Vulnerability and Risk Management Professional

Key Role:

Assess clients’ vulnerability management programs and develop recommendations to achieve Cybersecurity best practices. Provide Cybersecurity and privacy analysis and consulting throughout the security assessment and compliance life cycle process. Plan, develop, and finalize continuous monitoring of Cybersecurity and privacy policies, programs, compliance artifacts, and standards in support of security governance and industry security compliance, systems accreditation, and management. Assess and recommend automated and manual testing, examination, scanning, interviewing, and discovery techniques to identify, validate, and assess security vulnerabilities of large, complex information systems, including enclaves, networks and applications, services, and platform IT. Respond to client requests for information. Develop Booz Allen’s vulnerability management capability and service offerings.

Basic Qualifications:

-10+ years of experience with Cybersecurity vulnerability assessments

-4+ of experience in a leadership role

-3+ years of experience with the DoD Risk Management Framework (RMF) and the A&A process

-3+ years of experience with planning and executing comprehensive Cybersecurity scanning and assessments, including identifying applicable security controls, analyzing assessment procedures, and identifying and using required tools

-Experience with using or configuring at least two of the following vulnerability assessment tools: Tenable and Nessus, Retina, QualysGuard, Nexpose, OpenVAS, HPE Fortify, Veracode, Tripwire, Guardium, RedSeal, or SkyBox, assessing organizational risks, and recommending mitigation strategies

-Knowledge of Cybersecurity principles, including Threat Intelligence, Penetration Testing, Red Team, Incident Response in the context of supporting vulnerability management functions

-Ability to consolidate and analyze, create, and brief findings on vulnerabilities and associated risk

-TS/SCI clearance

-BA or BS degree

-DoD 8570 IAM and IAT Level III Certification, including CISSP, CISM, SABSA, or GIAC

Additional Qualifications:

-Experience with ethical hacking, including information security, application vulnerability testing, code-level security auditing, and secure code reviews

-Experience in change management techniques associated with new technology implementation

-Experience with assessing and validating security configurations of network operating systems, including Cisco IOS, database configurations, and legacy operating systems, including AIX

-Knowledge of secure development best practices, including OWASP

-Ability to use secure configuration benchmarks, including CIS to develop secure system configuration baseline policies

Clearance:
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

#LI-AH1, CJ1

Not ready to apply? Join our talent community and sign up for job alerts.