Deloitte Jobs

Job Information

Deloitte Cloud DevSecOps Engineer - Secure-by-Design Manager in Boston, Massachusetts

Are you interested in working in a dynamic environment that offers opportunities for professional growth and new responsibilities? If so, Deloitte & Touche LLP could be the place for you. Traditional security programs have often been unsuccessful in unifying the need to both secure and support technology innovation required by the business. Join Deloitte's elite Secure by Design team and become a member of the largest group of cybersecurity professionals worldwide.

Work you'll do

As a Secure-by-Design Manager, you will be at the front lines with our clients supporting them with their DevSecOps needs helping them embed security throughout their development lifecycles by implementing industry leading practices around cyber risk, application security, and cloud security. You will:

  • Lead the assessment, proof of concept, deployment, management, and operations of Deloitte's Secure-by-Design Architecture into our client's environments

  • Automate CI/CD pipeline with infrastructure and security testing tools

  • Develop custom integrations between technologies using various methods

  • Lead security reviews and enhancements for IaaS, PaaS and SaaS, containers, and other virtualization technologies in line with its related security trends.

  • Coordinate current state analysis efforts of an organization's system security controls and measures against industry leading security standards and provide recommendations for enhancement

  • Execute on DevSecOps security engagements during different phases of the lifecycle - assess, design, and implementation.

  • Liaison between technical teams and executive level professionals to relay engagements results and issues.

  • Provide technical and administrative oversight and guidance to junior members of the team while performing technical operations.


  • 7+ years information technology and/or information security experience

  • 5+ years of hand-on DevSecOps or application security experience

  • 2+ years of hands-on technical experience with at least one cloud platform in security or infrastructure implementation and operations

  • 2+ years of experience in an enterprise-level customer delivery services role

  • Experience with various public cloud components and architectures with Azure / AWS strongly preferred

  • Experience with automation/configuration management tools such as Chef, Puppet, or similar technologies

  • Experience with Infrastructure as Code, using CloudFormation, Terraform, or other tools

  • API programming or other software development experience

Additional Requirements:

  • Travel up to 50% (While 50% of travel is a requirement of the role, due to COVID-19, non-essential travel has been suspended until further notice).

  • Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.

  • Identify opportunities to improve services delivered to our clients and engagement profitability.

  • Experience with leading multiple distributed teams across different geographies.

  • Participate in and actively support mentoring relationships within practice.

  • Excellent teamwork and interpersonal skills.


  • BA/BS Degree ideally in Computer Science, Cyber Security, Information Security, Engineering or Information Technology

  • Certifications such as: CISSP, CCSP, AWS/Azure Security/DevOps/Professional Certifications.

  • Experience in creating a vision and authoring the design of cyber programs and methodologies

  • Experience teaching and certifying personnel to achieve goal-oriented training objectives

  • Knowledge of security and privacy-related industry standards and frameworks such as BSIMM, OWASP, NIST SP 800-115, NIST CSF, ISO 27001/2, CIS, etc.

  • Knowledge of a variety of application technologies, platforms, services and languages to find flaws and exploits such as: SQL Injection, Authentication, Privilege Escalation, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Business Logic Bypass Concrete

  • Understanding of security protocols, cryptography, authentication, authorization, and event monitoring

  • A strong working knowledge of current IT risks, technologies, security implementations, and computer operating and software programs

  • Understanding of cloud asset security hardening protocols and requirements

  • Knowledge of cloud infrastructure-as-code and security controls thereof

  • Excellent writing and verbal communication skills

  • Strong project management and organizational skills

  • Knowledge of business process, user provisioning process, and security maintenance processes

The team

Deloitte Advisory's Cyber and Strategic Risk team helps complex organizations more confidently pursue their growth, innovation and performance agendas through proactive management of the associated cyber risks. Our professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient. TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory's Cyber Risk Services practice.

How you'll grow

At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there's always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. Explore Deloitte University, The Leadership Center.


At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.

Deloitte's culture

Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte.

Corporate citizenship

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte's impact on the world.

Recruiter tips

We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you're applying to. Check out recruiting tips from Deloitte professionals.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.