Continuous Monitoring - Cyber Analyst

evelopment Life Cycle (SSDLC) and continuous monitoring for cloud platforms in an application development environment. Provides cybersecurity operations and engineering oversight and guidance on the NIST Risk Management Framework Controls.

Responsibilities Include:

• Develop technical documentation and artifacts for Authorization to Operate (ATO) packages.

• Perform application and database vulnerability management; manages, mitigates, tracks and reports on Plans of Action and Milestones (POA&M) status in coordination with IT engineers/administrators.

• Oversee system patching, hardening (STIGs), fixes, updates, and upgrades.

• Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) code reviews and supports application security testing.

• Configure, tune, troubleshoot, and manage SIEM tools and capabilities.

• Perform application and database continuous monitoring; configure tools, review results, and report on security relevant risks from audit logs and other cybersecurity data sources.

• Coordinate execution of Integrated Master Schedule (IMS) cybersecurity requirements.

• Submit system risk recommendations to key stakeholders based upon technical analysis.

• Advise technical team and key stakeholders on cybersecurity risks involved with software implementation and system changes.

The Team

Deloitte's Government and Public Services (GPS) practice - our people, ideas, technology and outcomes-is designed for impact. Serving federal, state, & local government clients as well as public higher education institutions, our team of more than 15,000 professionals brings fresh perspective to help clients anticipate disruption, reimagine the possible, and fulfill their mission promise.

At Deloitte, we believe cyber is about starting things-not stopping them-and enabling the freedom to create a more secure future. Cyber Strategy, Defense and Response (SDR) focuses on helping federal clients design and implement transformational enterprise security programs with an emphasis on defending against, recovering from, and mitigating major cyberattacks. If you're seeking a career that increases cyber awareness, utilizes risk management programs, and develops strategies for cyber defense and response, then the Cyber SDR offering at Deloitte is for you.

Qualifications

Required:

• A minimum of a Bachelor's degree is required.

• Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.

• Active TS/SCI security clearance required.

• Experience working with RMF and NIST 800-53

• Experience working with cyber security tools

• Experience with cyber awareness (e.g., phishing emails, cyber trainings)

Preferred:

• Prior professional services or federal consulting experience

• Certifications (e.g., CompTIA Security+, CEH, CISSP)

• Well organized and detail oriented with excellent writing, verbal, and soft skills.

• Initiative taking problem solver who can work independently or with a team and present findings to executive staff.

• Able to network and configure vulnerability scanners and monitoring tools.

• Able to quickly parse through large datasets in Microsoft Excel using scripts or other methodologies.