Deloitte US

Cybersecurity - Information Systems Security Engineer (ISSE)

Job Description:

Primary cybersecurity technical advisor to a DoD IT Operations Team and executive stakeholders on implementation of Secure Software Development Life Cycle (SSDLC) and continuous monitoring for cloud platforms in an application development environment. Provides cybersecurity operations and engineering oversight and guidance on the NIST Risk Management Framework (RMF) Controls.

Responsibilities include:

• Manages and updates the Enterprise Mission Assurance Support Service (eMASS) tool
• Develops technical documentation and artifacts for Authorization to Operate (ATO) packages
• Scans applications and databases for vulnerabilities; manages, mitigates, tracks and reports on Plans of Action and Milestones (POA&M) status in coordination with IT engineers/administrators
• Oversees system patching, hardening (STIGs), fixes, updates, and upgrades
• Performs Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) code reviews and supports application security testing
• Configures, tunes, troubleshoots, and manages SIEM tools and capabilities
• Performs application and database continuous monitoring; configures tools, reviews results, and reports on security relevant risks from audit logs and other cybersecurity data sources
• Coordinates execution of Integrated Master Schedule (IMS) cybersecurity requirements
• Submits system risk recommendations to key stakeholders based upon technical analysis
• Advises technical team and key stakeholders on cybersecurity risks involved with software implementation and system changes

Required Minimum Qualifications:

• 4 years experience
• BS or BA degree
• U.S. Citizenship required
• Top Secret – SCI clearance with eligibility for CI-Poly
• ·         Must be located within the National Capital Region and able to commute daily to Arlington, VA
• DoD 8570/8140 IAT Level II certified; CSSLP, ITIL, CCSK, AWS, Linux, and Oracle certifications are also a plus

Other skills and Experience:

• Two (2) or more years of experience as an IT administrator/engineer, Information System Security Engineer (ISSE), Information System Security Officer (ISSO) or Security Controls Assessor (SCA) are preferred
• Experience preparing and submitting at least six (6) ATO packages
• Experienced in technical writing, technical process/workflow development, and working with ticketing systems
• Experienced in mapping, implementing, interpreting, and documenting RMF security controls
• Familiarity with CMMI, CMMC, ITIL and/or project management practices are a plus
• Well organized and detail oriented with excellent writing, verbal, and soft skills
• Initiative taking problem solver who can work independently or with a team and present findings to executive staff
• Able to network and configure vulnerability scanners, SIEMs, and monitoring tools
• Able to quickly parse through large datasets in Microsoft Excel using scripts or other methods
• Proficient with Microsoft Office, PowerPoint, Excel, Word, Visio, and Project