Deloitte Jobs

Job Information

Deloitte Cloud Security Sr Engineer in Mechanicsburg, Pennsylvania

Are you an experienced, passionate pioneer in technology a solutions builder, a roll-up-your-sleeves technologist who wants a daily collaborative environment, think-tank feel and share new ideas with your colleagues - without the extensive demands of travel? If so, consider an opportunity with our US Delivery Center we are breaking the mold of a typical Delivery Center.

Our US Delivery Centers have been growing since 2014 with significant, continued growth on the horizon. Interested? Read more about our opportunity below

Work you ll do

As a Security Engineer you will provide security support for cloud-based infrastructure and hosted information systems through the Risk Management Framework lifecycle. The Security Engineer works closely with business and technical stakeholders to select and help implement security controls as outlined within NIST SP 800 series and agency guidelines and leads information systems through the Assessment and Authorization (A&A) process. Additionally, the Security Engineer advises on the design and development of secure systems architecture as well as industry best practices and information systems technologies available to meet security requirements.

Specific functions will include, but are not limited to:

Closely working with other cloud solution architects in planning, developing, and implementing security controls

Driving authorization activities by developing and updating security documentation, including the creation of the System Security Plan (SSP), Contingency Plan (CP), and Configuration Management Plan (CMP)

Developing and implementing controls using compliance tool software

Reviewing security scans (e.g. Nessus) and communicating vulnerabilities to technical stakeholders, and track them to remediation.

Reviewing cloud system configurations to ensure they are in accordance with agency and industry best practice hardening guidelines.

Using third party tools (e.g. Splunk/Nessus) to analyze systems and audit logs to identify anomalies, threats, potential vulnerabilities, and configuration errors.

Communicating clearly and effectively, both orally and in writing, to cloud migration security stakeholders.

Drafting and monitoring Plans of Actions and Milestones (POA&Ms)

Analyzing proposed Configuration Change Requests related to design and configuration by conducting a security impact analysis to initiate required actions to maintain security posture and ATO status.

The Team

From our centers, we work with Deloitte consultants to design, develop and build solutionsto help clients reimagine, reshape and rewire the competitive fabric of entire industries. Our centers house a multitude of specialists, ranging from systems designers, architects and integrators, to creative digital experts, to cyber risk and human capital professionals. All work together on diverse projects from advanced preconfigured solutions and methodologies, to brand-building and campaign management. We are a unique blend of skills and experiences, yet we underline the value of each individual, providing customized career paths, fostering innovation and knowledge development with a focus on quality. The US Delivery Center supports a collaborativeteam culture where we work and live close to home with limited travel.

Qualifications Required

o Bachelor s degree

o Possess or ability to obtain Public Trust Clearance

o 3 years experience

o Working knowledge of NIST Risk Management Framework (RMF) and Ongoing Authorization

o Knowledge of Federal security regulations, standards, and processes including FISMA, FIPS, NIST, and FedRAMP

o Experience interpreting IT vulnerability scanning results (e.g. Nessus)

o Strong verbal and written communication skills

Preferred:

o 5 years experience in an information system security role

o Cloud Solution Architect experience

o Experience with commercial cloud services (e.g AWS) tools and environment

o Knowledge in Splunk dashboard configuration for alerting and analytics

o A&A experience with commercial IaaS services

o Experience with developing configuration policy and rulesets for services provided by commercial IaaS providers, including AWS

o Experience leveraging COTS products or cloud service provider services to build and manage automation capabilities for automated remediation of misconfigurations, patches, and vulnerability management

o Certification(s) Preferred: CISSP, CCSP, CISM, CISA, CAP, AWS Associate, MC SA

Must be willing to live and work in the Orlando, FL or Gilbert, AZ or Mechanicsburg, PA

How you ll grow

At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there s always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.

Category: Information Technology

About Deloitte

As used in this document, Deloitte means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

DirectEmployers