Deloitte Information Security, Risk, Governance Analyst in Nashville, Tennessee
Deloitte is one of the leading professional services organizations in the United States, specializing in audit, tax, consulting and financial advisory services with clients in more than 20 industries. We provide powerful business solutions to some of the world s most well-known and respected companies, including more than 75 percent of the Fortune 100.At Deloitte, you can have a rewarding career on every level. In addition to challenging and meaningful work, you ll have the chance to give back to your community, make a positive impact on the environment, participate in a range of diversity and inclusion initiatives, and find the support, coaching, and training it takes to advance your career. Our commitment to individual choice lets you customize aspects of your career path, your educational opportunities and your benefits. And our culture of innovation means your ideas on how to improve our business and your clients will be heard.Deloitte Services LP includes internal support areas such as Marketing and Communications, Human Resources/Talent, Information Technology, Facilities Management, and Financial Support Services. Information Security, Risk, Governance AnalystPreferred Locations: Hermitage/Nashville, TN Office The key job responsibilities include the following:Conduct web and mobile application security vulnerabilities assessments (review designs, perform pentest, code review, and security checks) through the use of scanning tools / manual checks and notify the appropriate team to take necessary action. This may include defining the security controls and parameters that will be measured. An understanding of current web application development languages is necessary to communicate compensating controls and potential remediation activities.Work jointly with Development Teams, Architects and Cyber Defense teams to periodically review application code and be able to define security posture of applications and back-end systems.Assist with application security penetration testing activities, including scheduling, resources, tool execution, and reporting.Independently design, recommend, plan, develop and support implementation of project-specific security solutions to meet tactical, and control requirements.Develop reports using data that is hosted in multiple sources (e.g. spreadsheets, databases) and communicate clearly to management and other team members.Identify potential security exposures that may currently exist or may pose a potential future threat to the U.S. Firm s applications. Ensure Cyber Defense management is notified when these exposures are identified, as well as a proposed solution for remediation. Required Qualifications:Application development experience, preferably in languages Java, ASP.NET, Swift, Xamarin, othersStrong understanding of Web applications, API s, and industry security standards and frameworks (e.g. OWASP Top 10, SANS 25 Top Vulnerabilities, OSSSTM)Knowledge on Python or PowerShell scriptingPrevious experience with Tenable (Nessus or Security Center), Kali Linux, Burp Suite, OWASP ZAP, or Metasploit is a plus.Experience in vulnerability research, malware analysis and exploits writing is a plus.Basic Understanding of Linux required.Basic understanding of Cloud Infrastructure and Cloud Security3 years of information security experience, preferably in the areas of application security, application development, vulnerability scanning, or penetration testing.Familiar with and able to apply time-proven, generally-accepted security methods, concepts and techniques as they relate to the Deloitte U.S. Firms.Strong negotiation skills and ability to interact effectively with direct managers and staff in both technical and business roles. Able to defuse situations, work around defensive attitudes, and deal with diverse personalities to achieve assignment objectives.Solid understanding of networking (WAN, LAN, wLAN), network domains (Internet, intranet, DMZ), communication techniques/protocols (IP and others), and their combined effects on network and host systems security.Ability to learn and retain new skills as required meeting a changing technical environment.Ability to travel occasionally (up to 25%), including international travel.Ability to occasionally work non-standard shifts and/or on-call to support the requirements of the organization.Good written and verbal communication skills, fluent English. Education and Certifications Bachelor s degree in computer science, Business Administration or equivalent educational or professional experience and/or qualifications. An advanced degree is also preferred.Possession of OSCP, GWAPT, GPEN, CEH and/or other ethical hacking certifications preferred.
As used in this document, Deloitte means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.
Disclaimer: If you are not reviewing this job posting on our Careers site (careers.deloitte.com) or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at careers.deloitte.com.
Category: Information Technology