Experienced Specialist, Cyber Security

Reference Code 4317

Country:

US Locations: USA - Tampa; USA - Hermitage; USA - Nashville

Deloitte Global is the engine of the Deloitte network. Our professionals reach across disciplines and borders to develop and lead global initiatives. We deliver strategic programs and services that unite our organization.

Work you'll do

Work You’ll Do: You will act as the primary gatekeeper for Deloitte’s Azure/M365 API access, reviewing and approving Microsoft Graph and Azure service API permission requests against least privilege and business need. Day-to-day you’ll assess identity and access API risks, enforce SSDLC checkpoints, coordinate cross-functional escalations for high‑privilege or tenant‑wide requests, and produce audit‑ready evidence packages. You’ll monitor remediation and compensating controls, help drive automation and process improvements to scale governance for a large enterprise environment and advise product and engineering teams with prescriptive, reusable guidance to reduce permission scope and improve secure design patterns.

Key Responsibilities

• Permission Review: Review Azure and Microsoft Graph permission requests; approve, deny, or require redesigns based on least‑privilege, business need, and risk impact.
• Advisory + Validation: Advise engineering and product teams on secure Azure API and identity designs (least privilege, reusable patterns, safer token models); validate control implementation via documented checks, automation, or periodic sampling.
• Automation & Tooling: Identify and implement automation to streamline intake, triage, decisioning, and KPI reporting; maintain templates and lightweight dashboards to speed consistent decisions.
• Audit Evidence: Produce and retain decision records, evidence packages, and change logs to satisfy audits and regulatory reviews; ensure traceability from request to implementation.
• Remediation & Controls: Monitor remediation progress, and define compensating controls where necessary; escalate persistent or high‑risk gaps to owners.
• Cross‑Functional Alignment: Work closely with Global IAM, A&E Cloud Security, SSDLC, Privacy, OGC, GRC, service owners, and member‑firm security contacts to align decisions.
• Decision Frameworks & Templates: Maintain documented decision frameworks, templates, and FAQs to ensure fast, consistent, and defensible outcomes.
• Continuous Learning: Stay current on Microsoft Graph changes, Defender/Defender for Cloud advisories, and relevant security guidance.

The team

Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.

Qualifications

Required Qualifications:

• Comfortable learning technical material quickly and applying decision frameworks; able to coordinate cross‑functional sign‑offs and explain trade‑offs to technical and non‑technical audiences.
• Evaluate access requests and scenarios, recommend actions based on least privilege and business need, and record defensible outcomes.
• Experience working within a service management framework (e.g., ITSM/ServiceNow) or supporting ticketed operational queues.
• Clear written and verbal English; strong customer service orientation.
• Motivated self‑starter, able to work independently and escalate appropriately
• Technology‑related degree or suitable industry experience.

Preferred Qualifications

• Relevant experience supporting security platforms or identity/access management.
• Experience or coursework with Microsoft Entra/Azure AD, Microsoft Graph API, OAuth/OIDC, or app registrations.
• Experience with ServiceNow, PowerShell/Graph scripting, or other automation tools.
• Practical use of KQL in Microsoft Defender/Defender for Cloud
• Certifications: Security certifications (e.g., Security+, Microsoft identity/azure certs)
• Experience working in or supporting a large global organization
• SSDLC participation: Involvement in design reviews or secure development lifecycle checkpoints

Our culture

At Deloitte Global people are valued and respected for who they are – with opportunities to bring their unique perspectives, talents and passions to business challenges. Our global workspace creates room for individuality and collaboration. Ours is an inclusive, supportive, connected culture with a focus on development, flexibility, and well-being. This culture makes Deloitte Global one of the most rewarding places to work, and to transform your career.

Professional development

From entry-level employees to senior leaders, we believe in investing in you, helping you identify and hone your unique strengths at every step of your career. We offer opportunities to build new skills, take on leadership opportunities, and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.

Benefits

At Deloitte, we value our people and offer employees a broad range of benefits. Our Total Rewards program reflects our continued commitment to lead from the front in everything we do—that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being.

Recruiting for this role ends on .