Deloitte DevOps and Security Software Eng. Lead in Morrisville, North Carolina

Deloitte is one of the leading professional services organizations in the United States, specializing in audit, tax, consulting and financial advisory services with clients in more than 20 industries. We provide powerful business solutions to some of the world s most well-known and respected companies, including more than 75 percent of the Fortune 100.At Deloitte, you can have a rewarding career on every level. In addition to challenging and meaningful work, you ll have the chance to give back to your community, make a positive impact on the environment, participate in a range of diversity and inclusion initiatives, and find the support, coaching, and training it takes to advance your career. Our commitment to individual choice lets you customize aspects of your career path, your educational opportunities and your benefits. And our culture of innovation means your ideas on how to improve our business and your clients will be heard. About Deloitte Advisory s Advanced Risk Technology Center (ARTC) Advanced Risk Technology Center (ARTC) at Deloitte Advisory is a newly formed technology delivery house for the Deloitte Advisory practice with more than $4 billion annual revenue. Our mission is to deliver cutting edge, vulnerability-free technology solutions to our worldwide customer base. We are looking for a skilled Software Security Engineer to analyze software concepts, designs, and implementations from a security perspective, and identify and resolve security issues. Work you ll do: In this effort, you will utilize the appropriate software security analysis, design, defense, and countermeasures at each phase of the software development lifecycle that will result in robust and reliable software deliveries. The ideal candidate will be highly creative, self-motivated, and excel in a diversified fast-paced environment. You will design and develop some of the core software security features for the Deloitte Advisory ARTC and help architect the security capabilities using modern design approaches for backend, frontend, API services, data retrieval, distributed computing, data storage, and analytics solutions on Cloud platforms. Implement, test and operate advanced software security techniques in compliance with technical reference architecturePerform on-going code review and security testing to improve software securityIdentify, highlight, and provide security recommendations during requirement and design reviewsTroubleshoot and debug software security issuesProvide engineering designs for new software solutions to help mitigate security vulnerabilitiesContribute to all levels of the architecture by conducting effective design reviewsMaintain technical documentationConsult team members on secure coding practices and advocate secure software development practices by acting as the ARTC secure software championDevelop and manage the ARTC secure software development practice policyDevelop familiarity with new software security tools and best practices; follow and evaluate industry trends and breakthroughsEnsure that the security best practices are followed throughout product development lifecycleBe a key player in the vulnerability management process. Categorize and track the software vulnerabilities and ensure fixes are applied as per the vulnerability policyDevelop custom integrations for off-the-shelf security tools to meet risk management needsTrack open issues and follow up with different teams within the organization to address themProvide and meet time estimates for assigned deliverablesManage teams and resources as required; provide technical guidance to internal peer teamsDirectly support product owners, solution architects, developers, and hosting operations leads through hands-on technical security knowledge, integration, and development/coding Qualifications:Bachelor s degree in computer science or equivalent field of study. Master degree is preferred.Minimum 5 years direct experience in secure software development and software security.Understanding of Cloud application architecture and security issuesExperience with security assessment tools and productsFoundation in and in-depth technical knowledge of secure software engineering, computer and network security, authentication, security protocols and encryption fundamentals: PKI, Encryption, Digital Signatures, & Key ManagementExperience with design, installation, development, & configuration of security solutionsHands on experience developing, diagnosing for performance and scalability in the secure software contextStrong test-driven approach to writing codeExperience using scripting languages (Ruby, Python, etc.), configuration management and deployment tools (Ansible, ClearCase, Chef, Puppet, etc.) and command execution frameworksFamiliarity with container based architecture and deployments (Docker, LXC, etc.)Interest in all aspects of software security research and developmentAbility to work effectively with technical and non-technical personnel in a cross-functional settingExperience leading implementation efforts of security initiatives and resolutions of any findings from internal or external assessmentsExperience identifying security risks and developing solutions to eliminate or minimize risksExperience with application logging integration, and products (Splunk, Log4J, Logstash, etc.)Experience performing requirements gathering, planning, designing, developing, testing, deployment, support and maintenance of front end and middle-tier applications for the Software Development Lifecycle (SDLC) using an Agile software development methodologyUtilizing Scrum and/or Kanban model to implement complex software and product development, including sprint planning, daily stand-up, sprint demo, and sprint retrospectivePerforming internal controls, risk assessments, business process and internal IT control testing or operational auditingKnowledge in one or more Application Security related disciplines, e.g., Secure Coding, Cryptography, Penetration Testing, Vulnerability Assessment, Static and Dynamic Application Security Testing, etc. Knowledge of Risk Controls framework, and Audit procedures (27000/1/2, NIST 800-53/171, DFARS, etc.)Experience developing secured software applications using security concepts, including WS-security (for authentication), SSL (Secure Socket Layer for confidentiality and integrity), TLS (Transport Layer Security), HTTPS, and LDAP that provide both authentication and authorization level security featuresExperience architecting, designing and developing SOA (service oriented architecture) and micro services utilizing JAVA-based technologies including Soap/Restful Web Services, JavaScript, AngularJs and JMS used as java messaging services, and XML/JSON used for message exchangeExperience developing complex distributed systems using cloud computing IAAS (Infrastructure as a service)Experience with Linux operating system and development toolsExperience with relational and non-relational databases. Database knowledge and experience using Cassandra, Mongo, and PostgreSQLFamiliarity with application tools including Jenkins (continuous integration of applications), Jasmine and Karma (unit testing of front end applications), and TestNG & Java Mockito (testing java based applications)Experience utilizing development tools including Spring tool suite (Java web services development), Node.js and Grunt & Bower (front end applications development), and Eclipse, Sublime, IntelliJ & STS IDE used for developmentExperience with testing web services utilizing Soap UI and PostmanExperience working in the front end (HTML/CSS/JS) and any frameworks like Bootstrap or AngularExperience with messaging frameworks like Apache KafkaExperience developing applications deployed on a public cloud (Azure or AWS)Experience with securing iOS and Android applicationsExperience with Agile processes (Scrum and Kanban) and Agile tools (JIRA, TFS, etc.)Excellent verbal and written communication skills with ability to communicate risk assessments and complex technical concepts to both technical and non-technical audiencesExcellent interpersonal and leadership skillsExcellent influencing and reasoning skills; good at conflict resolution and consensus buildingSelf-motivated and results-orientedCISSP, CSSLP, and CCSP certifications desirable How you ll growAt Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there s always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. Explore Deloitte University, The Leadership Center. BenefitsAt Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits.Learn more about what working at Deloitte can mean for you. Deloitte s cultureOur positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenshipDeloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte s impact on the world. Recruiter tipsWe want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you re applying to.Check out recruiting tips from Deloitte professionals. #LI:PTY

About Deloitte

As used in this document, Deloitte means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Disclaimer: If you are not reviewing this job posting on our Careers site (careers.deloitte.com) or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at careers.deloitte.com.

Category: Information Technology