Apply on Employer Site

Deloitte · 1 week ago

RMF Information System Security Engineer

Richmond, Virginia, United States

Full-time

Hybrid

Entry, Mid Level

2+ years exp

Deloitte is a leading consulting firm that focuses on transforming technology platforms and driving innovation. They are seeking a Project Delivery Senior Analyst to prepare and maintain Security Assessment Plans, conduct vulnerability assessments, and integrate security controls to meet Risk Management Framework requirements.

AccountingConsultingFinancial ServicesLegalProfessional ServicesRisk Management

Growth Opportunities

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Prepare and maintain Security Assessment Plans (SAPs) and execute technical assessments during RMF Step 2 and RMF Step 4

Identify, evaluate, and analyze vulnerability findings using Assured Compliance Assessment Solution (ACAS)

Conduct Security Content Automation Protocol (SCAP) and/or EvaluateSTIG scans to assess system vulnerabilities and compliance

Validate implementation of secure system configurations and hardening according to DoD and Navy standards

Develop and enforce security controls and configurations to meet Risk Management Framework (RMF) requirements

Integrate Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs) throughout the system lifecycle, particularly for Facility Related Control Systems (FRCS) hardware/software

Review and validate control implementation statements (aligned with NIST 800-53) for accuracy and completeness

Develop and support mitigation actions, including documentation and remediation of vulnerabilities via Plan of Actions & Milestones (POA&Ms)

Collaborate with cross-functional teams to implement security controls and respond to emerging cyber threats

Provide technical RMF consultative expertise at every stage of the RMF process, including ongoing support for IT and OT systems

Qualification

RMF experienceCybersecurity engineeringVulnerability scanningSystem hardeningIAT/IAM Level II/III CertificationSTIGs/SRGs applicationActive Secret security clearanceBachelor's degree