Deloitte US

Position Summary

Are you interested in working in a dynamic environment that offers opportunities for professional growth and new responsibilities? If so, Deloitte & Touche LLP could be the place for you. Traditional security programs have often been unsuccessful in unifying the need to both secure and support technology innovation required by the business. Join Deloitte's Advisory Cloud Cyber Services team and become a member of the largest group of cybersecurity professionals worldwide.

Work you’ll do

As a Cloud Security Senior Consultant, you will be at the front lines with our clients supporting them with their Cloud security needs specifically helping them navigate the journey to the cloud on the Microsoft Azure platform. This will include:

• Functioning as senior onshore engineer/consultant for Azure Security projects across 8 key Azure cyber domains: Governance, Identity, Application Security, PaaS security, Infrastructure security, Security Monitoring, Resilience and Data protection
• Conducting cloud security analysis, recommendations and configurations of prospective clients’ Microsoft Azure platforms and environments based on Cyber Risk Frameworks such as NIST CSF. This can include Microsoft’s cloud solutions such as Entra ID, Azure infrastructure (compute/networking/storage), Azure data protection, Azure security monitoring and Azure PaaS service configurations.
• Performing technical health checks for these Azure cloud platforms/environments prior to broader deployments.
• Function as an expert in CNAPP, CWPP and CSPM technologies and security risk frameworks relevant to cloud as well as the Microsoft Cloud Security Benchmark
• Perform technical health checks for these Azure cloud platforms/environments prior to broader deployments including DevSecOps and CI/CD pipelines
• Supporting proof of concept and production deployments of Azure cloud technologies and Microsoft security capabilities.
• Assisting clients with transitions to using Microsoft Azure cloud services such as tenant setup and service configuration, focused on cloud cyber risk mitigation. Additional technologies include: Azure Networking technologies, Microsoft MFA, SSO, Conditional Access, PIM, Microsoft Defender for cloud, Azure Policy, Azure Key Vault, Azure Sentinel and Azure Monitor.
• Assisting clients with configuration and delivery of cloud security and compliance reports.
• Providing technical support for Azure, Entra ID and third-party security services and resolving service-related issues through research and troubleshooting and working with Microsoft and third-party vendors.
• Implementation of industry leading practices around Azure, Entra ID and cloud security services for clients.
• Designing security architectures for protecting Azure services across the Microsoft service stack and cybersecurity domains such as identity and access management, network and infrastructure security, data protection, DevSecOps and application security, logging and monitoring, and resilience.
• Designing and developing cloud-specific security policies, standards, and procedures e.g., Azure tenant, management group and subscription management and configuration, identity management and access control, firewall management, auditing and monitoring, security incident and event management, data protection (DLP, encryption), user and administrator account management, SSO, conditional access controls and password/key management.
• Troubleshooting Azure system level problems in a multi-vendor, multi-protocol network environment.
• Documenting Azure platform technical issues, analysis, client communication, and resolution as part of cyber risk mitigation steps.
• Executing on Azure and Entra ID cloud security engagements during different phases of the lifecycle – assess, design, and implementation & post implementation reviews.
• Implementing industry leading practices around Azure and Entra ID cyber risks and cloud security for clients.
• Providing internal Azure security technical training to Advisory personnel as needed.
• Leading client technical discussions and providing Azure security advise to clients.
• Execute on Azure security engagements during different phases of the lifecycle – Discover, Assess, Design, Deploy/Test, Hypercare/Handover.
• Implement industry leading practices around Azure cyber risks and cloud security for clients.
• Provide internal technical training to Advisory personnel as needed.
• Acting as a subject matter expert on Azure cloud cyber risk.
• Contribute to Point-of-Views (PoVs) on providing leading practices to our clients on the Azure security challenges they face

The team

Deloitte Advisory's Cloud Cyber Risk team helps complex organizations more confidently pursue their growth, innovation and performance agendas through proactive management of the associated cyber risks. Our professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient.^TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory’s Cyber Risk Services practice.

Required:

• 4+ years of experience in technical consulting, client problem solving, architecting and designing solutions in a consulting role with project leadership and/or architect experience in Azure; with a security focus strongly preferred
• 2+ years experience with the following technologies: Azure Policy, Terraform or other JSON constructs
• Minimum 2+ years of hands-on technical experience designing and implementing security solutions for leading Cloud service providers across SPI models and environments (Public, Private, Hybrid)
• 2+ years working experience designing cloud security architectures and strategies for enterprises
• Experience with Virtualization including security for at least one or more of the following: Compute, Network, Storage, End-point, Application
• 2+ years working with Cloud security industry standards such as Cloud Security Alliance (CSA), ISO/IEC 27017 and NIST CSF
• 2+ years working experience with Cloud security technologies/vendors (e.g., IAM, SIEM, IDS) and/or providers (e.g., Okta, CipherCloud, AlertLogic), a big plus
• 2+ years working with Cloud orchestration and automation (Continuous Integration and Continuous Delivery (CI/CD)) in single and multi-tenant environments
• 2+ years working with CNAPP, CSPM or CWPP technologies or planning for large-scale deployments of these technologies
• Experience designing IAM technologies and services
• Experience or strong working knowledge of managing enterprise security infrastructure and perimeter security appliances — e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology
• Experience with Azure data, analytics, or AI/ML services (Azure SQL, HDInsight, Databricks, Data Factory, Data Lake Storage, Azure Analysis Services, Synapse Analytics, Azure Machine Learning, etc.)
• Understanding of industry security standards, guidelines and regulatory/compliance requirements related to information security and cloud computing such as ISO 27001, ISO 27018, NIST CSF, NIST 800-53, PCI DSS, SOC2, HIPAA, PCI, SOX, GLBA, etc.

Additional Requirements:

• Ability to travel 50%, on average, based on the work you do and the clients and industries/sectors you serve
• Limited immigration sponsorship may be available.

Preferred:

• BA/BS Degree preferred. Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology
• Previous Consulting or Big 4 experience preferred
• Experience working with different Cloud platforms (Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS)) and environments (Public, Private, Hybrid) in a security role
• Experience implementing security solutions for Microsoft technologies
• Experience with enterprise-level security incident and event management (SIEM) implementation or operations
• Experience with Cloud security posture management tools (CSPM) and cloud-native application protection platforms (CNAPP)
• Experience with infrastructure automation (PowerShell, Terraform)
• Experience with containerization (Kubernetes, Docker)
• Microsoft Certifications such as: Az-500 Azure Security Engineer, AZ-204 Azure Developer Associate Certification, (SC-900, SC-100, SC-200, SC-300, SC-400
• Cyber Certifications such as: CCSP, CCSK, CISSP, CCNP, and CCNA.

Information for applicants with a need for accommodation: https://www2.deloitte.com/us/en/pages/careers/articles/join-deloitte-assistance-for-disabled-applicants.html

The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $102,529 -$197,863.

You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.