Are you looking to elevate your cyber career? Your technical skills? Your opportunity for growth? Deloitte's Government and Public Services Cyber Practice (GPS Cyber Practice) is the place for you! Our GPS Cyber Practice helps organizations create a cyber minded culture and become stronger, faster, and more innovative. You will become part of a team that advises, implements, and manages solutions across five verticals: Strategy, Defense and Response; Identity; Infrastructure; Data; and Application Security. Our dynamic team offers opportunities to work with cutting-edge cyber security tools and grow both vertically and horizontally at an accelerated rate. Join our cyber team and elevate your career.

　　Work you'll do

　　As the Security Vulnerability Lead you will play a critical role in leading security vulnerability management activities for the infrastructure supporting a state-wide eligibility system. You will work to identify Infrastructure vulnerabilities and misconfigurations in on-premise and cloud environments. You will contribution is significant to ensure timely identification, prioritization, and reporting of all risk associated with any IT asset supporting the solution and work with other Teams on the remediation activities.

　　Responsibilities:

　　Identify Infrastructure vulnerabilities and misconfigurations in on-premise and cloud environments

　　Lead the Vulnerability Management team to ensure timely identification, prioritization, and reporting of all risk associated with any IT asset supporting the solution

　　Conduct periodic vulnerability scans and assessments and provide remediation steps & recommendations to system owners / stakeholders

　　Ensure all scans across tools are performing correctly and in a timely manner

　　Work with the Governance, Risk, & Compliance department and various stakeholders in developing & providing risk-based mitigation strategies for networks, operating systems, and applications

　　Identify, assess, and manage threats, vulnerabilities, and associated risks

　　Conduct zero day research & response

　　Develop & perform configuration audit / benchmarking scans

　　The team

　　Deloitte's Government and Public Services (GPS) practice - our people, ideas, technology and outcomes-is designed for impact. Serving federal, state, & local government clients as well as public higher education institutions, our team of more than 15,000 professionals brings fresh perspective to help clients anticipate disruption, reimagine the possible, and fulfill their mission promise

　　At Deloitte, we believe cyber is about starting things-not stopping them-and enabling the freedom to create a more secure future. Cyber Infrastructure is focused on rethinking how security is integrated across modernized infrastructure as cyber threats become more complex. If you're seeking a career implementing, architecting, and-in select cases-handling next generation controls to manage security risks and exposure, then the Cyber Infrastructure team at Deloitte is for you.

　　This role is located in Sacramento, CA.

　　Qualifications

　　Required:

　　5+ years of Cybersecurity experience including previous vulnerability management experience

　　5+ years with architecting, deploying, and operationalizing vulnerability scanning technology platforms and designing remediation workflows

　　Advanced practical skills in vulnerability assessment tooling such as Crowdstrike, Tenable.io, Tenable ASM etc.

　　5+ years' experience implementing security controls and compensating/mitigating controls for vulnerability risk

　　Must know types or categories of vulnerabilities, severity & their impact

　　5+ years of experience securing and hardening operating systems, applications, and containers including frameworks that provide guidance on these subjects

　　5+ years of experience researching vulnerabilities, scanning logic, and possible solutions

　　5+ years of experience designing and implementing advanced vulnerability dashboards and executive reports

　　5+ years of experience researching on 0-day vulnerabilities and emergency patching

　　Bachelor's degree

　　Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future

　　Preferred:

　　Hold and maintain for the duration of the contract an (ISC)2© Certified Information Systems Security Professional (CISSP) certification, or ISACA Certified Information Security Manager (CISM).

　　Hold any Vulnerability Management tool related certification

　　Understanding of modern security engineering concepts and security-by-design principles

　　The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $95,000 to $158,000.

　　You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.

　　All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

　　All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.