Deloitte US

Are you looking to elevate your cyber career? Your technical skills? Your opportunity for growth? Deloitte’s Government and Public Services Cyber Practice (GPS Cyber Practice) is the place for you! Our GPS Cyber Practice helps organizations create a cyber minded culture and become stronger, faster, and more innovative. You will become part of a team that advises, implements, and manages solutions across five verticals: Strategy, Defense and Response; Identity; Infrastructure; Data; and Application Security. Our dynamic team offers opportunities to work with cutting-edge cyber security tools and grow both vertically and horizontally at an accelerated rate. Join our cyber team and elevate your career.

Work you’ll do

Seeking an Information System Security Officer to join and to apply current Information Assurance (IA) technologies to the architecture, design, development, evaluation, and integration of applications, systems, and networks to maintain the system security posture.

• Implement risk management programs for our federal clients by utilizing NIST, RMF, and FISMA compliance frameworks.
• Enhance cyber awareness with clients and project teams.
• Work alongside federal clients to help them mitigate risk with the use of continuous monitoring and incident response.
• Establish security controls to ensure protection of client systems.
• Implement cutting edge security tools for our federal clients.

The team

Deloitte’s Government and Public Services (GPS) practice – our people, ideas, technology and outcomes—is designed for impact. Serving federal, state, & local government clients as well as public higher education institutions, our team of more than 15,000 professionals brings fresh perspective to help clients anticipate disruption, reimagine the possible, and fulfill their mission promise. 

At Deloitte, we believe cyber is about starting things—not stopping them—and enabling the freedom to create a more secure future. Cyber Strategy, Defense and Response (SDR) focuses on helping federal clients design and implement transformational enterprise security programs with an emphasis on defending against, recovering from, and mitigating major cyberattacks. If you’re seeking a career that increases cyber awareness, utilizes risk management programs, and develops strategies for cyber defense and response, then the Cyber SDR offering at Deloitte is for you.

Qualifications 

Required: 

• Bachelor’s degree required.
• Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.
• Active TS/SCI security clearance required 
• Onsite 5 days a week.
• Experience with assessing and documenting results for system(s), infrastructure(s) and applications (on-premises and cloud (i.e., AWS GovCloud and/or Azure GovCloud)) against NIST SP 800-53 security controls and SP 800-171 Risk Management Framework (RMF) processes.

• Seeking candidates who have experience in the following:
• Have excellent verbal and written communication skills to be able to accurately relate requirements and document all within the appropriate security document and/or within the RMF system and coordinate with program, other system(s), and security personnel;
• Ensure all annual FISMA deadlines are met and/or ensures the Government PM is apprised when the deadlines cannot be met and/or when assistance is required to meet the deadlines;
• Prepare documentation from templates and POA&M to ensure compliance with Federal IA requirements as well as coordinate review(s) and approvals;
• Must be able to discern the program policies and procedures, identify areas that need work and bring up to management for resolution;
• Identify IA vulnerabilities and coordinate with the Infrastructure and Development teams to correct, mitigated or apply for an exception via the POA&M processes;
• Review vulnerability (i.e., patches, updates, etc.) and compliance (i.e., SCAP or DISA STIGs scans on the infrastructure and applications to ensure patch and configuration compliance (on-premises and in the cloud (AWS preferred))
• Seeking candidates who have additional experience in the following:
• Prepare SAA package(s) to obtain and maintain an ATO, authority-to-test (ATT), or other SAA authority types for all systems and applications;
• Attend meetings and review all change requests for impact to the system/application security posture(s) and applicable Federal compliance requirements; and document decisions;
• Coordinate security incident and high priority compliance responses with the Enterprise Security Operations Center 
• Represent program security interests in various meetings within and outside of the program;
• Schedule and conduct meetings with pertinent program personnel to address findings to determine appropriate path forward and document, if necessary, POA&M;
• Coordinates with other system ISSO to ensure that their requirements for interconnection, policy and procedures are met and all documentation is provided and updated as necessary
• Ability to assess current and evolving security threats in an operational environment;

Preferred:

• Experience in a cyber risk and compliance management system (e.g., Xacta, RiskVision, etc.);
• Experience with configuring, performing, scheduling, reviewing, and assessing vulnerability (i.e., patches, updates, etc.) and compliance (i.e., SCAP or DISA STIGs scans on the infrastructure and applications to ensure patch and configuration compliance on-premises and in the cloud (AWS preferred);
• Technical background that will assist in assessing the NIST SP 800-53 security controls and gather evidence to support conclusions; and
• Knowledge of operating systems, network and application security to aid implementation of information security and assurance principles.
• Prior professional services or federal consulting experience
• Certifications (e.g., CompTIA Security+, CEH, CISSP)