DAST/SAST Engineer

Are you looking to elevate your cyber career? Your technical skills? Your opportunity for growth? Deloitte's Government and Public Services Cyber Practice (GPS Cyber Practice) is the place for you! Our GPS Cyber Practice helps organizations create a cyber minded culture and become stronger, faster, and more innovative. You will become part of a team that advises, implements, and manages solutions across five verticals: Strategy, Defense and Response; Identity; Infrastructure; Data; and Application Security. Our dynamic team offers opportunities to work with cutting-edge cyber security tools, and grow both vertically and horizontally at an accelerated rate. Join our cyber team and elevate your career.

Work you'll do

• Identifying and exploiting business logic and framework related vulnerabilities in removing false positives, analyzing dynamic scan Webinspect, analyzing static scan Fortify SCA, Appscan reports.

• Enhance cyber awareness with clients and project teams.

• Work alongside federal clients to help them mitigate risk with the use of continuous monitoring and incident response.

• Establish security controls to ensure protection of client systems.

• Implement cutting edge security tools for our federal clients.

The team

Deloitte's Government and Public Services (GPS) practice - our people, ideas, technology and outcomes-is designed for impact. Serving federal, state, & local government clients as well as public higher education institutions, our team of more than 15,000 professionals brings fresh perspective to help clients anticipate disruption, reimagine the possible, and fulfill their mission promise.

At Deloitte, we believe cyber is about starting things-not stopping them-and enabling the freedom to create a more secure future. Our Cyber Application Security team advises federal clients on integrating security activities throughout the software development lifecycle to enable the design, build, and deployment of secure applications. Our team focuses on concept and requirements, design and development, verification, production and maintenance, and retirement. If you're seeking a career in vulnerability management, quality assurance, or GRC tools, then Application Security at Deloitte is the offering for you.

Qualifications

Required

• Minimum of a Bachelor's Degree required.

• 1+ years of experience with DAST or SAST Testing.

• 1+ years of experience on both commercial and open source tools Veracode, Cenzic Hailstorm, Burpsuite, AppScan, WebInspect, Appspider, sqlmap, OWASP ZAP, Fortify SCA, MetaSploit, etc

• 1+ years' experience within Secure SDLC and Security standards like OWASP, CWE, NIST, OSSTMM 5 Penetration Testing

• 1+ years' experience with Web and/or Application Security

• 1+ years' experience with a Scripting Language - RegEx, JS, Perl, SQL, .NET, etc.

• Ability to travel up to 30%, on average, based on the work you do and the clientsandindustries/sectorsyou serve.

• Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future

• Ability to obtain & maintain the required security clearance.

Preferred:

• A completed Industry/Cyber Security Certification (examples: CEH, GCIH, Security+, CASP, CISSP, CISA)

Information for applicants with a need for accommodation: ~~~

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.