Senior Consultant - ASM Patching Engineer
Job Summary
Join Deloitte's Cyber Defense & Resilience team as a forward deployed engineer focused on patching, remediation, and exposure reduction. In this role, you'll work directly with client stakeholders to prioritize vulnerabilities, coordinate patch execution, and improve remediation outcomes across enterprise environments.
Responsibilities
Leading day-to-day forward deployed engineering execution for client patching and remediation activities across infrastructure, middleware, endpoints, and applications
Prioritizing remediation activities using vulnerability findings, asset criticality, exploitability, and threat context
Coinciding with client technology teams to drive patch planning, execution, validation, and exception tracking
Developing dashboards, status reporting, and remediation metrics that show progress against exposure reduction goals
Supporting automation and mentoring junior practitioners in patching, remediation, and operational delivery activities
Qualifications
5+ years of experience in information technology, information security, vulnerability management, patch management, or a combination of these
4+ years of experience leading remediation execution, patch coordination, or forward deployed engineering activities in enterprise environments
4+ years of experience executing or overseeing patching across Windows, Linux, middleware, endpoints, or applications using tools such as BigFix, Microsoft Endpoint Configuration Manager, Red Hat Satellite, Windows Server Update Services, Tenable, Rapid7, or Qualys
2+ years of experience using PowerShell, Bash, Python, Ansible, Terraform, or JavaScript Object Notation for scripting, automation, or configuration activities
2+ years of experience using ServiceNow or another Information Technology Service Management platform to manage remediation workflows, exceptions, metrics, and status reporting
Preferred Qualifications
Bachelor's degree in Computer Science, Cybersecurity, Information Systems, Engineering, Information Technology, Mathematics, or Physics
Experience in a consulting environment
Experience presenting remediation status, risk updates, or delivery progress to client stakeholders
Experience with vulnerability prioritization based on exploitability, asset criticality, or attack path data
Experience with the National Institute of Standards and Technology Cybersecurity Framework, Center for Internet Security, International Organization for Standardization 27001, or Cloud Security Alliance Cloud Controls Matrix