T&T Consultant / Senior Consultant - Cloud Security & Penetration Testing - MY DRSC
Kuala Lumpur, MY
Are you ready to unleash your potential?
At Deloitte, our purpose is to make an impact that matters for our clients, our people, and the communities we serve.
We believe we have a responsibility to be a force for good, and WorldImpact is our portfolio of initiatives focused on making a tangible impact on society’s biggest challenges and creating a better future. We strive to advise clients on how to deliver purpose-led growth and embed more equitable, inclusive as well as sustainable business practices.
Hence, we seek talented individuals driven to excel and innovate, working together to achieve our shared goals.
We are committed to creating positive work experiences that foster a culture of respect and inclusion, where diverse perspectives are celebrated, and everyone is recognised for their contributions.
Ready to unleash your potential with us? Join the winning team now!
Job Description
As a Cyber Defense and Resilience Consultant, you will play a key role in helping Deloitte's clients across the South-East Asia (SEA) market identity and remediate security vulnerabilities across their cloud environments. Your primary focus will be conducting cloud security assessments and security testing across major Hyperscalers, helping clients strengthen their cyber resilience as they scale their cloud footprint.
This role combines hands-on technical assessment, security testing, and client advisory, with a dedicated focus on cloud security.
Depending on your experience and interests, you will have opportunities across a broad range of cloud security domains including cloud configuration and posture assessments, cloud penetration testing, cloud identity and access security, and cloud-native security architecture review. The role includes the following requirements:
- Conduct cloud security assessments across hyperscalers including AWS, Microsoft Azure, and Google Cloud Platform, evaluating configurations against security baselines and benchmarks (e.g., CIS Benchmarks, cloud provider security frameworks, CSA CCM).
- Perform cloud-focused security testing, including vulnerability assessments and penetration testing of cloud infrastructure, cloud-native applications, APIs, and containerized workloads.
- Simulate cyber attacks against cloud environments to identify configuration weaknesses, privilege escalation paths, and exploitable vulnerabilities.
- Review cloud identity and access management (IAM) configurations, network security groups, encryption settings, and data protection controls.
- Assess cloud security posture management (CSPM) and workload protection controls, identifying gaps against client risk appetite and compliance requirements.
- Develop and execute testing methodologies tailored to cloud-native architectures, serverless services, and multi-cloud environments.
- Prepare detailed reports on assessment and testing findings, including risk ratings and remediation recommendations specific to cloud environments.
- Recommend and support implementation of improvements to cloud security posture, guardrails, and policies.
- Collaborate with client cloud engineering and DevOps teams to validate findings and support remediation efforts.
- Stay updated with the latest cloud security tools, testing techniques, and hyperscaler service and security feature updates.
- Support business development activities including proposals and client presentations alongside senior team members.
Your role as a leader:
At Deloitte, we believe in the importance of empowering our people to be leaders at all levels. We expect our people to embrace and live our purpose and shared values, challenging themselves every day to identify issues that are most important to our clients, our people and the communities, and to make an impact that matters. Additionally, Consultants across our Firm are expected to:
- Actively seek out developmental opportunities for growth, act as strong brand ambassadors for the firm as well as share their knowledge and experience with others.
- Understand the goals of our internal and external stakeholder to set personal priorities as well as align their teams’ work to achieve the objectives.
- Constantly challenge themselves, collaborate with others to deliver on tasks and take accountability for the results.
- Build productive relationships and communicate effectively in order to positively influence teams and other stakeholders.
- Project integrity and confidence while motivating others through team collaboration as well as recognising individual strengths, differences, and contributions.
Who we are looking for:
- Must have: Strong passion and interest in cloud security assessments, security testing, and helping clients build resilient cloud environments.
- 2–5 years of experience in cybersecurity, with hands-on experience in cloud security assessments and/or cloud penetration testing.
- Proficiency in security testing across at least one major hyperscaler (AWS, Azure, or GCP); experience across multiple hyperscalers is a strong plus.
- Strong understanding of cloud-native architectures, common cloud misconfigurations, and cloud-specific attack vectors.
- Proficiency in using cloud security testing and posture management tools, alongside manual testing techniques.
- Relevant certifications (e.g., AWS Certified Security – Specialty, Microsoft Certified: Azure Security Engineer Associate, Google Professional Cloud Security Engineer, OSCP, CCSK, CCSP) are a plus.
- Excellent problem-solving and analytical skills, with the ability to work under pressure and deliver to tight timelines.
- Ability to self-manage and prioritize a variety of concurrent assessment engagements.
- Location in Malaysia.
Due to volume of applications, we regret only shortlisted candidates will be notified.
Please note that Deloitte will never reach out to you directly via messaging platforms to offer you employment opportunities or request money or your personal information. Kindly apply for roles that you are interested via this official Deloitte website.
#LI-AN