Our Deloitte Cyber team understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful solutions to help our clients navigate the ever-changing threat landscape. Through powerful solutions and managed services that simplify complexity, we enable our clients to operate with resilience, grow with confidence, and proactively manage to secure success.
Work You'll Do
+ Implement risk management programs for our federal clients by utilizing NIST, RMF, and FISMA compliance frameworks.
+ Enhance cyber awareness with clients and project teams.
+ Work alongside federal clients to help them mitigate risk with the use of continuous monitoring and incident response.
+ Establish security controls to ensure protection of client systems.
+ Implement cutting edge security tools for our federal clients.
The Team
Deloitte's Government and Public Services (GPS) practice - our people, ideas, technology, and outcomes-are designed for impact. Serving federal, state, & local government clients as well as public higher education institutions, our team of professionals brings fresh perspective to help clients anticipate disruption, reimagine the possible, and fulfill their mission promise.
Our Cyber Defense & Resilience offering assists clients in defending against advanced threats by transforming security operations, monitoring technology, data analytics, and threat intelligence. Helps manage and protect dynamic attack surfaces and provides rapid crisis and cyber incident response, ensuring clients can be ready for, respond to, and recover from business disruptions.
Qualifications
Required:
+ Bachelor's degree required.
+ Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.
+ Must be able to obtain and maintain the required clearance for this role.
+ 3+ years of hands-on experience in penetration testing, with a focus on web applications and APIs.
+ Strong understanding of the OWASP Top 10, web application security, and common attack vectors.
+ Proficiency with industry-standard tools such as Burp Suite, Nmap, Metasploit, and custom scripts.
+ Demonstrated ability to identify and exploit vulnerabilities such as XSS, SQLi, CSRF, SSRF, authentication/authorization flaws, and business logic issues.
+ Certifications: OSCP (Offensive Security Certified Professional) required.
Preferred:
+ Certifications such as OSWEP, CRTO, or eJPT (eLearnSecurity Junior Penetration Tester) are highly desirable. Experience with cloud-based application testing, mobile application security, or social engineering. Scripting or programming experience (Python, PowerShell, Bash, etc.).
+ 1+ years of experience with purple team exercises or collaboration with blue teams.
Information for applicants with a need for accommodation:
The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $88,600.00 to $155,375.00.
You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.