• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » Jobs » Global Security Application Analyst

Global Security Application Analyst

2020-02-28 by Geo

Global Sec Analyst Deloitte

Global Security Application Analyst – Deloitte Company – Location Princeton, NJ, US

Deloitte leads with purpose, solving complex issues for our clients and communities. Across disciplines and across borders, Deloitte Touche Tohmatsu Limited (DTTL) Global supports our network of national member firms by developing and driving global strategy, programs, and platforms, and creating new solutions and transformational experiences. Our people share a passion for igniting change and a strong service orientation that shapes our organization and those it supports.

The Deloitte Global Cybersecurity function is responsible for the firm’s overall objectives of enhancing data protection, standardizing and securing critical infrastructure and gaining cyber visibility through security operations centers. The Cybersecurity organization delivers a comprehensive set of cybersecurity services to Deloitte member firms through regional delivery hubs and a Global Fusion Center. We are seeking a Global Security Application Analyst to join the team.

The Global Security Application Analyst is a part of the Cybersecurity Architecture and Engineering team and reports to the DevSecOps Security Transformation Leader. This role focuses on partnering with the GTS Product Development & Solution Engineering teams’ leaders to create, implement and apply DevSecOps principles, processes and culture. They are also to provide subject matter expertise on DevSecOps, leading our engineering teams in building secure software and implementing security controls and tests in an Agile development environment. On the software side, the candidate is expected to advocate to the engineering teams advanced Cybersecurity, DevSecOps, and Agile engineering procedures such as secure coding practices, code reviews, quality engineering practices (i.e., unit, full – build, and security testing) and advanced requirement capturing techniques for improving end- to- end secure delivery practices. On the infrastructure side, the candidate will work to harden cloud infrastructure from attack s by implementing automated and integrated release cycles incorporated within the Agile Security Software Development Lifecycle’s ( S SDL) tools and processes . The candidate will strive to bring excellence and simplicity in DevSecOps design, adoption and implementation, acting as trusted cybersecurity advisor to the engineering teams across GTS and member firms.

As Part Of The Global Cybersecurity Team, This Professional

Strategic

  • Be responsible for day-to-day collaboration with the engineering teams to ensure successful implementation of secure coding practices and consistent automation and integration of the DevSecOps processes across Deloitte.
  • Supports and maintains the Secure Systems Development Lifecycle (SSDLC), including functional and non-functional cybersecurity requirements for all new applications
  • Works with the Cybersecurity Strategy and Governance group, to implement setup and updates in the cybersecurity assessment process
  • Works with global business functions (e.g. Tax, Audit, Consulting, Advisory) and Global Digital Application Studios (GDAS) to automate and integrate application and system cybersecurity assessments into their processes to ensure consistent implementation of security controls. Understands the impact these security controls have on the respective organizations and their ability to effectively deliver client services
  • Performs in-depth vulnerability management analysis and remediation prioritization for Global Digital Application Studios
  • Working with the Cybersecurity Architecture team, learns and applies reference architectures for security solutions design and implementation
  • Assists with the design and implementation of new technical cybersecurity shared services
  • Working with the Cyber Defense group and the Security Operations Center, evaluates the effectiveness of the security controls and architectures in relationship to actual intrusions seen on the Deloitte network, reported threats at peer organizations and overall cybersecurity threats in the internet ecosystem

Operational

  • Collaborates with the development studios to apply the best practices of secure engineering/ development/ coding to include, but not limited to cloud technology, internet servers, application whitelisting, virtualized containers and orchestration, web-enabled database applications and databases, network security, security engineering, data integrity, intrusion detection, firewall management, forensic and legal information security, virtual private networks, public key/infrastructure/digital signatures, encryption, network security architecture and DNS Policy.
  • Champions the Security Software Development Lifecycle (SSDLC) by discovering and raising security concerns in the existing development workflow and help development team to build security awareness and thinking into every stage of the software development process. Recognize security implications in the software/code acceptance phase, including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.
  • Develops automation and integration code (e.g., Java, .Net, Python, Visual Basic, PowerShell, Bash, C++, Django, JavaScript, HTML, CSS) to interact with Rest APIs and API driven security technologies to automate security tasks aimed at removing human errors and human inconsistencies and optimize the application workflow.
  • Participates in daily scrums of the agile software development teams he/she is supporting to address cybersecurity requirements.
  • Coordinates with teams across the enterprise on the migration of existing IT services to the cloud and identifies security technical requirements, potential problems and issues
  • Supports SOC and thread intelligence capabilities by customizing tools and automating processes for SOC and IR analysts.
  • Applies coding and testing standards, security testing tools (including fuzzing static-analysis code scanning tools), Identify common coding flaws, threat modelling, and conducts code reviews
  • Participates in application, network, and system design to ensure implementation of appropriate systems security policies, designs and implement systems security and data assurance

Relationship Management

  • Holds a strong working relationship with the GDAS development studios and supports their automation and integration efforts in evolving DevOps to DevSecOps
  • Works closely with the Shared Security Service Owners to ensure new IT solutions and major changes receive appropriate implementation, optimization, and testing prior to deployment into production
  • Works with the Global Business Services and Member Firm Services organizations to ensure new products and services follow the best practices for secure engineering and supports the automation and integration of such in the development CI/CD pipelines.

