Deloitte US

Are you interested in improving the cyber and organizational risk profiles of leading companies? Do you want to build the data foundations that power the next generation of AI-enabled cyber defense?

If yes, then Deloitte’s Cyber team could be the place for you.

We are looking for a hands-on Data Engineer to build and operate the governed data foundations powering cyber risk, compliance evidence, and agentic AI-enabled cyber workflows. You will design production-grade pipelines and services that support risk reporting, continuous controls monitoring, and AI-assisted security operations—built with strong governance, lineage, privacy-by-design, and audit-ready evidence.

This role is ideal for engineers who can bridge modern data engineering and software development with Governance, Risk, and Compliance (GRC) expectations in regulated enterprise environments.

Recruiting for this role ends on 5/31/2026.

Work You’ll Do

As a Senior Consultant, you will design, build, and run trusted data and AI foundations that enable cyber risk and compliance outcomes, including:

•         Building scalable batch and stream processing pipelines that ingest security telemetry, control evidence, and compliance artifacts into governed data stores (lakehouse/warehouse).

•         Designing data models for risk and controls domains (KRIs, issues/defects, risk acceptance, control testing outcomes, audit evidence, policy exceptions) and enabling self-service analytics and dashboards.

•         Implementing data quality checks, lineage, metadata, and access controls to support auditability, regulatory defensibility, and repeatable evidence generation.

•         Developing AI-enabled capabilities that accelerate GRC and cyber operations—such as evidence summarization, control testing assist, policy Q&A, investigation copilots, ticket triage, and exception reasoning—using agentic patterns including tool/function calling, workflow orchestration, and Retrieval-Augmented Generation (RAG).

•         Engineering secure integrations between data platforms, GRC workflows, and enterprise systems (APIs, event patterns, connectors), with observability and runbooks for production support.

•         Partnering with Cyber, Risk, Compliance, Privacy, and Legal stakeholders to translate requirements into implementable controls and developer-ready guardrails.

Technologies You’ll Work With

•         Languages & Frameworks: Python, SQL, Java/Go/JavaScript; LangChain/LangGraph, CrewAI, AutoGen, Semantic Kernel

•         Data & AI Platforms: Vector databases (Pinecone, Weaviate, Elastic), Knowledge Graphs, RAG pipelines, LLMOps/MLOps tooling

•         Cloud & Infrastructure: AWS, Azure, or GCP; Kubernetes, Docker, Terraform/IaC, GitOps CI/CD

•         GRC & Security: ServiceNow GRC, Archer, OneTrust, BigID; SIEM/SOAR data, vulnerability data, identity logs

The Team

You will join a cyber engineering team focused on enabling resilient, secure, and compliant operations through modern data platforms and AI-enabled automation. The team builds repeatable assets—reference architectures, accelerators, and governance patterns—to help clients modernize and scale cyber and GRC programs.

Qualifications

Required

•         Bachelor’s degree or equivalent practical experience.

•         4+ years of hands-on experience in data engineering and software development (Python and SQL required).

•         Demonstrated experience building production data pipelines and data models (batch and/or streaming) with strong engineering discipline (CI/CD, testing, monitoring, incident response).

•         Demonstrated experience implementing governance controls in data and AI systems: data classification, PII handling, least-privilege access, encryption/secrets, retention, audit logging, and lineage/metadata.

•         Experience supporting GRC workflows and evidence needs (risk reporting, audit data requests, controls monitoring/testing, compliance metrics, or GRC tooling integrations).

•         Practical experience building agentic or LLM-enabled applications in enterprise settings (RAG, vector/hybrid retrieval, tool/function calling, evaluation/monitoring, prompt-injection defenses, and secure access patterns).

•         Experience with one or more major cloud platforms and modern deployment patterns (containers, IaC, secured APIs, secrets management).

•         Ability to travel 0–25%, on average, based on client and project needs.

•         Limited immigration sponsorship may be available.

Preferred

•         Previous consulting or Big 4 experience.

•         Hands-on experience with Java, Go, or JavaScript a plus.

•         Experience integrating with governance and privacy platforms (e.g., ServiceNow GRC, OneTrust) and building evidence pipelines that map to control objectives.

•         Experience with security telemetry pipelines (SIEM/SOAR data, vulnerability data, identity logs, cloud security posture findings).

•         Experience operationalizing LLMOps/MLOps capabilities (evaluation, monitoring, versioning, governance workflows).

•         Security certifications (Security+, CISM, CISA, CISSP, cloud certifications) or equivalent experience building secure systems.

•         Experience working with cross-functional stakeholders and translating control requirements into implementable engineering tasks.