USI - FY26 - Cyber - Operate - ASM+MPT - Senior Solution Delivery Lead(SSA)

Summary
Position Summary
Cyber - Defense & Resilience - ASM+MPT -Senior Consultant
Attack Surface Management (ASM) Services
Overview
Are you interested in improving the cyber and organizational risk profiles of leading companies? Do you want to deliver Attack Surface Management (ASM) services, identifying vulnerable IT assets and weak security configurations in real time? If you thrive in dynamic environments and are passionate about cybersecurity, Deloitte's ASM team could be the place for you.

About Deloitte's ASM Team

• Focus: Transparency, innovation, collaboration, and sustainability.
• Mission: Deliver industry-leading services with fresh thinking and a creative approach.
• Collaboration: Work with teams across Deloitte, leveraging both commercial and public sector expertise.
• Goal: Be the premier integrated services provider transforming the cybersecurity services marketplace.

As a Senior Consultant, you will:

• Work with global teams of engineers and analysts specializing in cybercriminal tactics, tools, and procedures.
• Help clients discover vulnerabilities and rogue assets (e.g., shadow IT) in their networks.
• Enable clients to achieve business growth while managing risk.

K
ey Responsibilities

• Conduct vulnerability assessments and manual penetration testing for:

• Web applications

• APIs
• Thick client applications

• Mobile applications

• Perform secure code reviews and analyze false positives from industry-standard tools.

• Respond to ad-hoc reporting and research requests from management and analysts.
• Develop and implement application security policies and procedures.
• Identify and prioritize security vulnerabilities.
• Coordinate with development and operations teams to assist with remediation plans and secure applications.
• Rapidly understand and deliver on company and client requirements.
• Participate in regular reporting (daily, weekly, quarterly, yearly) for clients, partners, and internal teams.
• Adhere to internal operational security and other Deloitte policies.

Required Qualifications

• Education: Bachelor's degree or higher in Computer Science, or equivalent experience.

• Experience: 5–9 years of hands-on experience in:

• Application security

• Vulnerability assessment
• Penetration testing
• Mobile application security

• Thick client and Web API security assessments

• Technical Skills:

• Strong understanding of OWASP Top 10 and other vulnerabilities.

• Manual assessment and exploitation of vulnerabilities (e.g., Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling).
• Understanding of OAUTHv2/OpenID standards and associated vulnerabilities.
• Business logic vulnerability identification.
• Secure code review following OWASP Secure Coding Practices.
• Proficiency with tools: Burp Suite, Fiddler, Sysinternals, Veracode, DnSpy, OllyDbg, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida, etc.
• Manual penetration testing and use of automated tools.
• Strong technical report writing skills.
• Knowledge of web application components (frontend, backend, databases, application servers).
• Understanding of web development technologies (HTML, CSS, JavaScript, PHP, Java, .NET, backend databases).
• Experience with application security architecture review and threat modeling.
• Basic concepts of reverse engineering and memory analysis.
• Understanding of networking protocols (TCP/IP, DNS, HTTP/S).

• Familiarity with vulnerability classification (CVE/CVSS).

• Certifications: One or more of the following:

• CISSP

• OSCP
• OSWE
• BSCP
• GWAPT

Preferred Qualifications

• Proficiency in web and mobile application security assessments, penetration testing, and secure code review.
• Relevant publications (blogs, tools, conference presentations, CVEs).
• Preferred certifications: OSWE, BSCP.
• Experience with automation and scripting (Python).
• Outstanding English written and oral communication skills.
• Strong understanding of web, mobile, and microservices vulnerabilities.
• Knowledge of malicious code operation and exploitation of technical vulnerabilities.
• Strong analytical and problem-solving skills.
• Self-motivated to upskill and learn new attack vectors.
• Desire to deeply understand the what, why, and how of security vulnerabilities.

If you are passionate about cybersecurity and ready to make an impact, Deloitte's ASM team offers a collaborative and innovative environment to grow your career.

Our purpose
Deloitte's purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities.

Our people and culture
Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work.

Professional development
At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India .

Benefits To Help You Thrive
At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you.

Recruiting tips
From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.

Requisition code: 305700