Deloitte Cloud Security Engineer in Lake Mary, Florida
Areyou an experienced, passionate pioneer in technology a solutions builder, aroll-up-your-sleeves technologist who wants a daily collaborative environment,think-tank feel and share new ideas with your colleagues - without theextensive demands of travel? If so, consider an opportunity with our USDelivery Center we are breaking the mold of a typical Delivery Center.
OurUS Delivery Centers have been growing since 2014 with significant, continuedgrowth on the horizon. Interested? Read more about our opportunity below
Work you ll do
As a Security Engineer you will provide security support forcloud-based infrastructure and hosted information systems through the RiskManagement Framework lifecycle. TheSecurity Engineer works closely with business and technical stakeholders toselect and help implement security controls as outlined within NIST SP 800series and agency guidelines and leads information systems through theAssessment and Authorization (A&A) process. Additionally, the Security Engineer advises on the design and developmentof secure systems architecture as well as industry best practices andinformation systems technologies available to meet security requirements.
Specific functions will include, but are not limited to:
Closely workingwith other cloud solution architects in planning, developing, and implementingsecurity controls
Drivingauthorization activities by developing and updating security documentation,including the creation of the System Security Plan (SSP), Contingency Plan(CP), and Configuration Management Plan (CMP)
Developing andimplementing controls using compliance tool software
Reviewingsecurity scans (e.g. Nessus) and communicating vulnerabilities to technicalstakeholders, and track them to remediation.
Reviewing cloudsystem configurations to ensure they are in accordance with agency and industrybest practice hardening guidelines.
Using thirdparty tools (e.g. Splunk/Nessus) to analyze systems and audit logs to identifyanomalies, threats, potential vulnerabilities, and configuration errors.
Communicatingclearly and effectively, both orally and in writing, to cloud migrationsecurity stakeholders.
Drafting andmonitoring Plans of Actions and Milestones (POA&Ms)
Analyzingproposed Configuration Change Requests related to design and configuration byconducting a security impact analysis to initiate required actions to maintainsecurity posture and ATO status.
Fromour centers, we work with Deloitte consultants to design, develop and buildsolutionsto help clientsreimagine, reshape and rewire the competitive fabric of entire industries. Our centers house a multitude of specialists,ranging from systems designers, architects and integrators, to creative digitalexperts, to cyber risk and human capital professionals. All work together ondiverse projects from advanced preconfigured solutions and methodologies, tobrand-building and campaign management. We are a unique blend of skillsand experiences, yet we underline the value of each individual, providingcustomized career paths, fostering innovation and knowledge development with afocus on quality. The US Delivery Center supports a collaborativeteamculture where we work and live close to home with limited travel.
o Bachelor s degree
o Possess or ability to obtain PublicTrust Clearance
o A minimum of 3 years experience
o Working knowledge of NIST RiskManagement Framework (RMF) and Ongoing Authorization
o Knowledge of Federal securityregulations, standards, and processes including FISMA, FIPS, NIST, and FedRAMP
o Experience interpreting ITvulnerability scanning results (e.g. Nessus)
o Strong verbal and writtencommunication skills
o 5 years experience in aninformation system security role
o Cloud Solution Architect experience
o Experience with commercial cloudservices (e.g AWS) tools and environment
o Knowledge in Splunk dashboardconfiguration for alerting and analytics
o A&A experience with commercialIaaS services
o Experience with developingconfiguration policy and rulesets for services provided by commercial IaaSproviders, including AWS
o Experience leveraging COTS productsor cloud service provider services to build and manage automation capabilitiesfor automated remediation of misconfigurations, patches, and vulnerability management
o Certification(s) Preferred: CISSP,CCSP, CISM, CISA, CAP, AWS Associate, MC SA
AdditionalUS Delivery Center Requirements:
- Must be willing to live and work in the Orlando, FL, or Gilbert, AZ or Mechanicsburg, PA
How you ll grow
At Deloitte, ourprofessional development plan focuses on helping people at every level of theircareer to identify and use their strengths to do their best work every day.From entry-level employees to senior leaders, we believe there s always room tolearn. We offer opportunities to help sharpen skills in addition to hands-onexperience in the global, fast-changing business world. From on-the-joblearning experiences to formal development programs, our professionals have avariety of opportunities to continue to grow throughout their career.
At Deloitte, weknow that great people make a great organization. We value our people and offeremployees a broad range of benefits.
Our positive andsupportive culture encourages our people to do their best work every day. Wecelebrate individuals by recognizing their uniqueness and offering them theflexibility to make daily choices that can help them to be healthy,centered, confident, and aware. We offer well-being programs and arecontinuously looking for new ways to maintain a culture where our people exceland lead healthy, happy lives.
Deloitte is ledby a purpose: to make an impact that matters. This purpose defines who we areand extends to relationships with our clients, our people and ourcommunities. We believe that business has the power to inspire andtransform. We focus on education, giving, skill-based volunteerism, andleadership to help drive positive social impact in our communities. Learn more about Deloitte s impact on the world. at http://www2.deloitte.com/us/en/pages/about-deloitte/articles/deloitte-corporate-citizenship.html
Wewant job seekers exploring opportunities at Deloitte to feel prepared andconfident. To help you with your interview, we suggest that you do yourresearch: know some background about the organization and the business areayou re applying to. Check out recruiting tips from Deloitte professionals. at http://www2.deloitte.com/us/en/pages/careers/topics/recruiting-tips.html
Category: Information Technology
As used in this document, Deloitte means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.