What are the responsibilities and job description for the US E GPS- Advisory -Consultant- Vulnerability Analyst-C&SR/Cyber Strategy -PDM- DMA 179165 position at Deloitte US?
Vulnerability Analyst
Are you looking to elevate your cyber career? Your technical skills? Your opportunity for growth? Deloitte’s Government and Public Services Cyber Practice (GPS Cyber Practice) is the place for you! Our GPS Cyber Practice helps organizations create a cyber minded culture and become stronger, faster, and more innovative. You will become part of a team that advises, implements, and manages solutions across five verticals: Strategy, Defense and Response; Identity; Infrastructure; Data; and Application Security. Our dynamic team offers opportunities to work with cutting-edge cyber security tools and grow both vertically and horizontally at an accelerated rate. Join our cyber team and elevate your career.
The team
Deloitte’s Government and Public Services (GPS) practice – our people, ideas, technology and outcomes—is designed for impact. Serving federal, state, & local government clients as well as public higher education institutions, our team of more than 15,000 professionals brings fresh perspective to help clients anticipate disruption, reimagine the possible, and fulfill their mission promise.
At Deloitte, we believe cyber is about starting things—not stopping them—and enabling the freedom to create a more secure future. Cyber Strategy, Defense and Response (SDR) focuses on helping federal clients design and implement transformational enterprise security programs with an emphasis on defending against, recovering from, and mitigating major cyberattacks. If you’re seeking a career that increases cyber awareness, utilizes risk management programs, and develops strategies for cyber defense and response, then the Cyber SDR offering at Deloitte is for you.
What you will do:Perform the following to monitor for emerging or existing vulnerabilities associated with OS, networking, databases, web applications, and web APIs, including any of those under OJP management within any Cloud Service Provider (CSP):
• Configure and perform fully credentialed (white-box), automated vulnerability scans against all applicable network devices (Routers, firewalls, load balancers, managed switches, etc.), operating systems, databases, web applications, and web APIs using the DOJ-approved scanning tools.
• Troubleshoot and resolve all missing assets, unidentified assets, networking issues, and failed authentications encountered during vulnerability scanning efforts.
• Conduct monthly CONMON review with all CSP provider to ensure all scanning related findings are addressed per FEDRAMP and DOJ guidance.
• Monitor the DOJ Security Posture Dashboard Report (SPDR) to assist with vulnerability management.
•Generate ad hoc metrics surrounding insight into the vulnerability management program and DOJ Security Posture Dashboard Report (SPDR) reporting.
•Collaborate and provide insight with various DOJ teams regarding vulnerability management processes, procedures, and reporting requirements.
•Knowledge and understanding of the various Office of Management and Budget (OMB) and Department of Homeland Security (DHS) various federal mandates governing vulnerability management.
• Perform ad hoc vulnerability scans/discovery scans as necessary.
• Perform automated scans on remaining assets that are not managed by a centralized scanning engine.
• Analyze, prioritize, document and manage information system vulnerabilities to identify false positives, vulnerability severity and impact, remediation options and timeline, and available resources to address the weakness.
•Collaborate with various teams and vendors regarding identified false positives to gain the necessary evidence for documentation.
• Develop and maintain custom content for each platform in Tenable Security Center and/or IBM BigFix or another ITSD selected production compliance scan tool (i.e. Tanium) for any deviations from DOJ Secure Configuration Benchmarks.
• Default and custom content must execute without error in production compliance scan tools, and produce results consistent with the actual target configurations.
• After implementing changes or patches, the contractor shall validate to ensure successful remediation. Several methods of verification may include:
• Run follow-up vulnerability scans and compare with previous results.
• Manually review current version of affected software.
- Qualifications:
Required:
- 4 years relevant experience
- Experience with Vulnerability Scans and troubleshooting (analyze, prioritize, document and manage Information System Vulnerabilities for false positives, severity and impact; and remediation options
- Experience working with application teams and other stakeholders
- Great communication skills for Client facing work
- must be able to acquire a Public Trust
- Must be legally authorized to work in the US without the need for employer sponsorship, now or any time in the future
· DoD experience
·
·
How you'll grow
At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.
Recruiting tips
From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.
Benefits
At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.
Our people and culture
Our diverse, equitable, and inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our client most complex challenges. This makes Deloitte one of the most rewarding places to work. Learn more about our inclusive culture.
Professional development
From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.
·
Salary : $79,800 - $101,000
