DevSec Ops, Cyber Risk, Consultant/Senior Consultant

Job Type : Permanent

Reference code : 125939

Primary Location : Toronto, Ontario, Canada

All Available Locations : Toronto, ON

Our Purpose

At Deloitte, we are driven to inspire and help our people, organization, communities, and country to thrive. Our Purpose is to build a better future by accelerating and expanding access to knowledge.

Purpose defines who we are and gives us reason to exist as an organization.

• Have many careers in one Firm.
• Experience a firm where wellness matters.
• Be part of a firm that leads the way and pushes themselves to look like contemporary Canada.

In a rapidly changing world where information has a significant value, supply chains are interconnected and there is uncertainty when doing business on a global basis, information security and privacy have become board level issues.

What will your typical day look like?

Our national practice is growing and we are seeking a new Consultant / Senior Consultant to join our talented team! As a Consultant / Senior Consultant, you will :

• Work with a diverse team of talented cyber security professionals across Canada
• Work with unique clients with a diverse range of technology and cyber needs
• Design, define and improve secure software development lifecycle (SSDLC) procedures and processes to meet based policies and standards
• Develop and implement security requirements, controls, processes / procedures for DevSecOps and CI / CD pipelines. These can involve developing Security-as-Code (SaC) as well as embedding security into Infrastructure-as-Code (IaC) as part of DevOps pipelines
• Collaborate with development teams to establish secure coding practices and secure code patterns.
• Work with delivery and project managers to review scope, plans, epics, stories and tickets and provide security feedback.
• Be a member of the incident response and resolution efforts related to security events or concerns identified during the DevSecOps process.
• Help develop a training program for product managers on security-related aspects of requirements scoping.
• Develop a training program for developers on security-related aspects of DevSecOps, fostering a culture of security awareness and responsibility.
• Help automate secure code testing and code analysis as part of our deployment pipelines and experience with version control system (such as GitHub, Gitlab, Bitbucket, etc.).
• Experience with any of the following would be an asset :

o Docker and / or Docker Enterprise or containerization technologies

o Kubernetes

o Ansible

o Azure DevOps or similar pipeline / orchestration platforms

o Commercial and open source SAST and DAST tools (e.g. OWASP ZAP, Veracode, CheckMarx, Sonatype, Fortify, Burp, etc.)

o Knowledge of industry frameworks involving application security (NIST SSDF, OWASP SAMM, BSIMM, etc...)

About the team

Deloitte’s Cyber Risk Services helps our clients to be Secure, Vigilant and Resilient in the face of an ever increasing array of cyber threats and vulnerabilities.

Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions, using proven methodologies and tools.

Our services help organizations address timely and pervasive issues such as identity theft, data security breaches, data leakage, cybersecurity, and system outages across organizations of various sizes and industries, with the goal of enabling ongoing, secure, and reliable operations across the enterprise.

The environment at Deloitte is made up of intellectually curious, smart people; including world class security and privacy experts.

Your mix of work will help foster your leadership skills and you will develop relationships with a team that you respect and have fun with.

In addition, you will have the opportunity to identify areas of work that are of particular interest to you.

Enough about us, let’s talk about you

You are someone with :

• Minimum 4 years of relevant work experience in application security or DevSecOps
• Undergraduate degree / diploma in Software Development / Engineering, or Computer Science
• Expertise in source code reviews and run-time analysis
• Proficiency in scripting and programming languages and experience with automation tools.
• Self-directed, with the ability to thrive in a fast-paced and dynamic environment
• Strong analytical and problem solving skills, and the ability to articulate complex concepts in a clear and concise manner.
• Strong understanding of AWS build and deploy tooling (DevOps toolset)
• Some understanding of containerization technologies
• Understanding of infrastructure-as-code and Security-as-Code
• Knowledge of secure coding practices
• Knowledge of common and popular code security testing tools.
• Excellent problem-solving, analytical, and communication skills.
• Ability to collaborate effectively with multidisciplinary teams in an agile environment.
• Leadership experience with a proven ability to mentor and guide team members.

Total Rewards

The salary range for this position is $66,000 - $125,000, and individuals may be eligible to participate in our bonus program.

Deloitte is fair and competitive when it comes to the salaries of our people. We regularly benchmark across a variety of positions, industries, sectors, targets, and levels.

Our approach is grounded on recognizing people's unique strengths and contributions and rewarding the value that they deliver.

Our Total Rewards Package extends well beyond traditional compensation and benefit programs and is designed to recognize employee contributions, encourage personal wellness, and support firm growth.

Along with a competitive base salary and variable pay opportunities, we offer a wide array of initiatives that differentiate us as a people-first organization.

Some representative examples include : $4,000 per year for mental health support benefits, a $1,300 flexible benefit spending account, 38+ days off (including 10 firm-wide closures known as "Deloitte Days"), flexible work arrangements and a hybrid work structure.

Our shared values

While our Purpose guides us and helps explain why we exist, our shared values describe the behaviour we expect from each other at the firm.

They provide common ground to unite us across cultures and geographies. They help us to earn the trust and respect of our stakeholders.

We all commit to living by these shared values, to stay true to the principles they represent, and to honour the legacy from which they came.

They are what sets us apart and makes us Deloitte.

Every day, we live our Purpose through the following five shared values :

• Lead the way : Deloitte is not only leading the profession, but reinventing it for the future. We’re also committed to creating opportunity and leading the way to a more sustainable world.
• Serve with integrity : Deloitte has earned the trust of employees, clients, regulators, and the public for 175 years. Upholding that trust is our single most important responsibility.
• Take care of each other : We look out for one another and prioritize respect, fairness, development, and well-being.
• Foster inclusion : We are at our best when we foster an inclusive culture and embrace diversity in all forms. We know this attracts top talent, enables innovation, and helps us deliver well-rounded client solutions.
• Collaborate for measurable impact : We approach our work with a collaborative mind set, teaming across businesses, geographies, and skill sets to deliver tangible, measurable, attributable impact.

The next step is yours

Sound like The One Firm. For You?

At Deloitte, we are all about doing business inclusively that starts with having diverse colleagues of all abilities. Deloitte encourages applications from all qualified candidates who represent the full diversity of communities across Canada.

This includes, but is not limited to, people with disabilities, candidates from Indigenous communities, and candidates from the Black community in support of living our values, creating a culture of Diversity Equity and Inclusion and our commitment to our AccessAbility Action Plan , Reconciliation Action Plan and the BlackNorth Initiative .

We encourage you to connect with us at [email protected] if you require an accommodation for the recruitment process (including alternate formats of materials, accessible meeting rooms or other accommodations).

We’d love to hear from you!

By applying to this job you will be assessed against the Deloitte Global Talent Standards. We’ve designed these standards to provide our clients with a consistent and exceptional Deloitte experience globally.

Deloitte Canada has 30 offices with representation across most of the country. We acknowledge our offices reside on traditional, treaty and unceded territories as part of Turtle Island and is still home to many First Nations, Métis, and Inuit peoples.

We are all Treaty people.