Deloitte is a leading professional services firm seeking a Cloud Security Engineer Manager to serve as a technical interface and subject matter expert in designing and implementing micro-segmentation services. The role involves collaborating with various teams to support product integration and safeguard critical business applications against cyber threats.
Responsibilities:
- Assist in the design, implementation, and sustainment of zero trust architectures to safeguard critical assets and data against emerging cyber threats
- Serve as the subject matter expert (SME) for application micro-segmentation and zero-trust principles, methodologies, and technologies
- Collaborate with Network and Firewall Teams, Application Teams, Server Teams, Cloud Engineering Teams etc. to design, implement, and support an enterprise-class application-centric micro-segmentation solution and service
- Lead implementation of micro-segmentation to safeguard critical applications as part of a multi-year program
- Identify new service requirements in support of our Zero Trust strategy
- Lead and support troubleshooting for micro-segmentation service
Requirements:
- Bachelor's degree or equivalent in Information Technology, Computer Science, or Engineering
- Minimum 6 years of related Cyber Security experience with a focus on network security engineering, including firewall policy design, rule management, and hands-on experience securing east-west traffic in enterprise environments
- Proficiency in Python development for automation and scripting, including experience building security tooling, policy automation, or infrastructure-as-code workflows
- Networking fundamentals with demonstrated experience across both cloud environments (AWS, Azure, or GCP) and on-premises data center infrastructure, including VLANs, subnetting, routing protocols, firewall policy, and east-west traffic segmentation
- Experience with micro-segmentation platforms (e.g., Illumio, Guardicore, Cisco Secure Workload) and practical application of Zero Trust principles such as least-privilege access, identity-aware policy enforcement, and network segmentation strategy
- Experience deploying, managing, and tuning micro-segmentation security policies
- Networking knowledge and experience in traffic analysis using tools such as Wireshark
- Experience with virtualization technologies such as VMware, Hyper-V
- Experience with cloud platforms such as Azure, GCP and/or AWS
- Understand application tiering architecture (web, application, database), communication patterns and application connectivity
- Experience with Windows server/Linux operating systems
- Knowledge of the Zero Trust Framework or NIST 800-207 (Zero Trust Architecture)
- Experience working with all levels of management, stakeholders, and vendors
- Familiarity with technologies such as Infrastructure-as-a-Service (IaaS), Software-Defined Networking (SDN) and containers
- Experience designing and managing firewalls or other network segmentation tools
- Experience setting up, configuring, policy creation, and troubleshooting firewalls such as Palo Alto, Cisco, Windows Packet Filtering, and IP Tables
- Well versed in one of the scripting languages (e.g. PowerShell, Python and BASH)
- System forensics and investigation skills, including analyzing system artifacts (e.g. file system, memory, running processes, network connections, logs)
- CISSP, GIAC, CCNA or other related Information Security certifications