Software Security Eng., Security Lead, ExaLink, ARTC
About Deloitte Advisory's Advanced Risk Technology Center (ARTC)
Advanced Risk Technology Center (ARTC) at Deloitte Advisory is a newly formed technology delivery house for the Deloitte Advisory practice with more than $4 billion annual revenue. Our mission is to deliver cutting edge, vulnerability-free technology solutions to our worldwide customer base. We are looking for a skilled Software Security Engineer to analyze software concepts, designs, and implementations from a security perspective, and identify and resolve security issues.
Work you'll do:
In this effort, you will utilize the appropriate software security analysis, design, defense, and countermeasures at each phase of the software development lifecycle that will result in robust and reliable software deliveries. The ideal candidate will be highly creative, self-motivated, and excel in a diversified fast-paced environment. You will design and develop some of the core software security features for the Deloitte Advisory ARTC and help architect the security capabilities using modern design approaches for backend, frontend, API services, data retrieval, distributed computing, data storage, and analytics solutions on Cloud platforms.
- Implement, test and operate advanced software security techniques in compliance with technical reference architecture
- Perform on-going code review and security testing to improve software security
- Identify, highlight, and provide security recommendations during requirement and design reviews
- Troubleshoot and debug software security issues
- Provide engineering designs for new software solutions to help mitigate security vulnerabilities
- Contribute to all levels of the architecture by conducting effective design reviews
- Maintain technical documentation
- Consult team members on secure coding practices and advocate secure software development practices by acting as the ARTC secure software champion
- Develop and manage the ARTC secure software development practice policy
- Develop familiarity with new software security tools and best practices; follow and evaluate industry trends and breakthroughs
- Ensure that the security best practices are followed throughout product development lifecycle
- Be a key player in the vulnerability management process. Categorize and track the software vulnerabilities and ensure fixes are applied as per the vulnerability policy
- Develop custom integrations for off-the-shelf security tools to meet risk management needs
- Track open issues and follow up with different teams within the organization to address them
- Provide and meet time estimates for assigned deliverables
- Manage teams and resources as required; provide technical guidance to internal peer teams
- Directly support product owners, solution architects, developers, and hosting operations leads through hands-on technical security knowledge, integration, and development/coding
- Bachelor's degree in computer science or equivalent field of study. Master degree is preferred.
- Minimum 5 years direct experience in secure software development and software security.
- Understanding of Cloud application architecture and security issues
- Experience with security assessment tools and products
- Foundation in and in-depth technical knowledge of secure software engineering, computer and network security, authentication, security protocols and encryption fundamentals: PKI, Encryption, Digital Signatures, & Key Management
- Experience with design, installation, development, & configuration of security solutions
- Hands on experience developing, diagnosing for performance and scalability in the secure software context
- Strong test-driven approach to writing code
- Experience using scripting languages (Ruby, Python, etc.), configuration management and deployment tools (Ansible, ClearCase, Chef, Puppet, etc.) and command execution frameworks
- Familiarity with container based architecture and deployments (Docker, LXC, etc.)
- Interest in all aspects of software security research and development
- Ability to work effectively with technical and non-technical personnel in a cross-functional setting
- Experience leading implementation efforts of security initiatives and resolutions of any findings from internal or external assessments
- Experience identifying security risks and developing solutions to eliminate or minimize risks
- Experience with application logging integration, and products (Splunk, Log4J, Logstash, etc.)
- Experience performing requirements gathering, planning, designing, developing, testing, deployment, support and maintenance of front end and middle-tier applications for the Software Development Lifecycle (SDLC) using an Agile software development methodology
- Utilizing Scrum and/or Kanban model to implement complex software and product development, including sprint planning, daily stand-up, sprint demo, and sprint retrospective
- Performing internal controls, risk assessments, business process and internal IT control testing or operational auditing
- Knowledge in one or more Application Security related disciplines, e.g., Secure Coding, Cryptography, Penetration Testing, Vulnerability Assessment, Static and Dynamic Application Security Testing, etc.
- Knowledge of Risk Controls framework, and Audit procedures (27000/1/2, NIST 800-53/171, DFARS, etc.)
- Experience developing secured software applications using security concepts, including WS-security (for authentication), SSL (Secure Socket Layer for confidentiality and integrity), TLS (Transport Layer Security), HTTPS, and LDAP that provide both authentication and authorization level security features
- Experience developing complex distributed systems using cloud computing IAAS (Infrastructure as a service)
- Experience with Linux operating system and development tools
- Experience with relational and non-relational databases. Database knowledge and experience using Cassandra, Mongo, and PostgreSQL
- Familiarity with application tools including Jenkins (continuous integration of applications), Jasmine and Karma (unit testing of front end applications), and TestNG & Java Mockito (testing java based applications)
- Experience utilizing development tools including Spring tool suite (Java web services development), Node.js and Grunt & Bower (front end applications development), and Eclipse, Sublime, IntelliJ & STS IDE used for development
- Experience with testing web services utilizing Soap UI and Postman
- Experience working in the front end (HTML/CSS/JS) and any frameworks like Bootstrap or Angular
- Experience with messaging frameworks like Apache Kafka
- Experience developing applications deployed on a public cloud (Azure or AWS)
- Experience with securing iOS and Android applications
- Experience with Agile processes (Scrum and Kanban) and Agile tools (JIRA, TFS, etc.)
- Excellent verbal and written communication skills with ability to communicate risk assessments and complex technical concepts to both technical and non-technical audiences
- Excellent interpersonal and leadership skills
- Excellent influencing and reasoning skills; good at conflict resolution and consensus building
- Self-motivated and results-oriented
- CISSP, CSSLP, and CCSP certifications desirable
How you'll grow
At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there's always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. Explore Deloitte University, The Leadership Center.
At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.
Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte.
Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte's impact on the world.
We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you're applying to. Check out recruiting tips from Deloitte professionals.
Requisition code: E17NAT060KS019-ARTC
See Inside the Office of Deloitte
One of the largest professional services organizations in the U.S., Deloitte delivers innovative solutions to the complex business problems facing companies around the world. Deloitte offers rewarding careers in four businesses—audit, tax, consulting, and financial advisory. Widely recognized for its inclusion initiatives, Deloitte is committed to building a workplace environment that allows people from all generations, ethnicities, and cultures to be their authentic selves.
Back to top