Expectations from The Professional
Our purpose is to make an impact that matters, and our aspiration is to be the undisputed leader in professional services. At the root of these goals are our Shared Values, which describe the distinctive Deloitte culture. Our Values are timeless, all-encompassing and embrace the cultures in which Deloitte member firms operate. We expect all professionals to live our purpose and shared values and be the brand ambassadors holding Deloitte Global and member firms together.

Integrity
At Deloitte, everything we do starts with integrity. In our marketplace, nothing is more important than our reputation and, accordingly, we commit to conducting business with honesty, distinctive quality, and high levels of professional behavior.

Outstanding value to markets and clients
We play a critical role in helping both the capital markets and our member firm clients operate more effectively. We consider this role a privilege, and we know it requires constant vigilance and unrelenting commitment.

Commitment To Each Other
We are proud of our culture of borderless collegiality and work hard to support our people. We strive to create an inclusive environment that reflects our strong, clear expectations about diversity, respect, and fair treatment.

Strength from cultural diversity
Our member firm clients’ business challenges are complex and benefit from the innovation and varied perspectives that our practitioners bring. We understand that working with people of different backgrounds, cultures, and thinking styles helps our people grow into better professionals and leaders.

Qualifications

Education

  • Bachelor’s degree in Computer Science, Computer Engineering, technology-related field, or equivalent work experience
  • Master’s degree preferred

Work Experience
Minimum of 5 years of combined experience in software engineering and DevOps/DevSecOps, preferably in an information security context

Certification

  • Relevant Dev and DevOps Certifications (e.g., AWS, DevOps Certs, RHCE, Docker, Kubernetes) are strongly desirable, but not required
  • Relevant technical certification preferred (CISSP-ISSEP, CEH, CCNP Security, GSEC)

Skills – Abilities

  • Django, JavaScript, HTML, CSS, etc.
  • Previous professional experience with performing integrated quality assurance testing for security functionality and resiliency to attacks.
  • Previous professional experience with secure programming and identifying potential flaws in codes to mitigate vulnerabilities.
  • Good understanding of common security practices (e.g., penetration testing) and how they impact the implementation of DevSecOps automation.
  • Ability to translate traditional SDLC approach (plan, code, build, test, release, deploy and monitor) to the phases of agile development when writing software to automate security related tasks.
  • Advanced technical skills and experiences with Cloud Service (AWS, Azure, Google), continuous delivery systems and enhancing security processes and operations through automation.
  • Hands-on experience with containerization, orchestration, and advanced techniques in Cloud infrastructure management (e.g., Infrastructure as Code, immutable infrastructure, Configuration as Code, etc.)
  • Advanced knowledge of Source Code Management concepts (code lines, branching, merging, integration, versioning, etc.)
  • Advanced working knowledge of the following: Encryption algorithms, secure communications, network and data communication protocols.
  • Excellent problem solving, analytical skills and technical troubleshooting skills
  • Ability to collaborate with customers/stakeholders, developers, testers, project managers, support staff
  • Extensive experience acquiring in-depth understanding of large complex software systems to isolate defects, reproduce defects, assess risk, and understand varied customer deployment
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels
  • Good knowledge of key cybersecurity technologies such as application security design principles, authentication and authorization models, secure coding, application and penetration testing, encryption, vulnerability management, and security information and event management (SIEM)
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework
  • Ability to travel as needed (no more than 15%)

Useful Computer Science and Data Science Skills

  • IBM Data Science Professional Certificate by IBM
  • Java Programming and Software Engineering Fundamentals Duke University
  • Mathematics for Machine Learningby Imperial College London
  • Cloud Computing by University of Illinois
  • Data Mining by University of Illinois
  • Applied Data Science with Python by University of Michigan
  • Data in Database by Arizona State University
  • Financial Management by University of Illinois
  • Financial Reporting by University of Illinois

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status, or any other legally protected basis, in accordance with applicable law.

LinkedIn Apply

Disclaimer: Nothing in this job description/posting shall constitute an offer or promise of employment. If you are not reviewing this job posting on our Careers’ site (jobs2.deloitte.com) or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at jobs2.deloitte.com

Requisition code: D58313

Filed Under: Jobs

About Geo

Geo Dvorak has experience in the privacy space, with a focus on highlighting the growing market for privacy professionals. He joined the Ask Cyber team to handle the jobs board.


Twitter

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version