With a history stretching back almost two centuries, Deloitte has built a reputation as trusted advisors to some of the world’s biggest household names. We are also the partner-of-choice for some of the largest cloud providers and software vendors, using modern technology to do meaningful work.
The Deloitte Cyber Security team aims to be leaders in the DevSecOps arena. We work in a broad range of industry sectors with clients whom millions of people depend upon. They rely on us to help them build secure software in a secure fashion.
We are committed to building a diverse team of talented consultants who are passionate about the work they do. We deliver value to our clients, colleagues, and community in the way we plan, deliver, and reflect on our work, as a team. Therefore, we welcome applications from all backgrounds.
We believe that, to sustain a successful business model, we must equip our colleagues with the ability to improve. We also understand that the industry evolves at a lightning pace. As a result, we provide mentoring and training in a safe environment with empathetic and supportive feedback. Every member of the team receives nurturing on emotional intelligence, resilience, and self-awareness.
You will be assigned a dedicated career coach and benefit from our internal DevSecOps training curriculum with visible career pathways. This is so that we can provide meaningful and measurable progress to each member of the team.
All of the above are crucial investments that allow us to sustain our reputation for delivering high quality services.
We encourage consideration of flexible ways of working, both formal and informal arrangements that allow for the best outcomes for our people and our clients. If this opportunity is of interest to you with some flexibility, please do discuss with us.
As a Manager for DevSecOps you can expect to be involved in the following activities:
- Leading a team of consultants in delivering successful engagements to our clients.
- Ensuring the use of proven cyber security principles such as defence-in-depth and the principle of least privilege.
- Ensuring the use of Agile methodologies to deliver high-quality software on a dependable cadence.
- Building secure continuous integration and continuous delivery (CI/CD) pipelines.
- Implementing and managing the vulnerability management process.
- Directing threat modelling activities to identify potential vulnerabilities and implementing approaches to address them.
- Identifying, assessing and selecting software tools to test and verify the security of an application.
- Designing and building secure infrastructure in public, private and hybrid cloud scenarios using infrastructure-as-code tools.
- Building strong relationships with client stakeholders and maintaining open and clear channels of communication.
- Contributing to sales activity, through proposal documentation and technical demonstrations.
- Attaining industry-accredited certifications, particularly across cloud platforms such as GCP, AWS and Azure.
Your professional experience
- Experience of delivering technology solutions using Agile methodologies such as Scrum and Kanban.
- The ability to implement DevOps practices such as continuous integration and delivery (CI/CD). automated testing, infrastructure as code, site reliability engineering (SRE). and monitoring and alerting.
- A broad understanding of security practices such as penetration testing, threat modelling, vulnerability management, and static and dynamic application security testing.
- A thorough understanding of cyber security industry resources such as OWASP projects, vulnerability lists, NIST frameworks, CVEs, NCSC guidance, etc.
- Experience of architecting and/or implementing secure cloud computing solutions.
- A thorough understanding of the software development lifecycle (SDLC) as well as knowledge of the components of a secure SDLC.
- An appreciation of the platforms and tools commonly used in a modern software architecture, for example;
- Container orchestration tools such as Kubernetes and Docker Swarm
- Service mesh tools such as Istio and Hashicorp Consul
- Infrastructure as code tools such as Hashicorp Terraform and Ansible
- Configuration management tools such as Chef, Puppet and Ansible
- Monitoring and alerting tools such as Prometheus, Splunk, DataDog, etc.
The following attributes are essential:
- A willingness to work as part of a diverse team
- A commitment to continuous improvement and lifelong learning.
- A passion for technology and a drive to deliver secure, high-quality solutions.
- An open mindset, allowing you to collaborate with colleagues and contribute to the success of your team.
- Personable with excellent communication skills, both written and spoken.
- An ability to remain calm under pressure whilst continuing to pay attention to detail.
Your service line: Risk Advisory
In Risk Advisory, our thinking and actions give clients, our people and society the confidence to grow responsibly in a rapidly changing world. We don’t just work with our clients to manage risk, we help them understand and grab the opportunities it presents too, helping them gain a competitive advantage. Our expertise and industry knowledge run deep here. At Deloitte, you’ll find yourself working with some of the most inspiring and experienced colleagues and with clients who trust you to lead the way to smart choices, better control frameworks, and new systems, including bespoke solutions that have a direct impact on their bottom line.
For a full job description please visit our online Deloitte Careers portal.