Senior Consultant

Position Summary

Deloitte’s Cyber business is passionate about making an impact with lasting change. Delivering our industry leading services requires fresh thinking and a creative approach. We collaborate with teams from across our organization in order to bring the full breadth of Deloitte, its commercial and public sector expertise, to best support our clients.

Our Deloitte Cyber team understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful solutions to help our clients navigate the ever-changing threat landscape. Through powerful solutions and managed services that simplify complexity, we enable our clients to operate with resilience, grow with confidence, and proactively manage to secure success.

As a Senior Consultant, Strategy, Growth, and Transformation, you will help clients modernize network security through cloud-delivered zero trust architectures. This role supports the design, deployment, and optimization of Zscaler capabilities across complex enterprise environments, helping organizations strengthen security posture, improve user access experiences, and enable secure transformation across on-premises and cloud ecosystems.

Work you'll do

As a Senior Consultant, Strategy, Growth, and Transformation on the Cyber Enterprise Security team, you will be responsible for…

• Designing, deploying, and managing Palo Alto Networks Next-Generation Firewalls (NGFW) across on-premises and cloud environments, including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP)

• Implementing and optimizing Prisma Access capabilities, including GlobalProtect, Prisma Agent, and Prisma Browser, to support secure internet access and remote access use cases

• Administering Panorama and Strata Cloud Manager to support centralized policy management, device configuration, visibility, and operational consistency across enterprise environments

• Configuring and tuning security capabilities including Threat Prevention, intrusion prevention system/intrusion detection system (IPS/IDS), Anti-Spyware, Antivirus, WildFire, Domain Name System (DNS) Security, and Secure Sockets Layer/Transport Layer Security (SSL/TLS) decryption policies

• Developing client solution designs and recommendations, integrating Palo Alto platforms with security information and event management/security orchestration, automation, and response (SIEM/SOAR) and identity provider tools, and supporting automation through Terraform, Ansible, or Python

The team

Our Enterprise Security offering embeds security in all aspects of digital transformation by securing a client’s technical backbone while enabling secure digital transformation. Includes security architecture, secure development and deployment, end-to-end cyber cloud capabilities, application security, and security for emerging technologies and connected products.

Qualifications

Required Qualifications

• BA/BS degree in a technical field (e.g., Computer Science, Cyber Security, Information Technology, or equivalent work experience)

• PCNSE (Palo Alto Networks Certified Network Security Engineer) certification

• 5+ years of progressively responsible experience in network security engineering, with demonstrated depth in Palo Alto Networks technologies and increasing levels of technical ownership and leadership over time

• 5+ years of hands-on experience designing, deploying, and managing Palo Alto Networks Next-Generation Firewalls (NGFW) in both on-premises and cloud environments (AWS, Azure, and/or GCP)

• 3+ years of experience designing, deploying, and managing Prisma Access, including configuration of GlobalProtect, Prisma Agent, and Prisma Browser for Internet and secure remote access use cases.

• 3+ years of experience designing, deploying, and managing Panorama centralized management, and Strata Cloud Manager

• 3+ years of experience configuring and tuning Palo Alto Threat Prevention features, including IPS/IDS, Anti-Spyware, Antivirus, WildFire, and DNS Security

• 3+ years of experience implementing and troubleshooting SSL/TLS Decryption policies, including forward proxy and inbound inspection, certificate management, and decryption exclusion handling

• 3+ years of hands-on experience defining, managing, and reviewing security policies, including rule base optimization, policy lifecycle management, and periodic access reviews

• 3+ years of experience with one or more major cloud service providers (AWS, GCP, Azure) and their native security toolsets, including deployment of VM-Series firewalls within cloud-native architectures

• Ability to travel up to 50%, on average, based on the work you perform and the clients and industries/sectors you serve

• Limited immigration sponsorship may be available

Preferred Qualifications

• Advanced cybersecurity certifications such as CISSP, CCIE Security, CCNP Security, or GIAC equivalents (e.g., GPEN, GCSA)

• Experience with automation tooling (e.g., Terraform, Ansible, Python) for provisioning, policy management, and configuration-as-code workflows

• Experience integrating Palo Alto Firewalls and Prisma with SIEM/SOAR platforms (e.g., Splunk, Microsoft Sentinel, Palo Alto XSOAR) via log streaming, API connectors, or syslog for threat detection and incident response workflows

• Experience designing and presenting Palo Alto network solution architectures (ideally tailored to client requirements, translating technical concepts for executive and non-technical stakeholders)

• Demonstrated experience working in large, complex enterprise environments with stringent security, compliance, and availability requirements

• Familiarity with identity provider integrations (e.g., Okta, Azure AD, Ping Identity) for SAML/SCIM-based authentication within Palo Alto Cloud Identity Engine (CIE)

• Ability to conduct SASE vendor competitive analysis and advise clients on solution selection based on specific use cases and requirements (e.g., Zscaler vs. Palo Alto Prisma vs. Netskope)

• Ability to conduct Zero Trust Architecture assessments and develop roadmaps aligning Zscaler capabilities to NIST SP 800-207 or CISA Zero Trust Maturity Model frameworks

• Previous consulting or "Big 4" experience, with a track record of delivering enterprise network security or SASE transformation engagements

The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $105,400 to $207,800.

You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.

Deloitte is committed to providing reasonable accommodations for people with disabilities. If you require a reasonable accommodation to participate in the recruiting process, please direct your inquiries to the Global Call Center (GCC) at USTalentCICInbox@deloitte.com.

Professional development

From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.