Information Security, Risk, Governance Analyst

Deloitte Services LP includes internal support areas such as Marketing and Communications, Human Resources/Talent, Information Technology, Facilities Management, and Financial Support Services.

Information Security, Risk, Governance Analyst

Preferred Locations: Hermitage/Nashville, TN Office

The key job responsibilities include the following:

  • Conduct web and mobile application security vulnerabilities assessments (review designs, perform pentest, code review, and security checks) through the use of scanning tools / manual checks and notify the appropriate team to take necessary action. This may include defining the security controls and parameters that will be measured. An understanding of current web application development languages is necessary to communicate compensating controls and potential remediation activities.
  • Work jointly with Development Teams, Architects and Cyber Defense teams to periodically review application code and be able to define security posture of applications and back-end systems.
  • Assist with application security penetration testing activities, including scheduling, resources, tool execution, and reporting.
  • Independently design, recommend, plan, develop and support implementation of project-specific security solutions to meet tactical, and control requirements.
  • Develop reports using data that is hosted in multiple sources (e.g. spreadsheets, databases) and communicate clearly to management and other team members.
  • Identify potential security exposures that may currently exist or may pose a potential future threat to the U.S. Firm's applications. Ensure Cyber Defense management is notified when these exposures are identified, as well as a proposed solution for remediation.

Required Qualifications:

  • Application development experience, preferably in languages Java, ASP.NET, Swift, Xamarin, others
  • Strong understanding of Web applications, API's, and industry security standards and frameworks (e.g. OWASP Top 10, SANS 25 Top Vulnerabilities, OSSSTM)
  • Knowledge on Python or PowerShell scripting
  • Previous experience with Tenable (Nessus or Security Center), Kali Linux, Burp Suite, OWASP ZAP, or Metasploit is a plus.
  • Experience in vulnerability research, malware analysis and exploits writing is a plus.
  • Basic Understanding of Linux required.
  • Basic understanding of Cloud Infrastructure and Cloud Security
  • 3+ years of information security experience, preferably in the areas of application security, application development, vulnerability scanning, or penetration testing.
  • Familiar with and able to apply time-proven, generally-accepted security methods, concepts and techniques as they relate to the Deloitte U.S. Firms.
  • Strong negotiation skills and ability to interact effectively with direct managers and staff in both technical and business roles. Able to defuse situations, work around defensive attitudes, and deal with diverse personalities to achieve assignment objectives.
  • Solid understanding of networking (WAN, LAN, wLAN), network domains (Internet, intranet, DMZ), communication techniques/protocols (IP and others), and their combined effects on network and host systems security.
  • Ability to learn and retain new skills as required meeting a changing technical environment.
  • Ability to travel occasionally (up to 25%), including international travel.
  • Ability to occasionally work non-standard shifts and/or on-call to support the requirements of the organization.
  • Good written and verbal communication skills, fluent English.

Education and Certifications

  • Bachelor's degree in computer science, Business Administration or equivalent educational or professional experience and/or qualifications. An advanced degree is also preferred.
  • Possession of OSCP, GWAPT, GPEN, CEH and/or other ethical hacking certifications preferred.

Requisition code: E18NATSASCNM004-ITL4

See Inside the Office of Deloitte

One of the largest professional services organizations in the U.S., Deloitte delivers innovative solutions to the complex business problems facing companies around the world. Deloitte offers rewarding careers in four businesses—audit, tax, consulting, and financial advisory. Widely recognized for its inclusion initiatives, Deloitte is committed to building a workplace environment that allows people from all generations, ethnicities, and cultures to be their authentic selves.

Back to top