Deloitte Sr. Web App Security Engineer in Arlington, Virginia

Deloitte is one of the leading professional services organizations in the United States, specializing in audit, tax, consulting and financial advisory services with clients in more than 20 industries. We provide powerful business solutions to some of the world s most well-known and respected companies, including more than 75 percent of the Fortune 100.At Deloitte, you can have a rewarding career on every level. In addition to challenging and meaningful work, you ll have the chance to give back to your community, make a positive impact on the environment, participate in a range of diversity and inclusion initiatives, and find the support, coaching, and training it takes to advance your career. Our commitment to individual choice lets you customize aspects of your career path, your educational opportunities and your benefits. And our culture of innovation means your ideas on how to improve our business and your clients will be heard.

Are you passionate about cyber and security challenges in information technology, associated with threats and vulnerabilities?If you are interested in a role that offers an opportunity to provide front line support to our clients thenDeloitte s Technology Risk team could be the place for you! Join ourTechnology Risk team and help Federal clients address information and technology risks related to cyber security, data leakage, identity and access management, and data security.

Work you ll do

As a Project Delivery Manager in the Technology Risk group you will:

  • Improve the operational systems, processes, and policies in support of the client s mission through the management and guidance of multiple work streams, teams, and clients

  • Support engagements related but not limited toOperations & Maintenance, Helpdesk Operations, Software and Application Development and Maintenance, Financial Operations, and Project and Acquisition Management

  • Provide input to key deliverable structure and content, as well as facilitating buy-in of proposed solutions from top management levels

  • Direct timely delivery of quality work products for the client

  • Manage engagement risk

  • Provide professional development of junior staff performing the role of counselor and coach, as well as providing leadership and support

  • Assess web and cloud architectures, Redhat-basedinfrastructures, system configurations, code (e.g. PHP), and SDLC processes forsecurity vulnerabilities and policy compliance and provide mitigatingstrategies

  • Provide expertise on federal laws and policies pertainingto web applications and cloud-based systems including implementation ofE-Authentication

  • Create system security plans, conduct securityassessments, and perform risk assessments in accordance with NIST standards andguidelines for both web applications and cloud-based systems

  • Provide expertise on and evaluate Apache, Redhat Linux,Cloudera Hadoop, and Postgress and SQL server databases to ensure secureconfigurations, defense-in-depth, and least-privilege are implemented

  • Utilize vulnerability and code scanners and work withsystem owners to remediate vulnerabilities

  • Perform coordinated penetration test activities

  • Review system logs for potential of any unauthorizedactivities

  • Proactively work with team members to identify and addresssecurity and compliance issues

The Team

Transparency, innovation, collaboration, sustainability: these are the hallmark issues shaping Federal government initiatives today. Deloitte s Federal practice is passionate about making an impact with lasting change. Carrying out missions in the Federal practice requires fresh thinking and a creative approach. We collaborate with teams from across our organization in order to bring the full breadth of Deloitte, its commercial and public sector expertise, to best support our clients. Our aspiration is to be the premier integrated solutions provider in helping to transform the Federal marketplace.

Qualifications

Required:

  • Typically has 7 or more years of consulting and/or industry experience

  • Ability to supportengagements of greater than average size and complexity

  • Ability to lead multiple teams and multiple clients with confidence

  • Excellent teamwork and interpersonal skills

  • Professional oral and written communication skills

  • Ability to mentor and manage junior staff and further their professional growth

  • Ability to obtain and maintain the required clearance for this role

Preferred:

  • Prior professional services or federal consulting experience

  • Bachelor s Degree

  • 10 years experience in Information Security specific to web applications and cloud based architectures and systems

  • 5 years experience building and managing Redhat Linux server platforms and web applications

  • Expertise with various means of Linux authentication (LDAP, Kerberos) and integrated authentication with other environments and platforms (Windows Active Directory, Public Key Infrastructure)

  • Expertise in configuring, assessing, and securing Redhat 6/7 platforms, Apache, and postgress & SQL server databases.

  • Expertise in evaluating web application code for security flaws. Solid knowledge of PHP, Javascript, and shells such as bash

  • Experience performing penetration tests on web-based applications and Linux environments

  • Thorough understanding of and expertise in generating SA&A documentation to include System Security Plans, Security Assessments, and Risk Assessments. Experience performing security assessment activities for both web and cloud-based systems (e.g. FedRAMP).

  • Thorough knowledge of applicable federal laws and directives that pertain to web applications, E-Authentication, TIC (Trusted Internet Connection), cloud, and system security.

  • Experience using security scanners (e.g. Nessus, Nexpose, WebInspect, etc) and remediating vulnerabilities

  • Experience implementing application firewall rules and iptables

  • Experience reviewing system logs for potential intrusions and policy violations

  • Experience securing Cloudera Hadoop

How you ll grow

At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there s always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.

Benefits

At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits.Learn more about what working at Deloitte can mean for you.

Deloitte s culture

Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture where our people excel and lead healthy, happy lives.

Corporate citizenship

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte s impact on the world.

Recruiter tips

We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you re applying to.Check out recruiting tips from Deloitte professionals.

About Deloitte

As used in this document, Deloitte means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Disclaimer: If you are not reviewing this job posting on our Careers site (careers.deloitte.com) or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at careers.deloitte.com.

Category: Information Technology