Security Engineer
Role details
Job location
Tech stack
Job description
We are a team of cyber security architects and engineers working within the wider Deloitte Technology and Transformation practice, securing technology capabilities that our clients in the Financial Services industry deploy, for example, ERP solutions, HR solutions, industry-specific applications, core banking platforms, and core insurance platforms.
We also help architect and engineer standalone cyber security solutions, such as cloud security and platform capabilities, data loss prevention technologies, DevSecOps pipelines, and solutions in the Zero Trust networking space.
We are seeking skilled security engineers to join the team. The ideal candidate will have a background in designing, implementing, integrating, and operating cyber security solutions that help protect our clients. Our projects vary greatly and your responsibility as a Security Engineer will differ based on the focus of the client engagement and your skillset, but this could include:
- Designing and building secure infrastructure in public, private and hybrid cloud environments, using infrastructure-as-code.
- Designing and building secure CI/CD pipelines, integrating the latest security technologies and checks.
- Designing and building a range of security tooling, across endpoint protection, vulnerability scanning, network security, cloud security posture management, and security information event management (SIEM).
- Operating Secure by Design (SbD) procedures and producing required artefacts such as security impact assessments.
- Inputting into security architectures and solution designs.
- Designing security controls and suggesting improvements on configurations of critical control such as WAF, firewalls, compliance monitoring, and alerting.
- Conducting risk assessments and scoping vulnerability assessments to identify potential security threats and vulnerabilities.
- Helping clients create security technology roadmaps, which provide realistic efforts estimates for engineering tasks.
- Staying up to date with emerging security threats, technologies, and industry best practices, and providing recommendations for improvement.
Requirements
Successful applicants typically have a degree or equivalent experience, with real world experience working in cyber security. They are agile thinkers capable of helping stakeholders manage a range of security challenges.
Key skills - not every candidate requires all of these but should be familiar and/or have experience with a majority of these:
- Hands-on experience configuring one or more public cloud environments (AWS, Azure, GCP).
- Hands-on experience with CI/CD tooling.
- Proficiency with infrastructure-as-code, e.g. Terraform.
- Proficiency with programming / scripting languages (e.g. Python, Bash, PowerShell).
- Experience building and deploying micro services-based applications.
- Experience with security technologies, for example Firewalls, Intrusion Detection/Prevention Systems, Vulnerability Scanning, WAFs, CASBs, SIEMs, and CSPMs.
- Experience inputting into and/or creating security architectures and designs.
- Understanding of security principles and the ability to assess alignment of controls to these principles.
- Ability to analyse and capture risk statements including references to likelihood, impact and mitigations.
- Ability to frame technology and process level risk in business and operational terms.
- Understanding of security controls and industry frameworks.
- Understanding of regulatory and compliance requirements.
- Understanding of Agile, SCRUM and Continuous Delivery., * Bachelor's or master's degree (or equivalent) in information technology, Cybersecurity, computer science or a related field, or equivalent work experience.
- Certifications or other knowledge of cloud environments and their security controls available (AWS, Azure or Google).
- Certifications from industry-leading security vendors and/or cloud providers would be desirable.
About the company
Deloitte drives progress. Our firms around the world help our clients become market leaders wherever they compete. Deloitte invests in outstanding people with diverse talents and backgrounds, empowering them to achieve more than they can elsewhere. Our work combines consulting with action and integrity. We believe that when our clients and society are stronger, so are we.