Lead Threat & Vulnerability Analyst

  • Deloitte
  • Salt Lake City, UT, USA
  • Jul 13, 2021

Job Description

Location: Anywhere in US Are you passionate about technology and interested in joining a community of collaborative colleagues who respectfully and courageously seek to challenge the status quo? If so,read on to learn more about an exciting opportunity with Deloitte's Information Technology Services (ITS). We are curious and life-long learners focused on technology and innovation. What you'll do Threat Intelligence Team Leads are subject matter experts who: + Review blogs,websites,and other news sources for actionable information and provides expert analysis + Convert disparate information into actionable intelligence and document specific recommendations + Collect and distribute indicators of compromise from malware analysis + Conduct in-depth research projects for various threat topics (malware,technologies,actors,etc.) + Develop competing hypothesis and peer review + Provide in-depth daily reporting of emerging threats within a broad research area + Provide technical leadership and additional managerial support duties to more junior analysts + Can lead large,complex projects and oversee work of team members Application Vulnerability Team Leads + Conduct web and mobile application security vulnerabilities assessments (review designs,perform pentest,code review,and security checks) through the use of scanning tools / manual checks and notify the appropriate team to take necessary action. + Work with developers and project managers to remediate vulnerabilities + Perform validation testing using hacking tools from Kali Linux + Lead application security penetration testing activities,including scheduling,resources,tool execution,and reporting. + Develop reports using data that is hosted in multiple sources (e.g. spreadsheets,databases) and communicate clearly to leadership + Provide technical leadership and additional managerial support duties to more junior analysts + Lead large,complex projects and oversee work of team members Infrastructure Vulnerability Team Leads + Conduct penetration testing and vulnerability assessments against a broad range of targets,including Windows,UNIX,Linux,routers,firewalls,switches,and web applications. + Identifying,researching,validating,and exploiting various different known and unknown security vulnerabilities on server and client side + Work jointly with Development Teams,Architects and Cyber Defense teams to clearly define the scope of testing and the related rules of engagement. + Develop reports using data that is hosted in multiple sources (e.g. spreadsheets,databases) and communicate clearly to management and other team members. + Identify potential security exposures that may currently exist or may pose a potential future threat to the U.S. Firm's applications. Ensure Cyber Defense management is notified when these exposures are identified,as well as a proposed solution for remediation + Provide technical leadership and additional managerial support duties to more junior analysts + Lead large,complex projects and oversee work of team members Qualifications + 8 plus years of information security related experience + Bachelor's degree in computer science,mathematics,engineering or related + Expert-level,In depth information security theory (CISSP Preferred) + Expert-level,In depth experience with at least four of the following: + Network Devices and Routing + Windows System Administration + Software Development + Threat Intelligence + Vulnerability Management + Penetration Testing + Security Operations + Malware Analysis + In depth understanding of vulnerabilities,hacking techniques,and hacking tools + In depth understanding of penetration testing and red team activities + In depth understanding of possible attack activities such as network probing/ scanning,DDOS,malicious code activity and possible abnormal activities,such as worms,Trojans,viruses,etc. + In depth knowledge in system security architecture and security solutions + In depth knowledge in networking,phishing,and endpoint security + Excellent interpersonal and organizational skill and excellent oral and written communication skills + Proven analytical and problem-solving skills + Excellent written and oral communication skills + Self-motivated to improve knowledge and skills + Works well both in a team environment and independently + In depth understanding of programing and scripting concepts The team Information Technology Services (ITS) helps power Deloitte's success. ITS drives Deloitte,which serves many of the world's largest,most respected organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence. The ~3,000 professionals in ITS deliver services including: + Cyber Security + Technology Support + Technology & Infrastructure + Applications + Relationship Management + Strategy & Communications + Project Management + Financials Cyber Security Cyber Security vigilantly protects Deloitte and client data. The team leads a strategic cyber risk program that adapts to a rapidly changing threat landscape,changes in business strategies,risks,and vulnerabilities. Using situational awareness,threat intelligence,and building a security culture across the organization,the team helps to protect the Deloitte brand. Applicants should be eligible to possess a government security clearance. All qualified applicants will receive consideration for employment without regard to race,color,religion,sex,sexual orientation,gender identity,national origin,age,disability or protected veteran status,or any other legally protected basis,in accordance with applicable law.