Blue Team Security Assessment/Independent Verification and Vulnerability Engineer, Mid in Arlington, VA at Booz Allen Hamilton Inc.

Date Posted: 10/26/2018

Job Snapshot

Job Description

Job Number: R0040984

Blue Team Security Assessment/Independent Verification and Vulnerability Engineer, Mid

Key Role:
Analyze Cybersecurity foundational elements within DoD organizations to assess their ability to defend against, respond to, and recover from an attack and validate agency implementation of technical controls, tools, and technologies and people, processes, and program maturity. Participate in the mission meetings required to document client requirements and analyze the production of a mission security assessment plan (SAP), including system under test (SUT), security control areas, mission timelines, communication plans, scopes, and a testing plan for security control validation. Support independent verification and validation (IV&V) assessment missions for DoD clients, including automated and manual testing, examination, scanning, interviewing, and discovery techniques to identify, validate, and assess vulnerabilities. Work collaboratively as part of a team to assess any device on the DoD enterprise backbone, including servers, workstations, network devices, storage devices, such as Fibre Channel, NAS, and storage controllers, applications, such as Web, database, e-mail, FTP, and SSH, and security devices, such as firewalls, IDS, and Web content filters. Analyze the development of a Security Assessment Final Report (SAFR) to summarize the security assessment mission, identify high security risks, threats, and failures found during the mission within the executive summary, including a detailed findings section detailing every finding with an overview, evidence, root cause analysis, and recommended mitigation plan of action addressing each security issue. Support rapid assessments to perform ad hoc missions at the request of the customer, including in-depth vulnerability assessments, validation of system security configurations, and generation of a Rapid Assessment Report (RAR) and conclude with a Rapid Assessment Final Report (RAFR). Support application code review performing automated scans and manual reviews and scan newly deployed servers and applications in test and production environments to ensure vulnerabilities have been mitigated and configured in accordance with DoD Security Technical Implementation Guides (STIGs).

Basic Qualifications:
-1+ years of experience with software testing and assessment or software security assurance (SSA)  
-Secret clearance
-BA or BS degree
-DoD 8570 IAT II Certification, including CCNA-Security, CISSP, GSEC, Security+ CE, or SSCP

Additional Qualifications:
-Experience with securing system configurations per DoD STIG using STIGviewer, SCAP Compliance Checker, and Open SCAP
-Experience with auditing and reporting on network, system, and application security, scanning and detecting system vulnerabilities, performing risk analysis and risk assessment, and mitigating risks to systems security
-Experience in working with DoD STIGs
-Knowledge of DIACAP for GENSER systems, National Institute of Standards and Technology (NIST) SP 800-53 for unclassified systems, and DoDI 8500.01-DIACAP or RMF
-Ability to produce briefings and reports for senior-level audiences
-Possession of excellent organizational skills
-Possession of excellent oral and written technical communication skills
-Top Secret clearance
-BA or BS degree in CS, MIS, or a related technical field
-DoD 8570 IAT III Certification, including CASP CE, CISA, CISSP or Associate, GCED, GICSP, or GCIH
-Ability to obtain Technical or Administrator Certification in Linux+ or equivalent

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status—to fearlessly drive change.

Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.

Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.