Consultant

Description:

Consultant

Our Purpose

At Deloitte, our Purpose is to make an impact that matters. We exist to inspire and help our people, organizations, communities, and countries to thrive by building a better future. Our work underpins a prosperous society where people can find meaning and opportunity. It builds consumer and business confidence, empowers organizations to find imaginative ways of deploying capital, enables fair, trusted, and functioning social and economic institutions, and allows our friends, families, and communities to enjoy the quality of life that comes with a sustainable future. And as the largest 100% Canadian-owned and operated professional services firm in our country, we are proud to work alongside our clients to make a positive impact for all Canadians.

By living our Purpose, we will make an impact that matters.
 

• Have many careers in one Firm.
• Enjoy flexible, proactive, and practical benefits that foster a culture of well-being and connectedness.
• Learn from deep subject matter experts through mentoring and on the job coaching
   

--

In a rapidly changing world where information has a significant value, supply chains are interconnected and there is uncertainty when doing business on a global basis, information security and privacy have become board level issues.

What will your typical day look like?

As part of our Offensive Security testing and Incident response team, you will help our clients improve their overall security posture by proactively identifying security vulnerabilities in our clients’ IT infrastructure, applications and networks by simulating real-world cyber attacks. Through the use of ethical hacking techniques, you will be assisting our clients in uncovering weaknesses in their environment and providing actionable recommendations for remediation.

As a junior member of the team, you will assist in the performance of offensive cyber testing, progressing from a support role to being responsible for all aspects of our services. Your Responsibilities would include:
 

• Penetration Testing: Perform authorized, simulated attacks (manual and automated) on web applications, internal/external networks, and cloud infrastructure.
• Vulnerability Assessment: Scan systems to identify, analyze, and prioritize security gaps in operating systems and network devices.
• Red Teaming & Simulation: Execute multi-stage attack scenarios—including privilege escalation, lateral movement, and data exfiltration—to test detection and response capabilities.
• Reporting & Documentation: Document technical findings, attack paths, and risk levels in detailed reports for both technical staff and management.
• Remediation Guidance: Collaborate with IT teams to develop and validate solutions for identified security weaknesses.
• Tool Development: Research, develop, and maintain custom scripts or tools for specialized testing.
• Social Engineering: Conduct testing to identify vulnerabilities in human-centric security (e.g., phishing campaigns)