Deloitte
Application Security Compliance Engineer
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Deloitte
Deloitte is a global professional services firm founded in 1845 by William Welch Deloitte in London. Initially focused on independent financial auditing, it has grown into one of the largest professional services networks, employing over 450,000 people across more than 150 countries. Deloitte offers a wide range of services, including audit and assurance, tax, consulting, financial advisory, and risk services, catering to organizations from Global 500 companies to private businesses. The firm has a rich history, marked by significant milestones such as becoming the first independent auditor for a public company in 1849. Over the years, Deloitte has expanded internationally and evolved through mergers, notably forming Deloitte Touche Tohmatsu. Its consulting division has seen rapid growth, particularly in strategy, operations, and technology. Deloitte emphasizes making a meaningful impact through connection, collaboration, and innovation, reflecting its commitment to adapting to the needs of diverse industries.
Security at Deloitte
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“Stated AppSec Mission:"Makes security consumable to the business."– Deloitte Secure by Design (https://www.deloitte.com/us/en/services/consulting/services/secure-by-design.html), Service page. - Developer Enablement vs. Gatekeeping:"Real-time dashboards and developer plugins give clear, actionable feedback"– Deloitte Cyber Insights (https://www.deloitte.com/us/en/services/consulting/articles/the-current-cybersecurity-insights.html), Article. - Risk Philosophy:"The assessment framework and methodology should be standardized"– Deloitte Secure by Design (https://www.deloitte.com/us/en/services/consulting/services/secure-by-design.html), Service page. - Stated Pain Points or Goals (verbatim):"operationalized threat modeling"– Deloitte Secure by Design (https://www.deloitte.com/us/en/services/consulting/services/secure-by-design.html), Service page. - Gaps & Contradictions:Security champions program description not found: Information not publicly available.”
Security Team
Org Structure & Reporting Line:Information not publicly available. - Key Public-Facing Leaders (top public profiles):Kevin Heckel, Managing Director - Deloitte US Cyber Application Leader – https://www.linkedin.com/in/kevinheckel ; Key quote: "Managing Director - Deloitte US Cyber Application Leader"– LinkedIn profile, Profile.Adnan Amjad, Partner | US Cyber Leader – Deloitte people profile (listed on Secure by Design contact section): "Partner | US Cyber Leader"– Deloitte Secure by Design contact (https://www.deloitte.com/us/en/services/consulting/services/secure-by-design.html), Service page. - Team Size Estimate (as_of:):LinkedIn Search Query Used: site:linkedin.com "Deloitte""Application Security"OR "Application Security Engineer"(global)Result: Information not publicly available. - Active AppSec Job Postings (as_of:):Count: 78 – "78 jobs"– Deloitte careers (https://apply.deloitte.com/en_US/careers/SearchJobs/Application%20Security?132=%5B1240%5D&132_format=698&5402=%5B479%5D&5402_format=3876), Careers search page. - Common Skill/Tool Patterns (verbatim mentions across Deloitte pages):"Continuous integration and continuous delivery (CI/CD) pipelines"– Deloitte Cyber Insights (https://www.deloitte.com/us/en/services/consulting/articles/the-current-cybersecurity-insights.html), Article."Static and dynamic analysis (SAST/DAST)"– Deloitte Cyber Insights (https://www.deloitte.com/us/en/services/consulting/articles/the-current-cybersecurity-insights.html), Article."Automated secrets detection"– Deloitte Cyber Insights (https://www.deloitte.com/us/en/services/consulting/articles/the-current-cybersecurity-insights.html), Article. - Gaps & Contradictions:No public evidence found describing AppSec reporting line, exact team size, or named internal security champions.
Key Initiatives
Security Champions Program:Status: No Evidence Found. Information not publicly available. - "Shift Left"in Practice:"enabling a shift-left approach"– Deloitte Secure by Design (solution in action), Service page."Continuous integration and continuous delivery (CI/CD) pipelines"– Deloitte Cyber Insights. - Vulnerability Management Process (intake, triage, remediation):Intake sources quoted: "assessments might include security architecture review, threat modeling"– Deloitte Secure by Design.Triage/Remediation evidence: "The assignment, status, and service level agreements (SLAs) for security tasks are stored centrally"– Deloitte Secure by Design."automated vulnerability tracking"– Deloitte Secure by Design solution examples. - Secure SDLC Artifacts:"Before deployment, project teams should share how each requirement was met"– Deloitte Secure by Design."Standardized implementation of security requirements offers consistency"– Deloitte Secure by Design (phrase present in page content). - Recent Initiatives (Last 6 Months):"Scaling AppSec for GenAI"– Deloitte Secure by Design (Dec 2025 content)."AI-enabled Secure by Design"– Deloitte Secure by Design. - Gaps & Contradictions:No public SLAs with numeric MTTR or remediation timelines found. No public documentation of a named internal security champions program.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.