Deloitte Application Vulnerability Security Tester (DAST/SAST) - Solution Consultant in Rosslyn, Virginia
Are you an experienced, passionate pioneer in technology - a solutions builder, a roll-up-your-sleeves technologist who wants a daily collaborative environment, think-tank feel and share new ideas with your colleagues - without the extensive demands of travel? If so, consider an opportunity with our US Delivery Center - we are breaking the mold of a typical Delivery Center.
Our US Delivery Centers have been growing since 2014 with significant, continued growth on the horizon. Interested? Read more about our opportunity below ...
From our centers, we work with Deloitte consultants to design, develop and build solutions to help clients reimagine, reshape and rewire the competitive fabric of entire industries. Our centers house a multitude of specialists, ranging from systems designers, architects and integrators, to creative digital experts, to cyber risk and human capital professionals. All work together on diverse projects from advanced pre-configured solutions and methodologies, to brand-building and campaign management. We are a unique blend of skills and experiences, yet we underline the value of each individual , providing customized career paths, fostering innovation and knowledge development with a focus on quality. The US Delivery Center supports a collaborative team culture where we work and live close to home with limited travel.
Work you'll do:
Responsible for deploying, configuring, and maintaining security baselines within the Cloud Infrastructure DevOps team.He/she should be able to set up and manage access to cloud resources using accounts, users, and groups. He/she should be knowledgeable about potential vulnerabilities of virtual machines and container deployment systems. Should have the experience with DevOps. Understands the division of responsibility for designing and maintaining a secure cloud environment.
The ideal candidate should have a foundation across cloud services and the ability to communicate security and risk-related concepts.
A history of delivering secure architectures in a federal environment
Strong knowledge of industry trends in security technology
Excellent communication skills and the ability to partner and collaborate with both engineers and business users on architecture vision and security model
Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future
Travel up to 15%
2+ yrs. of experience on commercial and open source tools Veracode, Burpsuite, OWASP ZAP, Fortify SCA
Proven experience in identifying and exploiting business logic and framework related vulnerabilities in analyzing dynamic scan Webinspect, analyzing static scan Fortify SCA, Appscan reports
Knowledge of Secure SDLC and Security standards like OWASP, CWE, NIST, OSSTMM 5 Penetration Testing
Exposure to Web and/or Application Security
Experience using WebInspect, Fortify SCA, Appscan, Burpsuite etc.
Relevant Industry/Cyber Security Certification (examples: CEH, GCIH, Security+, CASP, CISSP, CISA)
Working knowledge of FQDN, TCP/IP
Practical experience with a Scripting Language - RegEx, JS, Perl, SQL, .NET, etc. (A must have for SAST and preferred for DAST)
How you'll grow
At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there's always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.