DallasRecruiter Since 2001
the smart solution for Dallas jobs

Offensive Security Manager (nationwide)

Company: Deloitte
Location: Dallas
Posted on: January 16, 2022

Job Description:

Position Summary

Are you interested in working in a dynamic environment that offers opportunities for professional growth and new responsibilities? - If so, Deloitte & Touche LLP could be the place for you. Traditional security programs have often been unsuccessful in unifying the need to both secure and support technology innovation required by the business. Join Deloitte's Advisory Offensive Security -Services team to help drive our client's innovations and become a member of the largest group of cybersecurity professionals worldwide.Work you'll doAs an -Offensive Security -Manager, you will be on the front lines with our clients supporting them with their cloud and Offensive Security -needs. You will work with our Offensive Security -team to provide attack-oriented professional services such as (but not limited to): Red/Purple Team Operations, Penetration Testing, Breach and Attack Simulations, Cloud Penetration Testing, Social Engineering, and a variety of ad-hoc custom assessments to address unique information security concerns for clients. In this role you will:Lead Red Team Assessments, Purple Team Assessments, Network Penetration Tests, Wireless Security Assessments, Onsite and Remote Social Engineering, and a variety of custom assessmentsCreate and review comprehensive assessment reports that are technical and managerial to describe the engagement, scope, risks, and remediation recommendationsProvide technical and administrative oversight and guidance to junior members of the team while performing technical operationsLiasioning between technical teams and executive level professionals to relay relevant testing results and findingsDevelop marketing materials and participate in marketing activities such as creating research, speaking at conferences, authoring materials and presenting thought leadershipKnowledge of security testing frameworks and standards such as OSSTMM, OWASP, NIST SP 800-115, and MITRE ATT&CKUse automation, orchestration, and scripting to reduce manual processes, improving overall efficiency while also enabling new capabilities to meet the rapidly changing needs of our clientsMastery of commercial and open source security tools including, but not limited to: Nmap, Nessus, BurpSuite, Cobalt Strike, Metasploit, Wireshark, and Aircrack-ngAssist with Practice development, including improving existing offerings, creating new offerings, and mentoring team membersPerpetually strengthen relevant skills, knowledge, and abilities to stay at the forefront of the information security industryFoster client relationships by providing support, information, and guidanceMaintain a strong desire to learn, adapt, and improve along with a rapidly growing companyPerform other duties as assignedServe as a subject matter expert on cloud cyber risk for at least one of the leading cloud platforms preferably AWS, Microsoft Azure/ Office 365.Provide technical security support for cloud-native (e.g., AAD) and third-party security services and resolve service-related issues through research, troubleshooting, and working with cloud service providers and third-party security solution vendors.Support proof of concept and production deployments of these cloud technologies.Perform technical health checks for cloud platforms/environments prior to broader deployment and assist clients with configuration of cloud platform scanning tools, and delivery of cloud security and compliance reports.Design and develop cloud platform-specific security policies, standards, and procedures for management group and account/subscription management and configuration (e.g. Azure Policy, Azure Security Center, AWS Config), identity management and access control, firewall management, auditing and monitoring, -security incident and event management, data protection, user and administrator account management, SSO, conditional access controls and password/secrets management.Troubleshoot problems with cloud infrastructure (e.g., domain name service, virtual network peering, dedicated cloud connectivity services - Azure ExpressRoute, AWS DirectConnect, Google Cloud Dedicated Interconnect) and resources (e.g., virtual machines, virtual networks, cloud databases) in a multi-cloud vendor environment and document technical platform issues, analysis, client communication, and resolution as part of cyber risk mitigation steps.Assist clients in the selection and tailoring of approaches, methods, and tools to support cloud adoption for secure migration of existing workloads to a cloud vendor. This may cover services such as tenant setup and service configuration focused on cloud cyber risk mitigation, IAM (e.g., PIM/PAM, MFA, SSO, Conditional Access), data protection (e.g., -DLP, encryption, PKI), network security (e.g., firewalls, WAF), etc.Perform cloud orchestration and automation (Continuous Integration and Continuous Delivery (CI/CD)) in single and multi-tenant environments using tools like Terraform, Ansible, Puppet, Chef, Salt etc.Design, implement, manage, and automate DevSecOps capabilities in cloud offerings using CI/CD toolsets and automation -(e.g., Boto3, Lambda, Azure Functions, Google Functions, Python, JSON).Support and enable junior team members across both technical and management leadership capacities.Provide internal cloud security technical training to Advisory personnel as needed.Support the team on proposals, whitepapers, proof of concepts, technical eminence materials and firm initiatives.The TeamAt Deloitte, our Cyber Specialists help organizations manage cyber risk and create value through enhanced -security, visibility, and privacy into an organization's DNA-our program design, implementation, operation, and response services, coupled with our deep industry and mission knowledge, help us protect and defend our clients' most valuable assets, facilitate secure digital transformation efforts, and adapt rapidly to emerging threats. -Learn More about Advisory's Cyber practiceQualifications - ExternalRequirements:11+ years combined in IT and information security experience5+ years of experience performing offensive/attack-oriented security assessments2+ years of experience in an enterprise-level customer delivery services roleExperience with various public cloud components and architectures with Azure / AWS strongly preferred.Experience in evading security detection controlsAdditional Requirements:Travel up to 50% (While 50% of travel is a requirement of the role, due to COVID-19, non-essential travel has been suspended until further notice).Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.Identify opportunities to improve services delivered to our clients.Experience with leading multiple distributed teams across different geographies.Excellent teamwork and interpersonal skills.Preferred:Knowledge of defensive tactics designed to counter offensive cyber operationsExperience in creating a vision and authoring the design of cyber programs and methodologiesExperience teaching and certifying personnel to achieve goal-oriented training objectivesOther lab-based certifications such as OSCP, OSCE, GIAC, and GSE are preferredOther relevant industry certifications, such as GPEN and GCIHInfoSec community involvement, such as conference speaking, blog/whitepaper authoring, and podcast speaking/producingExperience building security tool APIs and/or services.Experience building/automating Red Team Infrastructure.Experience building/automating Attack Defense labs.BA/BS Degree ideally in Computer Science, Cyber Security, Information Security, Engineering or Information Technology.Previous Consulting or Big 4 experience preferred.Certifications such as: CISSP, AWS/Azure Security/DevOps/Professional Certifications, completion of Red Teaming LabsExcellent writing and verbal communication skills.Strong project management and organizational skills.Knowledge of business process, user provisioning process, and security maintenance processes.

Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.
Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.
Our people and culture Our diverse, equitable, and inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our client most complex challenges. This makes Deloitte one of the most rewarding places to work. Learn more about our inclusive culture.
Professional development From entry-level employees to senior leaders, we believe there's always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.As used in this posting, "Deloitte Advisory" means Deloitte & Touche LLP, which provides audit and enterprise risk services; Deloitte Financial Advisory Services LLP, which provides forensic, dispute, and other consulting services; and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services. Deloitte Transactions and Business Analytics LLP is not a certified public accounting firm. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. These entities are separate subsidiaries of Deloitte LLP.All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.Deloitte will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws. See notices of various ban-the-box laws where available.Requisition code: 41304Accolades


Cyber & Strategic Risk
Same job available in 14 locationsAtlanta, Georgia, United StatesBoston, Massachusetts, United StatesCharlotte, North Carolina, United StatesChicago, Illinois, United StatesColumbus, Ohio, United StatesDallas, Texas, United StatesHouston, Texas, United StatesLos Angeles, California, United StatesMinneapolis, Minnesota, United StatesNashville, Tennessee, United StatesNew York, New York, United StatesPhiladelphia, Pennsylvania, United StatesPhoenix, Arizona, United StatesSeattle, Washington, United States

Keywords: Deloitte, Dallas , Offensive Security Manager (nationwide), Executive , Dallas, Texas

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account

Get the latest Texas jobs by following @recnetTX on Twitter!

Dallas RSS job feeds