Conduct web and mobile application security vulnerabilities assessments (review designs, perform pentest, code review, and security checks) through the use of scanning tools / manual checks and notify the appropriate team to take necessary action. This may include defining the security controls and parameters that will be measured. An understanding of current web application development languages is necessary to communicate compensating controls and potential remediation activities.
Work jointly with Development Teams, Architects and Cyber Defense teams to periodically review application code and be able to define security posture of applications and back-end systems. Assist with application security penetration testing activities, including scheduling, resources, tool execution, and reporting.
Independently design, recommend, plan, develop and support implementation of project-specific security solutions to meet tactical, and control requirements. Develop reports using data that is hosted in multiple sources (e.g. spreadsheets, databases) and communicate clearly to management and other team members.
Identify potential security exposures that may currently exist or may pose a potential future threat to the U.S. Firm’s applications. Ensure Cyber Defense management is notified when these exposures are identified, as well as a proposed solution for remediation.
- 5+ Years of experience, preferably in the areas of Web Application Development or Secure Application Development
- Deep understanding of tools Kali Linux, Burp Suite, OWASP ZAP, or any other penetration testing frameworks or tools is a plus.
- Scripting Experience Preferably Python or PowerShell
- Strong understanding of OWASP Top 10 Vulnerabilities
- Familiar with and able to apply time-proven, generally-accepted security methods, concepts and techniques as they relate to the Deloitte U.S. Firms.
Ability to learn and retain new skills as required meeting a changing technical environment.
- Ability to occasionally work non-standard shifts and/or on-call to support the requirements of the organization.
- Good written and verbal communication skills, fluent English.
- $110,000 – $150,000 p/a (inc. annual bonus)
- Full health, dental and vision insurance
- 401k plan & 50% company match
- 2-4 weeks paid vacation (depending on experience)