System Engineering Lead

Our Deloitte AI & Engineering team empowers organizations to transform technology platforms, drive innovation, and help make a significant impact on our clients' success. You'll work alongside talented professionals reimagining and reengineering operations and processes that are critical to businesses. Your contributions can help clients improve financial performance, accelerate new digital ventures, and fuel growth through innovation.

Work You'll Do

This role provides technical expertise and oversight for workstreams related to the resiliency of operational technology and the Risk Management Framework. As the Systems Engineering Lead, you will leverage engineering principles to drive the technical integrity, reliability, and resiliency of operational technology (OT) and information systems. This role demands not only mastery of cybersecurity policy but also a systems engineering perspective to critically analyze architectures, vulnerabilities, and solution pathways-ensuring robust security in complex, mission-critical environments. In this role you will be managing a team of risk management framework SMEs and information systems security engineers (ISSEs) that are focused on securing OT, developing RMF artifacts, assessing packages, and providing a risk opinion on RMF packages. The position serves as a principal validator for Navy and Facility Related Control Systems, driving compliance, innovation, and risk management in complex cybersecurity environments.

• Cybersecurity Validation
• Serve as lead package assessor for Navy and Facility Related Control System (FRCS); oversee all validation activities to guarantee adherence to Navy and DoD cybersecurity policies and standards.
• Systems Engineering Approach
• Apply structured systems engineering methodologies to assess, design, and validate security controls across ICS, SCADA, and OT environments, supporting the Navy and Defense Department's mission objectives.
• Critical Technical Analysis
• Evaluate architecture diagrams, technical documentation, and vulnerability scan data to identify system risks and engineer effective mitigation strategies based on root cause analysis
• Team Leadership & Project Oversight
• Lead and mentor a team to drive execution and ensure project goals, milestones, and deliverables are met.
• Provide oversight for HQ based teams assessing packages and SME support to ISSEs located in the field that are securing systems and developing package artifacts.
• Monitor achievement of key deadlines, milestones, and quality standards across all projects.
• Security Assessment & Consulting
• Direct the creation and implementation of Security Assessment Plans (SAPs); provide advanced guidance on Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs).
• Deliver consultative support for Risk Management Framework (RMF) Step 4 Security Assessments and optimize processes for RMF lifecycle management.
• Assessment Execution
• Plan, manage, and perform comprehensive system and on-site validations-domestically and internationally-evaluating NIST 800-53 Rev 4 control implementation in ICS, SCADA, and OT environments.
• Process Innovation & Documentation
• Advise Security Controls Assessor (SCA) and Chief Information Officer (CIO) on process improvements, automation opportunities, and enhancements to Standard Operating Procedures (SOPs) and other supporting documents.
• Promote continuous improvement in a rapidly evolving cybersecurity landscape.
• Technical Analysis & Recommendations
• Analyze system documentation, architecture diagrams, POA&Ms, vulnerability scan reports, and asset inventories; provide actionable recommendations to strengthen security throughout RMF processes.
• Vulnerability Management
• Facilitate vulnerability analysis using ACAS/Nessus scan data; identify and prioritize vulnerabilities, develop targeted POA&Ms, and reduce organizational attack surfaces.

The Team

Deloitte's Government & Public Services (GPS) practice - our people, ideas, technology and outcomes - is designed for impact. Serving federal, state, & local government clients as well as public higher education institutions, our team of professionals brings fresh perspective to help clients anticipate disruption, reimagine the possible, and fulfill their mission promise.

Our Hybrid Cloud Infrastructure offering provides specialized engineering capabilities to design, implement, manage, and operate hybrid cloud environments, modernize networks and AI infrastructure from the core to the edge, and incubate new infrastructure and device services to help clients stay ahead with the latest technology advances.

The Project Delivery Talent Model is designed for professionals with specialized skills that align to a current client need. Team members focus on delivering services to clients, without additional expectations related to business development or promotion. Their employment is tied to their role on a project, and they are eligible for a benefits package that is competitive for project delivery-focused professionals.

Qualifications

Required:

• Bachelor's degree or equivalent experience
• Active TS/SCI security clearance is required
• 7+ years of experience in cybersecurity, risk management, or related domain.
• Experience working with the Navy and their processes
• Demonstrated leadership in managing RMF projects with the Navy
• Certified Information Security Manager (CISM)
• CompTIA Security+ 601
• Ability to travel 0-50%, on average, based on the work you do and the clients and industries/sectors you serve.
• Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.

Preferred:

• Navy Qualified Validator (NQV)
• Experience with Operational Technology or Facility Related Control Systems
• In-depth knowledge of DoD cybersecurity standards, NIST 800-53 Rev 4, RMF, and ICS/OT security practices.
• Proficiency with vulnerability assessment tools, including ACAS/Nessus.
• Master's degree or CISSP, CISM, or other advanced cybersecurity certifications.
• Experience with both domestic and international site validations.
• Background in developing and improving SOPs in high-security environments.
• Prior experience supporting SCA/CIO functions.

Deloitte is committed to providing reasonable accommodations for people with disabilities. If you require a reasonable accommodation to participate in the recruiting process, please direct your inquiries to the Global Call Center (GCC) at

Recruiting tips

From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.

Benefits

At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.

Our people and culture

Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ways of thinking, ideas, and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work.

Our purpose

Deloitte's purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Learn more.

Professional development

From entry-level employees to senior leaders, we believe there's always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.

As used in this posting, "Deloitte" means Deloitte Consulting LLP, a subsidiary of Deloitte LLP. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Requisition code: 326794

Job ID 326794