Job Details
Deloitte
Information System Security Engineer
Are you looking to make an immediate impact where you can help our clients solve their business challenges? Deloitte's Core Business Operations (CBO) portfolio operates at the center of our client's business. By joining our team, you could help C-suite and program leaders transform their organization and accelerate mission execution through emerging and disruptive technologies, innovative business models, retooled program operations and industry-driven solutions.
Work you'll do:
The team provides cybersecurity policy, reviewing A&A artifacts, performing A&A validation, implementation of security postures, subject matter expertise in cybersecurity life cycle management, coordination, implementation, and sustainment of A&A. In addition, the team supports engineering and design services, testing, monitoring, troubleshooting, consultation, performance of analysis to ensure security controls are implemented, integrate new technology with IT security standards, technical writing, governance, and policy development/management required to develop, evaluate Information Assurance Assessment and Authorization (A&A) for servers and systems, and validation for systems.
The Role:
Deloitte is seeking a dedicated Information System Security Engineer (ISSE) to provide cybersecurity support. This candidate will provide Cybersecurity/Information Assurance Support Services, which includes DoD Information Assurance Certification & Accreditation Process (DIACAP) and Risk Management Framework (RMF) services. The scope of these services includes cybersecurity policy, reviewing Assurance Assessment and Authorization (A&A) artifacts, performing A&A validation, implementation of security postures, Subject Matter Expertise in cybersecurity life cycle management, coordination, implementation, and sustainment of A&A.
What You'll Do:
- Satisfy DoD cybersecurity requirements including CYBERSAFE, Clinger-Cohen Act compliance, IA Strategy development, System Security Accreditation Agreement (SSAA) development with supporting appendices, Certification Test and Evaluation, Security Test and Evaluation, and risk mitigation.
- Conduct independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the security controls.
- Maintain and or develop information systems assurance and A&A accreditation documentation.
- Ensure information systems are operated, used, maintained, and disposed of in accordance with security policies and required by the authorization package .
- Validate the confidentiality, integrity and availability of systems, networks, and data in accordance with information systems programs, policies, procedures and goals.
- Develop procedures to ensure information systems reliability and accessibility; prevent and defend against unauthorized systems, network and data.
- Conduct risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks protection needs; conduct systems security evaluation, audits, and reviews; determine the residual risk of a package based on content and assessment results and documenting for the Security Controls Assessor's (SCA) and higher-level review.
- Conduct systems security reviews, audits, or evaluations, as appropriate, to ensure accreditation documents are accurate the current risk posture of the system.
- Interpret and implement local information security and higher-level policies.
Required Skills:
- Three (3) years of professional experience capturing and refining information security operational and security requirements, and ensuring those requirements are properly addressed through purposeful architecting, design, development, and configuration; and implementing security controls, configuration changes, software/hardware updates/patches, vulnerability scanning, and securing configurations
- An active secret clearance is required.
- Bachelor's degree in systems engineering, computer science, or an equivalent technical degree from an accredited college or university.
- Must be IAT Level II compliant (possess one of the following current certs):
- Cisco CCNA Security
- CompTIA Cybersecurity Analyst (CySA+)
- Global Industrial Cyber Security Professional (GICSP)
- GIAC Security Essentials (GSEC)
- CompTIA Security+
- (ISC)2 Systems Security Certified Practitioner (SSCP)
The team
Deloitte's Government and Public Services (GPS) practice - our people, ideas, technology and outcomes-is designed for impact. Serving federal, state, & local government clients as well as public higher education institutions, our team of over 15,000+ professionals brings fresh perspective to help clients anticipate disruption, reimagine the possible, and fulfill their mission promise.
The Systems Engineering offering is comprised of experienced professionals who help guide clients through their most complex technology challenges. This can include the delivery of large scale software applications & integrated systems, the development of service-oriented architecture (SOA) and other integrations solutions, and the delivery of technology enablement to support CIO services transformation. Our Systems Engineering offering focuses on key client issues that impact the core business, provide operational value, drive down the cost of quality, and enhance technology innovation.
How you'll grow
At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there's always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.