Cyber Vulnerability Management - Project Delivery Lead

at  Deloitte

Deloitte’s Cyber Risk Services help our clients to be secure, vigilant, and resilient in the face of an ever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner. Our services help organizations to address, in a timely manner, pervasive issues, such as identity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise.

As a Project Delivery Lead in the operate engagements, you are responsible for adhering to the defined operating procedures and guidelines in operating the application security services in the Managed Services model, which includes the following:

• Understand and be compliant with the Service Level Agreements defined for the SAST and SCA
• Deep knowledge of application security engineering principles and helping client’s development team to follow secure development practices which includes primarily monitoring and performing the security testing, secure code review, secure build, Software Composition Analysis processes.
• Utilize SAST tools and methodologies to analyze source code, identifying security vulnerabilities and weaknesses in applications.
• Conduct in-depth code reviews and analysis to identify and prioritize security issues. Collaborate with development teams to remediate vulnerabilities.
• Manage and maintain SAST tools and associated infrastructure. Configure and fine-tune scans to align with specific project requirements.
• Generate comprehensive reports on identified security vulnerabilities, their impact, and recommended remediation steps.
• Lead a team of VM professionals, ensuring adherence to Service Level Agreements (SLAs).
• Direct daily security operations, lead teams, and collaborate with key stakeholders to foster continuous improvements while ensuring operational stability.
• Display strong leadership and communication skills to manage a team operating 24/7.
• Collaborating with the development team to manage defects and issues. Helping prioritize and fix security-related issues at the code level.
• Work closely with the development and DevSecOps teams to facilitate the resolution of security findings and track progress.
• Provide training and awareness programs for development teams to enhance their understanding of secure coding practices.
• Stay current with emerging threats, vulnerabilities, and industry best practices to ensure that SAST processes remain up-to-date and effective.
• Use SCA tools and techniques to identify open-source components and dependencies within applications.
• Ensure compliance with open-source licenses and provide guidance on license management.
• Perform security assessments on open-source components to identify vulnerabilities and risks.
• Evaluate the security, quality, and maintenance status of open-source components.
• Collaborate with development teams to prioritize and remediate open-source vulnerabilities.
• Maintain and configure SCA tools, ensuring they are integrated into the development process.
• Maintain accurate records of open-source components, licenses, and known vulnerabilities.
• Work closely with development teams and DevSecOps to facilitate the resolution of open-source component-related issues.
• Stay up to date with industry trends, vulnerabilities, and best practices related to open-source software.
• Understanding of vulnerability classification using National Vulnerability Database nomenclature such as CVE/CVSS.