Senior Threat and Vulnerability Analyst

Cyber Security Information Technology Posted: 15-Jan-2025

Same job available in 1 locations

Lake Mary, Florida, United States

Deloitte Global is the engine of the Deloitte network. Our professionals reach across disciplines and borders to develop and lead global initiatives. We deliver strategic programs and services that unite our organization.

Work you'll do

  • Conduct internal and external asset, and web security vulnerabilities assessments (review designs, perform pen test, code review, and security checks) using scanning tools and notify the appropriate team to take necessary action. 
  • Conduct vulnerability assessments against a broad range of targets, including Windows, UNIX, Linux, routers, firewalls, switches, and web applications. 
  • Convert disparate asset and vulnerability information into actionable intelligence and make recommendations, utilize scripting techniques and vendor APIs to automate complex tasks and triage data. 
  • Work with developers and project managers to remediate and patch largescale, systemic vulnerabilities. 
  • Work jointly with Development Teams, Architects and Cyber Defense teams to clearly define the scope of the Vulnerability Management Service and the related rules of engagement. 
  • Develop reports and provide complex analysis using data that is hosted in multiple sources (e.g. spreadsheets, databases) and communicate clearly to management and other team members. 
  • Identify, research, and validate various known and unknown security vulnerabilities on server and client side at scale.
  •  Identify potential security exposures that may currently exist or may pose a potential future threat to the U.S. Firm’s applications; Ensure Cyber Defense management is notified when these exposures are identified, as well as a proposed solution for remediation. 
  • Collect and distribute indicators of compromise from malware analysis; review blogs, websites, and other news sources for actionable information and provides analysis. 
  • Conduct thorough research projects for various threat topics (malware, technologies, actors, etc.) and develop competing hypothesis and peer review; provide daily reporting of emerging threats. 
  • Conduct application functionality testing activities, including scheduling, resources, tool execution, and reporting.

The team

The Global (DTTL) People team supports our talented, forward-thinking professionals with a broad range of development, well-being, and engagement programs to enhance their professional and personal journeys. We provide top-notch, leading-edge thinking and advisory support and partner with our businesses to ensure our professionals develop the right skills and talents to deliver on ambitious priorities.

Qualifications

Employer will accept a Bachelor’s degree, or foreign equivalent degree, in Computer Science, Mathematics, Engineering (any), or a related field and 2 years of experience in the job offered or in an Information Security Analyst-related occupation.

Position requires experience in the following:

  1. Two years of experience in Information Security and Cybersecurity
  2. Two years of vulnerability Management experience including Automated vulnerability scanning, risk management and remediation assistance utilizing scanning tools such as Qualys, Nessus.
  3. Two years of experience in Software Development, automation of processes and procedures utilizing technologies such as software repository management GitHub and programming framework Visual Code.
  4. Two years of experience in scripting in programming languages such as Python, Bash, or PowerShell.
  5. Two years of experience in scripting concepts such as usage of security tool vendor APIs, HTTPS protocol and requests, Data Analytics.
  6. Two years of experience in threat Intelligence, investigating and understanding Vulnerabilities, hacking techniques, and hacking tools including CVE, CVSS, CISA, and MITRE Attack.
  7. Two years of experience in external Attack Surface management security tools such as RiskIQ or CyCognito.
  8. Functionality testing of security agents in virtualization environments such as VMWare, VirtualBox.
  9. IT infrastructure concepts such as Networking, Firewalls, Network Devices, Routing, Windows System Administration, Domain Controllers, Active Directory, and Group Policies.
  10. Penetration testing attack activities such as network probing/ scanning, DDOS, or malicious code activity, and possible abnormal activities, such as worms, Trojans, or viruses.

*Telecommuting/working from home within commutable distance permitted.

EOE

XBAL24FB1224LMF324


Our culture

At Deloitte Global people are valued and respected for who they are – with opportunities to bring their unique perspectives, talents and passions to business challenges. Our global workspace creates room for individuality and collaboration. Ours is an inclusive, supportive, connected culture with a focus on development, flexibility, and well-being. This culture makes Deloitte Global one of the most rewarding places to work, and to transform your career.

Professional development

From entry-level employees to senior leaders, we believe in investing in you, helping you identify and hone your unique strengths at every step of your career. We offer opportunities to build new skills, take on leadership opportunities, and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.

Benefits

At Deloitte, we value our people and offer employees a broad range of benefits. Our Total Rewards program reflects our continued commitment to lead from the front in everything we do—that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being.

Recruiting for this role ends on April 10, 2025.

At Deloitte Global, we know we’re at our best when we look out for one another; prioritize respect, fairness, development and wellbeing; foster an inclusive culture and embrace diversity in all forms. All qualified applicants will receive consideration for employment regardless of their background, experience, identity, ability or thinking style, and if you need assistance or an accommodation during the application process for accessibility reasons this is available upon request. The preferred candidate will be subject to background screening by Deloitte or by their external third-party provider.
April 10, 2025
Back to job list