Job Specifications
Can’t wait to make an impact on the world? You’re not alone. Join us in driving progress in the working world and beyond.
Your journey with us
As a technical senior consultant in our cyber team, you will be involved in local and international projects to design, implement and operate cybersecurity capabilities for our clients. You will be part of a team of seasoned cyber security professionals where inclusive leadership, continuous learning and coaching culture is considered an essential part of who we are.
As a cybersecurity consultant, you will address diverse challenges for our clients, spanning a wide range of scenarios. Your work will primarily be project-based, varying from short-term assessments (e.g. two-week projects) to longer-term engagements focused on developing new capabilities (e.g. spanning multiple months). Additionally, you may assume an embedded role within a client's environment, functioning as an integral part of their team for extended periods, typically spanning several months.
In your role you will focus mainly on preventative and detective cybersecurity capabilities, in other words “the blue team”, such as:
Vulnerability management: through various assessments discover technical vulnerabilities in large enterprise environments, on both on-premise and cloud assets, and help organizations to manage their risk. This includes prioritizing vulnerabilities based on business risk, working together with asset owners, and reporting progress towards senior leadership.
Asset management: you can’t protect what you don’t know you have, so a fundamental part of cybersecurity is having good visibility on your IT/OT landscape. Asset management focuses on providing that visibility.
Detection and response: building, operating and improving cyber threat detection and incident response capabilities that enable the detection of incidents via centralised logging, advanced threat detection, automation, and security analytics.
Cybersecurity analytics and reporting: by combining various outputs of security and IT tools together you will create valuable insights that provide a factual view on the environment. This is done through dashboards and reporting to various stakeholders.
Various other capabilities and controls: privileged access management, network security, applications security, risk assessments, etc.
Within the Deloitte cyber team, we collaborate across sub-teams, depending on the active projects and the challenges of our clients we also help in other cybersecurity domains (e.g. cyber strategy, incident response, monitoring and detection, etc.).
Your role will involve a combination of hands-on technical work in combination non-technical work, some examples are listed below:
Technical work examples: Utilising vulnerability scanners to identify vulnerabilities within large enterprise environments, creation of detection rules in SIEM solution, automation using Python or PowerShell, performing data analysis with BI tools such as PowerBI and Qlik Sense, designing and deploying security solutions in client environments, perform a threat hunt or incident analysis after alert, etc.
Non-technical work examples: create reports and presentations as client deliverables based on analysis and assessments, organize workshops, present to senior management, transfer knowledge and coach junior colleagues, project management, proposal writing to win new projects, etc.
Let’s Talk About You
You are passionate about technology, particularly in the realm of securing IT/OT systems and are committed to continuously expanding your knowledge. With 2-5 years of cybersecurity experience, ideally in a consulting capacity, you possess some of the following skills:
Technical skills:
Strong technical background with hands-on experience in infrastructure and/or application security within medium to large enterprise environments.
Experience working within enterprise IT teams/organisations.
Proficiency in designing, building, and operating protective security capabilities/services, including vulnerability management, asset management, threat detection and response network security, device security, application security, and access management.
Hands-on experience with asset discovery and vulnerability scanners (e.g. Rapid7, Tenable, Qualys, Defender, LANsweeper, nmap, etc.)
Hands-on experience with endpoint detection and response tools (e.g. Defender, Palo Alto Cortex, Crowdstrike, etc.)
Hands-on experience with security incident and event monitoring (e.g. Sentinel, Elastic, Splunk, etc.)
Ability to create high-level and low-level designs of cybersecurity solutions
Sound understanding of network security controls (e.g. firewalls, NAC, ACLs, etc.)
Solid foundational knowledge of information technology, including overall IT architectures and the interplay of different components in an IT environment (e.g. applications, databases, operating systems, virtualization, networking, storage, datacentre, Cloud, etc.)
Familiarity wi