Information Security, Risk, Governance Analyst

Deloitte Services LP includes internal support areas such as Marketing and Communications, Human Resources/Talent, Information Technology, Facilities Management, and Financial Support Services.

Information Security, Risk, Governance Analyst

Preferred Locations: Hermitage/Nashville, TN

The key job responsibilities include the following:

  • Conduct penetration testing and vulnerability assessments against a broad range of targets, including Windows, UNIX, Linux, routers, firewalls, switches, and web applications.
  • Identifying, researching, validating, and exploiting various different known and unknown security vulnerabilities on server and client side
  • Work jointly with Development Teams, Architects and Cyber Defense teams to clearly define the scope of testing and the related rules of engagement.
  • Assist with application security penetration testing activities, including scheduling, resources, tool execution, and reporting.
  • Independently design, recommend, plan, develop and support implementation of project-specific security solutions to meet tactical, and control requirements.
  • Develop reports using data that is hosted in multiple sources (e.g. spreadsheets, databases) and communicate clearly to management and other team members.
  • Identify potential security exposures that may currently exist or may pose a potential future threat to the U.S. Firm's applications. Ensure Cyber Defense management is notified when these exposures are identified, as well as a proposed solution for remediation.

Required Qualifications:

  • A strong understanding of network penetration testing and risk assessment. This includes the a thorough understanding of Penetration Testing Methodologies and Standards.
  • Strong understanding of Web applications, API's, and industry security standards and frameworks (e.g. OWASP Top 10, SANS 25 Top Vulnerabilities, OSSSTM)
  • Scripting Knowledge, Python or PowerShell preferred
  • Strong understanding of Kali Linux or other penetration testing distro. required.
  • Solid understanding of networking (WAN, LAN, wLAN), network domains (Internet, intranet, DMZ), communication techniques/protocols (LDAP, DNS, SMTP, ect.), and their combined effects on network and host systems security.
  • Basic understanding of Cloud Infrastructure and Cloud Security
  • 3+ years of information security experience, preferably in the areas of application security, vulnerability scanning, or penetration testing.
  • 2+ years of experience with penetration testing tools, including Burp, Nmap, ZAP, Wireshark, Nessus, and Metasploit.
  • Be able to conduct Social Engineering campaigns using email phishing, phone calls, and use of SET
  • Familiar with and able to apply time-proven, generally-accepted security methods, concepts and techniques as they relate to the Deloitte U.S. Firms.
  • Strong negotiation skills and ability to interact effectively with direct managers and staff in both technical and business roles. Able to defuse situations, work around defensive attitudes, and deal with diverse personalities to achieve assignment objectives.
  • Ability to learn and retain new skills as required meeting a changing technical environment.
  • Ability to travel occasionally (up to 25%), including international travel.
  • Ability to occasionally work non-standard shifts and/or on-call to support the requirements of the organization.
  • Good written and verbal communication skills, fluent English.

Education and Certifications

  • Bachelor's degree in computer science, Business Administration or equivalent educational or professional experience and/or qualifications. An advanced degree is also preferred.
  • Possession of current OSCP, GXPN, or a combination of two of the following CISSP, GPEN, GWAPT, CCNA Security, CEH, certifications.

Requisition code: E18NATSASCNM003-ITL4


See Inside the Office of Deloitte

One of the largest professional services organizations in the U.S., Deloitte delivers innovative solutions to the complex business problems facing companies around the world. Deloitte offers rewarding careers in four businesses—audit, tax, consulting, and financial advisory. Widely recognized for its inclusion initiatives, Deloitte is committed to building a workplace environment that allows people from all generations, ethnicities, and cultures to be their authentic selves.


Back to top