all or some of the following skills / experiences / attributes: 5+ years in Security Architecture, designing and implementing secure network architectures in large-scale enterprise or multi-cloud environments.
Bachelor's degree in Cybersecurity, Information Technology, or related field.
Certifications (Preferred): CISSP, CCSP, CCSK, AWS/Azure Security Specialty, Kubernetes Security Specialist (CKS).
Offensive Security certifications (OSCP, OSWE, GPEN) are highly desirable.
Strong understanding of networking protocols (TCP/IP, VPN, BGP, OSPF, MPLS, VLANs, VXLANs) and cloud networking (AWS VPC, Azure Virtual Network, ExpressRoute, Direct Connect).
Proficiency in authentication and authorization protocols (SAML, OIDC, OAuth2), encryption standards, and logging/auditing frameworks.
Experience with cloud security tools (AWS Security Hub, Azure Security Center) and DevSecOps tools (Azure DevOps, GitHub, Prisma Cloud, Qualys, Checkmarx).
Penetration Testing Expertise: Web, API, and cloud environments.
Threat Modeling: Experience with MITRE ATT&CK, STRIDE.
Regulatory Knowledge: GDPR, ISO 27001, PCI-DSS, ASD Essential 8, ISM.
Strong communication skills to articulate complex security concepts to non-technical stakeholders.