VMS Automation & Integration Engineer, Deloitte Global Technology

Work you'll do:

As the Vulnerability Management (VM) Automation and Integration (A&I) Engineer, you will maintain and engineer solutions for the vulnerability management operating platformincluding data management and all integrations.The VM A&I Engineer will have responsibility for providing security technology expertise and contributing to the support of VM operations, conducting a large number and variety of VM tasks.The VM A&I Engineer will have experience with broad areas of technology and security with the ability to align technical security solutions with business requirements.In this role, you will be designing, implementing, and maintaining automation workflows and integrations that enhance our operational efficiency and productivity.The VM A&I Engineer will work with Global teams and member firm teams in all technology areas to address different types of cybersecurity risks.

Responsibilities:

As part of the Vulnerability Management Service, you will be part of engineers and will:

• Manage global vulnerability management (VM) integration and regional VM solution analysis, implementation and orchestration.
• Design, develop, and implement automation scripts and workflows to deploy and manage vulnerability management infrastructure and applications
• Responsible for overseeing platform implementation and development
• Responsible for platform documentation, documenting design decisions, and overseeing all architectural deliverables for the platform
• Provide strategic advice, technical guidance and expertise to program and project staff.
• Participate in the design, lifecycle management, and total cost of ownership of the vulnerability management platform, applications, and infrastructure services
• Collaborate with cross-functional teams to understand and translate system requirements into efficient and scalable automation solutions
• Assist with problem escalation as needed
• Document architecture designs, configurations, and best practices for CI/CD pipelines, DevSecOps practices, and SDLC tooling.
• Provide training and knowledge transfer sessions to Development teams and other stakeholders on the use and maintenance of CI/CD pipelines and related tools.
• Stay current with new and evolving technologies via formal training and self-directed education

Required:

• Competence in managing and optimizing vulnerability and configuration scanning tools (e.g., Qualys, Tenable, Rapid7).
• Technical Vulnerability Knowledge: In-depth knowledge of technical vulnerabilities and their impact; proficiency automating and orchestrating solutions to manual processes
• Proficiency in popular automation tools and platforms
• Proficiency in programming & scripting languages such as Java, C#, Python, PowerShell, Bash and experience in using APIs of various solutions.
• Good understanding of cloud architectures (Azure, AWS, GCP) and the security implications of cloud-based infrastructure.
• Proficiency in data analysis and reporting tools (Excel, Power BI) to support vulnerability management reporting.
• Experience providing proactive guidance regarding platform optimization.
• Skilled in SME assistance and oversight into platform maintenance and upgrade work.
• Ability to develop, maintain, and document workflow processes to ensure data & system controls are adequate, meet internal baselines and optimize current processes to meet emerging risks
• Experience generating vulnerability data health checks to ensure completeness and accuracy
• Assist with vulnerability report generation for scheduled and ad-hoc requests
• Ensure strong oversight of vulnerability scanning schedule

Education:

• Bachelor’s Degree: preferably in a service management or information technology-related field
• 5+ years experience working in Information Security
• Good English communication skills

Preferred:

• Knowledge of the Deloitte firm, member firms, and the businesses
• Skilled in configuring and managing Attack Surface Management tools such as CyCognito.
• Professional IT or Security management certification, at least one or more of CISSP, CCSP, CRISC, CISM, GIAC, OSCP, Security+, CEH, etc.
• Knowledge and experience of OWASP Top 10, SANS Secure Programming, Security Engineering Principles
• Familiarity with application, server, and network security is preferred; understanding of security architectures, network security, Active Directory, least privilege, etc Strong leadership and mentorship skills, with the ability to work collaboratively with cross-functional teams.
• Ability to work on multiple projects, manage multiple tasks, re-prioritize workload as demands change.
• Detail oriented, with proven ability to challenge and identify opportunities within existing processes and business practices.