Deloitte Innovation Hub I Cyber Security I DevSecOps & Cloud Security Senior Engineer, Cairo, Egypt.

Egypt | Posted on 18-Aug-2024

Position Summary

Location
Cairo, Egypt Delivery Center
Cyber Security I DevSecOps & Cloud Security Senior Engineer, Cairo. Egypt

Connect to your career at Deloitte.

Deloitte drives progress. Using our vast range of expertise, that covers audit, risk advisory, and consulting services across tax, legal, business, technology, and corporate finance, we help our clients’ become leaders wherever they choose to compete. To do this, we invest in outstanding people. We build teams of future thinkers, with diverse talents and backgrounds, and empower them all to reach for and achieve more.

What brings us all together at Deloitte? It’s how we approach the thousands of decisions we make every day. How we behave, our beliefs and our attitudes. In other words: our values. Whatever we do, wherever we are in the world, we lead the way, serve with integrity, take care of each other, foster inclusion, and collaborate for measurable impact. These five shared values lead every decision we make and action we take, guiding us to deliver impact how and where it matters most. :Collaborate for measurable impact.


Connect to your opportunity. 

As a DevSecOps &Cloud Security Senior Engineer, you can expect to be involved in the following activities:

We are seeking a highly skilled and experienced Cloud Security Engineers with a specialization in one of the four public clouds, Oracle Cloud Infrastructure (OCI), Google Cloud Platform (GCP), Microsoft Azure and Amazon Web Services (AWS). The ideal candidate will be responsible for ensuring the security of clients’ cloud environments, by implementing and maintaining robust security measures and monitoring systems for potential threats. This role requires deep technical expertise in cloud security best practices, strong analytical skills, and the ability to collaborate effectively with cross-functional teams.


Responsibilities:

  • Design, implement, and manage security controls, policies, and procedures for the cloud environment to safeguard against unauthorized access, data breaches, and other security risks.
  • Conduct regular security assessments and audits of the security environment infrastructure, identifying vulnerabilities and areas for improvement, and recommending solutions to mitigate risks.
  • Develop and enforce cloud security best practices and policies across the organization.
  • Collaborate with development and operations teams to ensure secure deployment and operation of cloud applications.
  • Implement native cloud security controls, such as IAM, VM, EDR, cloud security posture management to ensure appropriate access to cloud resources.
  • Stay current with emerging cloud security threats, technologies, and best practices.
  • Provide security training and guidance to team members and stakeholders on cloud security measures.
  • Work with regulatory bodies to ensure compliance with industry standards and Middle East regulations related to cloud security.
  • Manage and configure security tools and software, such as firewalls, intrusion detection systems, and encryption technologies, within cloud environments.

Connect to your skills and professional experience


In order to succeed in this role, you will need to match the following criteria:
  • Bachelor’s degree in computer science, Information Security, or a related field.
  • Minimum of 3 years of related experience.

Strong hands-on experience on TWO of the below five domains:

Cloud and Container Security:

  • Experience with AWS, Azure, GCP or OCI and demonstrable affinity with Cloud technology.
  • Experience with containerization: Kubernetes, Docker. Practical experience with serverless and secure development environments, infrastructure-as-code is a plus.
  • Knowledge of information security principles and guidelines (including CIS, MITRE ATT&CK frameworks) is an advantage.

Governance and Risk Assessment:

