Deloitte Senior Manager Dev Security Ops Architect in Nashville, Tennessee

Deloitte is one of the leading professional services organizations in the United States, specializing in audit, tax, consulting and financial advisory services with clients in more than 20 industries. We provide powerful business solutions to some of the world s most well-known and respected companies, including more than 75 percent of the Fortune 100.At Deloitte, you can have a rewarding career on every level. In addition to challenging and meaningful work, you ll have the chance to give back to your community, make a positive impact on the environment, participate in a range of diversity and inclusion initiatives, and find the support, coaching, and training it takes to advance your career. Our commitment to individual choice lets you customize aspects of your career path, your educational opportunities and your benefits. And our culture of innovation means your ideas on how to improve our business and your clients will be heard.Senior DevSecOps Architect DevOps COETechnology & Infrastructure - Office of the Deputy CIO for TechnologyNashville, TN - PreferredOVERVIEW The DevOps COE reports to the office of the Deputy CIO of Technology and is responsible for delivering cloud services which accelerate the delivery of both revenue-generating and internal applications. The DevOps COE flexes to support business-lead software development while bring to bear best practices which streamline and fully automate the release management pipeline. As the Sr DevSecOps Architect you will drive the security design and delivery for world-class cloud solutions for the office of the Deputy CIO of Technology. This includes spearheading the design of security patterns, practices, controls, and monitoring in the cloud architecture practice. You will have a heavy emphasis on developing end-to-end automated security monitoring and reporting solutions. Your responsibilities include partnering with cyber security experts, cloud architects, and strategic technology vendors to successfully design and implement cloud security solutions. You will be challenged to find approaches that enable rapid and secure adoption of new cloud services and the proper level of operational governance. RESPONSIBILITIES Be the primary interface with the cyber security organization as the security lead for cloud hosted products throughout the software development and operations lifecycleDesign, implement, and operationalize world-class end-to-end cloud security monitoring solutions that automate continuous compliance reportingDrive development of custom integrations of off-the-shelf security tools to meet the risk management needs of DeloitteDesign and implement cloud security patterns, practices, and controls that serve as the enterprise baseline for all cloud deployments and the DevOps/SDLC delivery modelBe the trusted security advisor for cloud initiatives by providing objective, practical and relevant ideas, insights and adviceDirectly support product owners, solution architects, developers, and hosting operations leads through hands-on technical security knowledge, integration, and development/coding Provide training and technical guidance to less experienced team members and internal peer teams. Partner with business and IT stakeholders to develop and drive cloud security strategy, roadmaps, and product delivery with a structured approach. Bachelor s degree in Computer Science, Business Information Systems or relevant experience and accomplishments.Strong experience securing multi-tenant cloud solutions with Microsoft Azure and Amazon AWS cloud services.8 years of experience implementing, integrating, and operating enterprise security tools at scale to support end-to-end automated compliance management.Developer background, strong experience with programming in at least one common object oriented language (Java, Python, C#, etc).Experienced in at least one scripting language, e.g., PowerShell, Python, Perl, JavaScript. 3 years of relevant Software Engineering experienceExperience with web application frameworks, API technologies, and micro services. Strong experience with design, installation/development, & configuration of security solutions. Strong experience with application logging integration, and products (Splunk, Log4J, Logstash, etc.). Strong experience with configuration management tools such as Ansible, Chef, or Puppet.Must understand Agile/SCRUM methodologies and have applied them on a Scrum team.Expertise in 2 or more Application Security related disciplines, e.g., Secure Coding, Cryptography, Penetration Testing, Vulnerability Assessment, Static and Dynamic Application Security Testing etc. Integration level knowledge of API Security Architecture, and technologies such as, OAuth2, Azure Active Directory, Multi-Factor Auth, WS-Security, WS-Trust, or XACML. Strong experience in cloud provider security architecture design patterns including network and availability for AWS and Azure. Strong experience with OWASP Web/API vulnerabilities and compensating controls (CSRF, XSS, SQLI, etc.). Strong experience with encryption fundamentals: PKI, Encryption, Digital Signatures, & Key Management. Knowledge of Risk Controls framework, and Audit procedures (27000/1/2, NIST 800-53/171, DFARS etc.). Excellent verbal and written communication skills with ability to communicate risk assessments and complex technical concepts to both technical and non-technical audiences. CISSP or related Security certification preferredExcellent influencing and reasoning skills; good at conflict resolution and consensus building.Ability to travel 25%.

About Deloitte

As used in this document, Deloitte means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Disclaimer: If you are not reviewing this job posting on our Careers site (careers.deloitte.com) or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at careers.deloitte.com.

Category: Information Technology