USI - FY26 - Cyber Enterprise Security - DevSecOps - Manager

Summary

Position Summary

Job title: DevSecOps - Manager

About

At Deloitte, we do not offer you just a job, but a career in the highly sought-after risk Management field. We are one of the business leaders in the risk market. We work with a vision to make the world more prosperous, trustworthy, and safe. Deloitte’s clients, primarily based outside of India, are large, complex organizations that constantly evolve and innovate to build better products and services. In the process, they encounter various risks and the work we do to help them address these risks is increasingly important to their success—and to the strength of the economy and public security.

By joining us, you will get to work with diverse teams of professionals who design, manage, and implement risk-centric solutions across a variety of domains. In the process, you will gain exposure to the risk-centric challenges faced in today’s world by organizations across a range of industry sectors and become subject matter experts in those areas.

Our Risk and Financial Advisory services professionals help organizations effectively navigate business risks and opportunities—from strategic, reputation, and financial risks to operational, cyber, and regulatory risks—to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries. We use cutting-edge technology like AI/ML techniques, analytics, and RPA to solve Deloitte’s clients ‘most complex issues. Working in Risk and Financial Advisory at Deloitte US-India offices has the power to redefine your ambitions.

The Team

Cyber & Strategic Risk

Deloitte’s DevSecOps CI/CD Security Transformation and Secure Software Development Lifecycle engagement archetypes provide frameworks, templates, and leading practices for integrating security into software delivery pipelines. These resources include step-by-step workflows, staffing guidance, and project management tools to support DevSecOps roles and responsibilities

The cyber risk services—Identity & access management (IAM) practice helps organizations in designing, developing, and implementing industry-leading IAM solutions to protect their information and confidential data, as well as help them build their businesses and supporting technologies to be more secure, vigilant, and resilient. The IAM team delivers service to clients through following key areas:

• User provisioning
• Access certification
• Access management and federation
• Entitlements management
  
  

Work you’ll do

Roles & Responsibilities:

As a DevSecOps Manager, your core responsibility will be leading the implementation and ongoing management of DevSecOps practices across client's cloud and on-premises environments, which includes the following:

• Conduct interviews and assessments to understand client requirements, current state and DevSecOps practice maturity.
• Define strategy and take responsibility in driving adoption of security automation, continuous integration/continuous delivery (CI/CD), and compliance within the software development lifecycle of client's environment.
• Understand and be compliant with the Service Level Agreements defined for the DevSecOps services
• Oversee the development and integration of security tools and automation for services such as threat modeling, security architecture reviews, secure development practices, code analysis, vulnerability scanning, API security, configuration management etc.
• Manage and mentor DevSecOps team and client's cross-functional teams, setting goals and tracking performance.
• Report on DevSecOps metrics, security posture, and process improvements to leadership and client stakeholders.
• Stay current with emerging DevSecOps tools, security threats, and regulatory requirements.
• Facilitate use of technology-based tools or methodologies to continuously improve the monitoring, management and reliability of the services provided to client.
  
  

Required Skills

• 9+ years of experience in application security development, security testing, integrating security tools, deployment and security management phases, with atleast 2+ years of leading the Devsecops projects.
• Strong understanding of security frameworks (e.g., NIST 800-53, PCI DSS,, ISO 27001, CIS Controls) and regulatory requirements (e.g., GDPR, HIPAA, PCI DSS)
• Investigative and analytical problem-solving skills along with excellent communication, project management, and stakeholder engagement skills.
• Experience in collecting, analyzing, and interpreting qualitative and quantitative data from defined application security services related sources (tools, monitoring techniques etc.)
• Understanding of solution designs and technical architectures to identify potential security risks and recommend mitigation strategies. Exposure to threat modeling exercise, zero trust architecture principles and secure by design practice.
• Knowledge and experience of OWASP Top 10, SANS Secure Programming, Security Engineering Principles;
• Hands-on experience in performing secure code reviews and penetration testing
• Hands-on experience in running, installing and managing SAST, DAST , SCA and IAST solutions, such as Checkmarx, Fortify and Contrast in large enterprise
• Understanding of leading vulnerability scoring standards, such as CVSS, and ability to translate vulnerability severity as security risk;
• Strong knowledge of CI/CD tools and hands on experience on at least one CI/CD tool set and building pipelines (including in cloud) using Team city, Bamboo, Jenkins, Chef, Puppet, selenium, AWS and AZURE DevOps;
• Hands on experience on container technology such as Kubernetes, Dockers, AKS, EKS.
• Knowledge of cloud environments and deployment solutions such as server less computing;
• Must have cloud security specialization in Security; and Certification such as EC-Council CEH (Certified Ethical Hacker), DevSecOps Professional (CDP) , ISC2 Certified Cloud Security Professional (CCSP), Certified API Security Professional (CASP) , CTMP (Certified Threat Modeling Professional) etc. are preferred.
  
  

Qualification

• Bachelor's degree or higher in Computer Science, IT or equivalent experience.
• Experience in cloud service providers such as AWS, GCP, Azure, Oracle and multi-cloud DevSecOps implementations.
• Background in Agile or Scrum methodologies.
• Solid and demonstrable comprehension of Information Security including OWASP/SANS, Security Test Case development (or mis-use case).
• Understanding of security essentials including; networking concepts, defense strategies, and current security technologies
• Experience with securing IaC templates (e.g., Terraform, CloudFormation) and integrating IaC scanning tools into pipelines to detect misconfigurations and vulnerabilities early in the provisioning process
• Experience in implementing and managing security measures within Kubernetes environments, designing and enforcing advanced security protocols for API infrastructure, managing and optimizing our containerized applications using Docker, automating and managing our infrastructure as code using Terraform, automating IT processes and configurations using Ansible, and identifying and mitigating potential security threats through comprehensive threat modeling practices.
• Familiarity with container security best practices, including image scanning, runtime protection, and orchestration security (e.g., Docker, Kubernetes).
• Experience with secrets management tools (e.g., HashiCorp Vault, AWS Secrets Manager).
• Ability to research and characterize security threats to include identification and classification of application related threat indicators.
  
  

Good to have:

Skills in scripting languages (e.g., Groovy for Jenkins, Bash, Python) to customize pipeline steps and automate repetitive tasks.

How You’ll Grow

At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India .

Deloitte’s culture

Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. Deloitte is committed to achieving diversity within its workforce, and encourages all qualified applicants to apply, irrespective of gender, age, sexual orientation, disability, culture, religious and ethnic background. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte.

Corporate citizenship

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with Deloitte’s clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world.

Recruiting tips

Finding the right job and preparing for the recruitment process can be tricky. Check out tips from our Deloitte recruiting professionals to set yourself up for success. Check out recruiting tips from Deloitte recruiters .

Benefits

We believe that to be an undisputed leader in professional services, we should equip you with the resources that can make a positive impact on your well-being journey. Our vision is to create a leadership culture focused on the development and well-being of our people. Here are some of our benefits and programs to support you and your family’s well-being needs. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you .

Our people and culture

Our people and our culture make Deloitte a place where leaders thrive. Get an inside look at the rich diversity of background, education, and experiences of our people. What impact will you make? Check out our professionals’ career journeys and be inspired by their stories.

Professional development

You want to make an impact. And we want you to make it. We can help you do that by providing you the culture, training, resources, and opportunities to help you grow and succeed as a professional. Learn more about our commitment to developing our people .

2023. See Terms of Use for more information.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.

Our purpose

Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities.

Our people and culture

Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work.

Professional development

At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India .

Benefits To Help You Thrive

At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you.

Recruiting tips

From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.

Requisition code: 306776