USI - FY26 - Cyber - Operate - ASM+MPT - Solution Delivery Lead (LSA)

Cyber

Deloitte Cyber understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful insights to help our clients navigate the ever-changing threat design and technology as we partner with clients to transform finance.

Position Summary

Level: Solution Delivery Lead

Work you'll do:

• Conduct vulnerability assessments and manual penetration testing for web, API, thick client, and mobile applications.
• Perform secure code reviews and analyze false positives from industry-standard tools.
• Respond to ad-hoc reporting and research requests.
• Develop and implement application security policies and procedures.
• Identify and prioritize security vulnerabilities.
• Coordinate with development and operations teams on remediation plans.
• Quickly understand and deliver on company and client requirements.
• Participate in regular reporting for clients, partners, and internal teams.
• Adhere to internal operational security and Deloitte policies.

The team:

Cyber Operate teams manage and operate clients' critical cyber assets through fully managed services or collaborative models, delivering skilled talent, advanced technology, and robust processes. They oversee the identity lifecycle, security operations, threat intelligence, application security, business transformation, and continuous compliance, with services including Cyber-as-a-Service, Managed Application Security, and Managed Extended Detect & Respond (MXDR). DevSecOps complements these operations by automating security testing within CI/CD pipelines and integrating security throughout the development lifecycle, enabling agile, risk-based delivery. Deloitte's DevSecOps framework streamlines operations, supports continuous integration and delivery, and embeds secure-by-design principles across cloud and application environments for timely vulnerability identification and remediation.

Qualifications:

Must Have Skills/Project Experience/Certifications:

• 5–7 years of hands-on experience in:
• • Application security
• Vulnerability assessment
• Penetration testing
• Mobile application security
• Thick client and Web API security assessments
• Strong understanding of OWASP Top 10 and related vulnerabilities.
• Experience in manual assessment and exploitation (e.g., Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling).
• Understanding of OAUTHv2/OpenID standards and business logic vulnerabilities.
• Experience with secure code review (OWASP Secure Coding Practices).
• Proficiency with tools: Burp Suite, Fiddler, Sysinternals, Veracode, DnSpy, OllyDbg, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida, etc.
• Ability to perform manual penetration testing and use automated tools.
• Excellent technical report writing skills.
• Knowledge of web application components (frontend, backend, databases, application servers).
• Understanding of web development technologies (HTML, CSS, JavaScript, PHP, Java, .NET, backend databases).
• Experience with application security architecture review and threat modeling.
• Basic concepts of reverse engineering and memory analysis.
• Understanding of networking protocols (TCP/IP, DNS, HTTP/S).
• Familiarity with vulnerability classification (CVE/CVSS).
• Certifications: CISSP, OSCP, OSWE, BSCP, GWAPT.

Good to Have Skills/Project Experience/Certifications:

• Proficiency in web and mobile application security assessments, penetration testing, and secure code review.
• Relevant publications (blogs, tools, conference presentations, CVEs).
• Preferred certifications: OSWE, BSCP.
• Experience with automation and scripting (Python).
• Outstanding English written and oral communication skills.
• Strong understanding of web, mobile, and microservices vulnerabilities.
• Knowledge of malicious code operation and exploitation.
• Strong analytical and problem-solving skills.
• Self-motivated and eager to learn new attack vectors.
• Desire to deeply understand the what, why, and how of security vulnerabilities.

Education:

• Bachelor's degree or higher in Computer Science, or equivalent experience.

Location:

• Bangalore, Hyderabad, Pune, Chennai, Kolkata

Shift Timings:

• Flexibility for night, weekend, and holiday coverage is essential.
• Must be willing to work 24*7 rotational shifts
• On call support required based on project assignments

Our purpose

Deloitte's purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities.

Our people and culture

Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work.

Professional development

At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India.

Benefits to help you thrive

At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you.

Recruiting tips

From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.

Requisition code: 305699