Junior DevSecOps (Consultant or Senior Consultant), Cyber Risk, Risk Advisory - UK

Job Description

Your opportunityWith a history stretching back almost two centuries, Deloitte has built a reputation as trusted advisors to some of the worlds biggest household names. We are also the partner-of-choice for some of the largest cloud providers and softwarevendors, using modern technology to do meaningful work.The Deloitte Cyber Security team aims to be leaders in the DevSecOps arena. We work in a broad range of industry sectors with clients whom millions of people depend upon. They rely on us to help them build secure software in a secure fashion.We are committed to building a diverse team of talented consultants who are passionate about the work they do. We deliver value to our clients, colleagues, and community in the way we plan, deliver, and reflect on our work, as a team. Therefore, we welcomeapplications from all backgrounds.We believe that, to sustain a successful business model, we must equip our colleagues with the ability to improve. We also understand that the industry evolves at a lightning pace. As a result, we provide mentoring and training in a safe environment withempathetic and supportive feedback. Every member of the team receives nurturing on emotional intelligence, resilience, and self-awareness.You will be assigned a dedicated career coach and benefit from our internal DevSecOps training curriculum with visible career pathways. This is so that we can provide meaningful and measurable progress to each member of the team.All of the above are crucial investments that allow us to sustain our reputation for delivering high quality services.We encourage consideration of flexible ways of working, both formal and informal arrangements that allow for the best outcomes for our people and our clients. If this opportunity is of interest to you with some flexibility, please do discuss with us.Your roleAs a Junior DevSecOps Consultant you can expect to be involved in the following activities:

• Building secure continuous integration and continuous delivery (CI/CD) pipelines.
• Contributing to threat modelling activities to identify potential vulnerabilities and implementing approaches to address them.
• Building secure infrastructure in both public cloud (AWS, Azure and GCP) and on-premise environments using infrastructure-as-code tools.
• Using software tools to test and verify the security of an application and the pipeline used to deliver it.
• Evangelising a security-first approach to clients by demonstrating good practices such as defence-in-depth.
• Using Agile methodologies to deliver high-quality software on a dependable cadence.
• Attaining industry accredited certifications.

Your professional experienceIn order to succeed in this role, you will need, or be willing to learn, the following:

• An understanding of how to deliver technology solutions using Agile methodologies such as Scrum and Kanban
• An understanding of, and the ability to implement, DevOps practices such as continuous integration and delivery (CI/CD), automated testing, infrastructure as code, site reliability engineering (SRE), and monitoring and alerting
• A broad understanding of security practices such as penetration testing, threat modelling, vulnerability management, and static and dynamic application security testing
• An awareness of cyber security industry resources such as OWASP projects, vulnerability lists, NIST frameworks, CVEs, NCSC guidance, etc
• An understanding of cloud computing including the specific security concerns associated with using cloud infrastructure
• An understanding of the software development lifecycle (SDLC) as well as knowledge of the components of a secure SDLC
• An appreciation of the platforms and tools commonly used in a modern software architecture, for example:
• Container orchestration tools such as Kubernetes and Docker Swarm
• Service mesh tools such as Istio and Hashicorp Consul
• Infrastructure as code tools such as Hashicorp Terraform and Ansible
• Configuration management tools such as Chef, Puppet and Ansible
• Monitoring and alerting tools such as Prometheus, Splunk, DataDog, etc

The following are essential:

• A willingness to work as part of a diverse team
• A commitment to continuous improvement and lifelong learning
• A passion for technology and a drive to deliver secure, high-quality solutions
• An open mindset, allowing you to collaborate with colleagues and contribute to the success of your team
• Personable with excellent communication skills, both written and spoken
• An ability to remain calm under pressure whilst continuing to pay attention to detail

Your service line: Risk AdvisoryIn Risk Advisory, our thinking and actions give clients, our people and society the confidence to grow responsibly in a rapidly changing world. We dont just work with our clients to manage risk, we help them understand and grab the opportunities it presentstoo, helping them gain a competitive advantage. Our expertise and industry knowledge run deep here. At Deloitte, youll find yourself working with some of the most inspiring and experienced colleagues and with clients who trust you to lead the way to smartchoices, better control frameworks, and new systems, including bespoke solutions that have a direct impact on their bottom line.Personal independenceRegulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to a number of audit regulations, one of which requires that certain colleaguesabide by specific personal independence constraints. This can mean that you and your "Immediate Family Members" are not permitted to hold certain financial interests (shares, funds, bonds etc.) with audit clients of the firm. The recruitment team will providefurther detail as you progress through the recruitment process.For a full job description please visit our online Deloitte Careers portal.