Senior Consultant: Vulnerability Management

Senior Consultant: Vulnerability Management Security and Privacy Services Senior Consultant: Vulnerability Management Specialist San Francisco/San Jose, California   Deloitte & Touche LLP's ("Deloitte & Touche's") Audit and Enterprise Risk Services business has a risk-based approach, experienced professionals, comprehensive methodologies, and technical resources. Deloitte & Touche's services combine competency and experience in the areas of financial reporting, risk management, and compliance.   Providing security across the enterprise - Deloitte & Touche's Security and Privacy Services   Business models today encourage, and even require, opening boundaries between customers, suppliers, and partners. Technology can enable that openness and is also seen as a means to help achieve compliance with corporate policy and regulation. However, behind this increased accessibility and reliance on technology exists real risks and challenges.  Technology can support compliance efforts, act as a business enabler, and provide a foundationto achieving secure systems.  Meanwhile complex network environments, global operations, and human beings often challenge an organization's security efforts. The increasing occurrence and complexity of security threats indicate that security has become a business imperative. Managing information risk at the enterprise level enables companies to achieve more efficient and effective security processes and programs. Issues such as stakeholder value, consumer confidence, brand and reputation protection, and legal and regulatory compliance can be addressed.   Digital information security is a management issue with global business implications. To succeed in today's network economy requires more than simply a focus on IT issues - it also requires a focus on security strategy and management.  Deloitte & Touche's Security and Privacy Services practice provides services that address how to take advantage of this dynamic situation while managing risks and are based on an enterprise-wide approach that focuses on security through seven areas:    - Application Integrity - Business Continuity Management - Identity & Access Management - Infrastructure & Operations Security - Privacy & Data Protection - Security Management - Vulnerability Management Job Duties: - Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards - Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement - Understand complex business and information technology management processes - Execute advanced services and supervise staff in delivering basic services - Assist in the selection and tailoring of approaches, methods and tools to support service offering or industry projects - Understand clients' business environment and basic risk management approaches - Demonstrate a general knowledge of market trends, competitor activities, Deloitte & Touche products and service lines - Actively participate in decision making with engagement management and seek to understand the broader impact of current decisions - Generate innovative ideas and challenge the status quo - Build and nurture positive working relationships with clients with the intention to exceed client expectations - Facilitate use of technology-based tools or methodologies to review, design and/or implement products and services - Identify opportunities to improve engagement profitability - Participate in and actively support mentoring relationships within practice - Excellent potential for 1) playing lead role in designated tasks of the project team in gathering, organizing and analyzing data; 2) making major contributions in assuring products/deliverables meet contract/work plan a Required Skills: - Security Audit - Penetration Testing-Network, Web and Custom Applications - Ethical Hacking - Vulnerability Assessments-Network, Web and Custom Applications - Enterprise IDS Implementation and Testing - Operating System and Application Hardening - Incident Response Training - Information Security Education - System security and controls including: Attack and penetration security Firewall Identity management Encryption technology Assessment of network vulnerability Network configuration and administration Virus software Security auditing techniques Computer control environments UNIX Security NT/Windows 2000 - Web application security design, development, and testing. - Custom application security design, development, and testing - Application Security source code and design review - Threat Modeling   - Enterprise IDS Implementation and Testing Preferred technology experience with the following:   - Firewall and router configuration, switches,  securenetwork architecture, VPNs, PKI, PMI, Portols, Cisco, PERL, python, C++, XML, HTML - ISS, SNORT, sniffer technologies, Windows 2000/NT, Solaris, AIX, HP-UX, Red Hat Linux, Checkpoint - IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5 - Strong experience in designing and deploying Security Information and Event Management (SEM) solutions - Strong technical skills and hands-on experience with leading Security Information and Event Management technologies such as ArcSight, Novell Sentinel, Network Intelligence, netFronsics, Symantec, etc.   Qualifications: - 4+ system security and controls experience - BA/BS in information technology or related field, MS preferred - CISSP, CCNA and/or CISA certification a plus - Prior Big 4/consulting experience a plus - Excellent verbal and written communication - Industry Experiences in financial services, high-tech, and /or healthcare a preferred - Willingness to travel About DeloitteDeloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Deloitte LLP and its subsidiaries are equal opportunity employers.