Our Deloitte Cyber team understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful solutions to help our clients navigate the ever-changing threat landscape. Through powerful solutions and managed services that simplify complexity, we enable our clients to operate with resilience, grow with confidence, and proactively manage to secure success.

Work You’ll Do

• Application Security: Evaluate, enhance, and document secure software development practices. Lead AppSec assessments, support remediation efforts, and help set security requirements for platforms and custom applications.
• Compliance & RMF (NIST): Provide deep support for federal compliance initiatives, specializing in NIST 800-53 and RMF processes. Develop control implementation plans, assist with artifacts, advise on audit readiness and manage POAMs
• DevSecOps (Cloud Security): Guide secure DevOps practices, integrating security into CI/CD pipelines and cloud architectures. Partner with teams to implement security automation and validate environments (AWS,).
• Vulnerability Assessment & VAT Management: Conduct and coordinate vulnerability scans using Tenable, Inspector, or similar tools. Drive VAT resolution by engaging stakeholders, tracking remediation, and closing findings.
• Technical Project Delivery: Take charge of critical projects—organizing tasks, managing deadlines, and ensuring results. Handle ad-hoc assignments and maintain excellent documentation.
• Consulting: Communicate solutions and risks to technical and non-technical stakeholders. Lead and support ISSO activities, compliance reviews, and team enablement.

The Team

Deloitte’s Government and Public Services (GPS) practice – our people, ideas, technology, and outcomes—are designed for impact. Serving federal, state, & local government clients as well as public higher education institutions, our team of professionals brings fresh perspective to help clients anticipate disruption, reimagine the possible, and fulfill their mission promise.

Qualifications

Required:

• Bachelor’s degree required.
• Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.
• 5+ years in cloud security, security engineering, DevSecOps, or security automation.
• Strong understanding of cloud security fundamentals: IAM, network segmentation, encryption/KMS, secrets management, logging/monitoring, secure storage patterns.
• Security + certification.
• 3+ years’ experience within the following:
• At least one major cloud platform (AWS or Azure strongly preferred).
• Demonstrated automation capability:
• Proficiency in Python, PowerShell, or similar.
• Experience integrating APIs, automating workflows, and producing auditable outputs.
• Experience implementing security controls and/or compliance work in regulated environments (federal, healthcare, finance, etc.).
• Familiarity with Git-based workflows and CI/CD systems.