Description:
As a Cyber Risk Consultant You Will Have The Opportunity To Work On a Variety Of Projects Addressing New Technology Trends And Related Business Challenges Faced By Our Clients Both Locally And Globally. Tasks Include
- Assessing and implementing Cloud security solutions for clients
- Reviewing security-related events, assessing risk and validity, as well as reporting on security postures and recommending corrective actions when required
- Working with security vendors to understand their solution offerings and advise clients on appropriate technologies and architectures, based on their needs
- Conducting research on the latest security technologies and standards, as well as the threat and vulnerability landscape, in order to advise clients and recommend appropriate actions
- Facilitating use of technology-based tools or methodologies to review, design and/or implement products and services.
About The Team
Deloitte’s Cyber Cloud team helps organizations throughout the complete cycle of moving business processes to the cloud and operating it in a secure and private way. We offer cyber capabilities and solutions focused on development, transformation and resilience of cloud security through various mechanisms, built upon our demonstrated delivery methodology and leverage our deep technical experience, industry and regulatory knowledge, vendor and our access to a large global network of skilled professionals.
Enough About Us, Let’s Talk About You
You are someone with:
- Degree or Diploma in Computer Science, Engineering, Management Information Systems or Information Security or relevant experience in these domains
- 1-5 years experience in application development and knowledge of main programming languages
- AWS and Azure Security Expertise: In-depth understanding of the security features and best practices within Amazon Web Services {AWS) and Microsoft Azure.
- Microservices and Kubernetes Security: Proficiency in securing microservices architecture and Kubernetes clusters, ensuring robust protection of containerized applications.
- DevSecOps Platforms and Security Scanning Tools: Experience with tools and platforms that integrate security into the development process, along with expertise in security scanning tools to identify vulnerabilities.
- Git and Scripting Languages (Bash, PowerShell, Python): Strong familiarity with version control using Git and scripting languages to automate security processes and tasks.
- Infrastructure as Code {laC) with Terraform: Ability to define and manage infrastructure as code using Terraform, streamlining the deployment and configuration of cloud resources securely.
- Policy Languages (Sentinel, OPA): Proficient in policy languages like Sentinel and Open Policy Agent (OPA) to enforce and automate security policies.
- Data Serialization (JSON, YAML): A solid grasp of data serialization formats such as JSON and YAML, essential for effective communication and configuration in cloud environments.
- Programming Skills: Advantageous to have programming skills and a conceptual understanding of software development practices to collaborate effectively with developers.
- Good understanding of basic networking concepts/principles (routing, switching, IP addressing etc.) and common services/protocols is important
- Knowledge of foundational systems security principles is important
- Knowledge of application security concepts and overall application design is important
- Hands on experience with cloud security posture management platforms (e.g., Palo Alto Prisma Cloud, Wiz, Orca) to assess misconfigurations and integrate findings into CI/CD, SIEM, and ticketing workflows for continuous remediation.
- Awareness of AI/ML security risks within cloud environments, including securing AI workloads, model endpoints, and data pipelines and how these intersect with cloud IAM, network segmentation, secrets management, and DevSecOps controls on AWS and Azure
- Familiarity with AI governance and risk frameworks (e.g., NIST AI RMF, ISO 42001, ISO 42005) and ability to assess client AI deployments against organizational security policies and regulatory compliance standards
- Practical experience using large language models (e.g., Microsoft Copilot, Google Gemini) and prompt engineering techniques to automate security tasks, generate IaC configurations, and accelerate delivery across cloud security engagements
- Ability to use AI coding assistants (e.g., GitHub Copilot) to accelerate development of security automation scripts, policy-as-code, and infrastructure configurations in Bash, Python, Terraform, or YAML
- Must be eligible to obtain and maintain a Government of Canada security clearance at the Reliability Status level (minimum); eligibility for Secret (Level II) clearance is strongly preferred