  • Experience with security frameworks such as ISO, CSA and PCI.
  • Experience with the implementation of cloud risk frameworks and optimization of controls (in CI/CD pipelines).
Architecture and Design:
  • Experience with Secure Cloud Architecture Design and Implementation; Design solutions for improving Cloud Security by enforcement of cloud security guardrails and standards.
  • Experience with architecture and security reviews, threat modelling applications, and identifying areas of risk.
  • Experience with encryption in-flight and at-rest practices, as well as certificate and secrets
  • Knowledge of network architectures, topologies, and concepts (Firewalls, LB, WAF, CDN, VPC, ACL, TLS, SSH, and DNS).
  • Experience with security solutions such as WAF, IPS, and anti-DDOS systems.
  • Experience with network / perimeter security platforms and routing protocols, OSI layers etc.
  • Experience implementing strategies to support secure and compliant architectures.
DevOps & Engineering:
  • Good knowledge of application architecture (Microservices, API gateway, service mesh, message queues etc.) and technical expertise in designing controls to secure each layer within the application architecture (web layer, integration layer, backend).
  • Strong understanding of authentication and authorization patterns and their applicability within the development context (knowledge of Authentication / Authorization protocols and patterns, Authentication and Authorization within microservices).
  • Experience with infrastructure automation, infrastructure as code, automated application deployment, monitoring/telemetry, logging, reporting/dashboarding, and continuous delivery technologies.
Application Security & DevSecOps:
  • Experience in cybersecurity principles, assessment and triage for security flaws and common vulnerabilities for web and mobile applications. Ability to understand and assess both threats and vulnerabilities, articulating these to both technical and business stakeholders.
  • Experience with continuous security practices, including threat modelling, threat and vulnerability management, secure coding practices, and automated penetration testing.
  • Understanding of the OWASP Top 10 application security risks and how to address them.
  • Working knowledge of the Security Development Lifecycle (SDLC), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM).
  • Understanding of web application security scanning software and related penetration testing tools such as SAST/DAST/IAST/SCA.
  • Understanding of service-oriented architecture, building internet-scale, distributed, and critical services.
  • Experience on integration & automation of various security technologies.
Preferred Certifications:
  • Cloud Certifications by AWS/GCP/OCI/Azure.
  • Kubernetes Certifications
  • Relevant certifications such as CISSP, CCSP, AWS Certified Security – Specialty, or equivalent are highly desirable.
The following attributes are essential:
  • A willingness to work as part of a diverse team.
  • A commitment to continuous improvement and lifelong learning.
  • A passion for technology and a drive to deliver secure, high-quality solutions.
  • An ability to remain calm under pressure whilst continuing to pay attention to detail.
  • Strong analytical and problem-solving skills.
  • Excellent communication and interpersonal abilities.
  • Ability to work effectively in a fast-paced and dynamic environment.
  • Proactive and self-motivated with a keen attention to detail.

Personal independence

Regulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to several audit regulations, one of which requires that certain colleagues abide by specific personal independence constraints. This can mean that you and your "Immediate Family Members" are not permitted to hold certain financial interests (shares, funds, bonds etc.) with audit clients of the firm. The recruitment team will provide further detail as you progress through the recruitment process.

Connect to your Industry

“What attracted me to Deloitte were the endless opportunities and the collective experience of other like-minded individuals. Deloitte’s clients include many of the world’s largest organizations; I wanted to be part of a team that made a difference that I could be proud of.” Dan, Consulting

Connect with your colleagues

Location: Cairo. Egypt
Your Work, Your Way: We call our hybrid working vision Deloitte Works. And it does. We trust you to make the right choices around where, when, and how you work. You’ll be able to make decisions about how you work best, to be collaborative, learn from colleagues, share your experiences, build the relationships that will fuel your career and prioritize your wellbeing. Having great conversations with your team and your leadership paves the way for great collaborative ways of working.

Our commitment to you

Making an impact is more than just what we do: it’s why we’re here. So we work hard to create an environment where you can experience a purpose you believe in, the freedom to be you, and the capacity to go further than ever before.
We want you. The true you. Your own strengths, perspective, and personality. So, we’re nurturing a culture where everyone belongs, feels supported and heard, and is empowered to make a valuable, personal contribution. You can be sure we’ll take your wellbeing seriously, too. Because it’s only when you’re comfortable and at your best that you can make the kind of impact you, and we, live for.
Your expertise is our capability, so we’ll make sure it never stops growing. Whether it’s from the complex work you do, or the people you collaborate with, you’ll learn every day. Through world-class development, you’ll gain invaluable technical and personal skills. Whatever your level, you’ll learn how to lead.

Connect to your next step

A career at Deloitte is an opportunity to develop in any direction you choose. Join us and you’ll experience a purpose you can believe in and an impact you can see. You’ll be free to bring your true self to work every day. And you’ll never stop growing, whatever your level.