Your opportunity The first SQL injection became known to the world around Christmas 1998. 20 years later, the world of software and application security is still extremely complex, challenging, and attractive for hackers as well as skilled security software engineers. The Deloitte Cyber Security team provides consulting services to customers across the industries (from multinational corporations to small regional players), working together on the quest of increasing the security in software and applications. We are looking for builders, breakers and defenders.
We are proud to offer flexible working arrangements which allow our people to choose the most suitable working arrangement that works for them. Whether this is working 4 days per week, taking the summer months off work, or more flexibility around your working pattern, we consider both formal and informal working arrangements that allow our people and our clients the best outcome.
Specific Skills Required Currently within the Cyber Applications team we have some specific skills required:
Your role Topics and type of engagements you can expect to work on:
Building security into the software development life cycle, and Agile sprints, and DevOps projects.
Manual and automated security code reviews. Static and Dynamic application security test using tooling such as Checkmarx, Fority, Webinspect, Veracode, and others.API security
Providing security within Continuous integration, development and releases processes.
Providing secure coding training to customers.
Vulnerability management within secure software development lifecycle (SSDLC)
Directing team members in terms of content and professional skills.
Be able to communicate a strong vision towards clients regarding SSDLC
End to end project management of SSDLC related projects.
Perform a QA role on project deliverables and provide a high quality result.
Financial monitoring of projects you manage.
Advise customers and propose technical solutions which both fit within the customer environment and that might be integrated with other Cyber Risk Advisory services.
Client relationship management.
Manage relations with market, suppliers and SSDLC security expert groups.
Be proactive on the topic of business development and acquisition of new projects and in your field of expertise.
Adding value to commercial processes and expanding the network of senior stakeholders at our clients.
Your work, your choice At Deloitte we believe the best impact is the value we add, not the hours we sit at our desk. We carefully consider agile ways of working, both formal and informal, that allow for the best impact for our people and our clients. Please speak to your recruiter about the working pattern that works best for you.
Location: London with Occasional Domestic and international travel Work Pattern: Full time opportunity
Your professional experience Candidates should have at least a Computer Science (Bachelors) degree or similar and a drive to keep developing themselves. Education as Application Security professional will never stop and we expect our professionals to keep developing themselves and keep up-to-date with current techniques and new vulnerabilities. In exchange, we provide an extensive training and development program, access to conferences. We welcome you in our Capture the Flag Hack.ERS team. We expect understanding of security concepts (e.g. OWASP, SANS, CVE) and experience and passion in software engineering (coding background). Other experience sought include:
Knowledge and experience of Terraform (min. 1 year) in addition knowledge and experience of Ansible, AWS and/or Azure, would be beneficial.
Past knowledge and experience of one or more of the following languages: Java, PHP, Linux, Python, Linux, Ruby, C++, C#
Demonstrable relevant work experience.
Knowledge of secure software development processes, such as SAMM, BSIMM, ISO27034.
Extensive experience in conducting and managing SSDLC projects.
Good leader, excellent communication skills (spoken and written), the ability to lead a project, able to head teams (Customer and/or Deloitte team) and build good business relations.
A holistic understanding of security, good overview of all aspects within security (prevention, detection and response) and relevant certifications (such as such GICSP, CISSP, CISM) are value added.
A team player who is eager to both experts in their own field, as well as with experts from other Deloitte collaborate on the best solutions for our customers.
Experience in working in a commercial environment is a plus.
Stress-resistant, flexible and accurate.
Above all, we are looking for a new colleague who combines a passion for security with a keen interest in creating secure software. Do you want to combine fast software development with creating secure software? Do you think security should help organizations to move faster? Then we might share the same line of thinking and approach and would love to get to know you!
For full job description please see our Career Site