Deloitte Senior Systems Security Engineer (TS/SCI) in Washington, District Of Columbia
Are you looking to elevate your cyber career? Your technical skills? Your opportunity for growth? Deloitte's Government and Public Services Cyber Practice (GPS Cyber Practice) is the place for you! Our GPS Cyber Practice helps organizations create a cyber minded culture and become stronger, faster, and more innovative. You will become part of a team that advises, implements, and manages solutions across five verticals: Strategy, Defense and Response; Identity; Infrastructure; Data; and Application Security. Our dynamic team offers opportunities to work with cutting-edge cyber security tools and grow both vertically and horizontally at an accelerated rate. Join our cyber team and elevate your career.
Work you'll do
Seeking candidates who have experience in the following:
Have excellent verbal and written communication skills to be able to accurately relate requirements and document all within the appropriate security document and/or within the RMF system and coordinate with program, other system(s), and security personnel;
Prepare documentation from templates and POA&M to ensure compliance with Federal IA requirements as well as coordinate review(s) and approvals;
Identify IA vulnerabilities and coordinate with the Infrastructure and Development teams to correct, mitigated or apply for an exception via the POA&M processes;
Review vulnerability (i.e., patches, updates, etc.) and compliance (i.e., SCAP or DISA STIGs scans on the infrastructure and applications to ensure patch and configuration compliance (on-premises and in the cloud (AWS preferred))
Support clients with data protection, IoT, and overarching cloud capabilities.
Implement core and cloud infrastructure security to manage risks and exposure.
Perform cyber reconnaissance to illuminate a potential attack surface area.
Provide threat and vulnerability management to federal clients and teams.
Analyze tactical network architectures and topologies to assess security risks.
Deloitte's Government and Public Services (GPS) practice - our people, ideas, technology and outcomes-is designed for impact. Serving federal, state, & local government clients as well as public higher education institutions, our team of more than 15,000 professionals brings fresh perspective to help clients anticipate disruption, reimagine the possible, and fulfill their mission promise
At Deloitte, we believe cyber is about starting things-not stopping them-and enabling the freedom to create a more secure future. Cyber Infrastructure is focused on rethinking how security is integrated across modernized infrastructure as cyber threats become more complex. If you're seeking a career implementing, architecting, and-in select cases-handling next generation controls to manage security risks and exposure, then the Cyber Infrastructure team at Deloitte is for you.
Bachelor's degree required.
Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.
Active TS/SCI security clearance required
5 days onsite required.
Prepare SAA package(s) to obtain and maintain an authority-to-operate (ATO), authority-to-test (ATT), or other SAA authority types for all systems and applications;
Attend meetings and review all change requests for impact to the system/application security posture(s) and applicable compliance requirements; and document decisions;
Coordinate security incident and high priority compliance responses'
Represent program security interests in various meetings within and outside of the program;
Schedule and conduct meetings with pertinent program personnel to address findings to determine appropriate path forward and document within the CMP and, if necessary, POA&M;
Coordinates with other system ISSO to ensure that their requirements for interconnection, policy and procedures are met and all documentation is provided and updated as necessary;
Ability to assess current and evolving security threats in an operational environment;
Experience in a cyber-risk and compliance management system (e.g., Xacta, RiskVision, etc.);
Experience configuring, performing, scheduling, reviewing, and assessing vulnerability (i.e., patches, updates, etc.) and compliance (i.e., SCAP or DISA STIG) scans on the infrastructure and applications to ensure patch and configuration compliance on-premises and in the cloud (AWS preferred);
Technical background that will assist in assessing the NIST SP 800-53 security controls and gather evidence to support conclusions; and
Knowledge of operating systems, network and application security to aid implementation of information security and assurance principle;
Knowledge of SPLUNK software and tools.
Prior professional services or federal consulting experience
Previous Security Operations Center experience
Experience in mobile and endpoint security
Certifications (e.g., CompTIA Security+, CEH, CISSP)