Cyber Identity - PAM/Non Human Identity Senior Consultant
Non-Human Identity Senior Consultant
Join Deloitte's Cyber team to help clients secure the machine, service, and application identities that power modern digital environments. In this role, you will assess, design, and implement Non-Human Identity controls across cloud and hybrid ecosystems, with a focus on governance, secrets management, and privileged access. You will work with clients to reduce identity risk, improve operational resilience, and strengthen security across automation pipelines and platforms. This is an opportunity to contribute to an evolving capability area while delivering solutions in a high-demand cybersecurity market.
Recruiting for this role ends on 5/31/2026.
Work you'll do
As a Non-Human Identity SC on the Cyber team, you will help clients secure machine, service, and application identities across cloud and hybrid environments by:
- Assessing client environments to identify Non-Human Identity risks, including secrets sprawl, over-permissioned service accounts, orphaned credentials, and lifecycle governance gaps
- Designing and deploying governance, privileged access, and secrets management capabilities for non-human identities across cloud, hybrid, and containerized platforms
- Implementing controls such as credential vaulting, automated rotation, just-in-time access, workload identity federation, and application credential integrations using enterprise and cloud-native tools
- Advising clients on Non-Human Identity architecture, operating procedures, and implementation plans, including high-level design, low-level design, and runbooks
- Leading project workstreams, supporting proposals and statements of work, and contributing to practice development through reusable assets and market-facing content
The team
Our team helps organizations secure the identities of machines, services, and applications that support digital infrastructure. As cloud adoption, automation, and platform engineering expand, non-human identities have become a growing attack surface. We work with clients to improve visibility, establish governance, and implement controls that support secure and resilient operations.
Qualifications
Required:
- Bachelor's degree in Computer Science, Cybersecurity, Information Security, Engineering, Information Technology, Finance, Business, or a similar field
- 4+ years of experience developing, implementing, or architecting information systems
- 4+ years of experience implementing Privileged Access Management or secrets management solutions in cloud environments, hybrid environments, or both
- 4+ years of experience with at least 1 enterprise Privileged Access Management platform or secrets management platform, such as CyberArk, BeyondTrust, Delinea, HashiCorp Vault, Amazon Web Services Secrets Manager, or Azure Key Vault
- 4+ years of experience in at least 3 of the following: automated credential rotation, application credential vaulting, service account governance, service account provisioning and deprovisioning, entitlement reviews, least-privilege access design, integration with Lightweight Directory Access Protocol or Active Directory, integration with Kubernetes, Terraform, Jenkins, or GitHub Actions, scripting in PowerShell, Python, or Bash, or automation using Representational State Transfer application programming interfaces
- Ability to travel 25-50%, on average, based on the work you do and the clients and industries/sectors you serve.
- Limited immigration sponsorship may be available.
Preferred:
- 1+ year of consulting experience
- Experience with at least 1 Non-Human Identity or machine identity platform, such as Astrix Security, Entro Security, Clutch Security, Venafi, or Teleport
- Experience with at least 1 of the following: SPIFFE, SPIRE, workload identity federation, Istio, or Consul
- Experience securing identities in at least 1 continuous integration, continuous delivery, or infrastructure as code environment, such as GitHub Actions, Jenkins, Terraform, or Kubernetes
- 1 or more of the following certifications: AWS Certified Security - Specialty, Microsoft Azure Security Engineer Associate (AZ-500), Google Professional Cloud Security Engineer, or Certified Cloud Security Professional
- 1 or more of the following certifications: CyberArk Certified Delivery Engineer or Certified Information Systems Security Professional
The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $102,500 to $188,900.
You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.
|
