Cybersecurity Policy and Compliance Analyst, Lead in Herndon, VA at Booz Allen Hamilton Inc.

Date Posted: 7/13/2018

Job Snapshot

Job Description

Job Number: R0032030

Cybersecurity Policy and Compliance Analyst, Lead

Key Role:
Function as a technical security, FISMA analyst, and subject matter expert (SME) leading a team responsible for assessing NIST 800-53 Revision 4 management, operation, technical, and privacy security control implementation compliance for large, complex information systems. Support executing full SA&A life cycle and risk management functions, measuring risk, examining system documentation, interviewing appropriate system and site personnel, testing system technical security configuration settings, reviewing Nessus scan results, and developing findings reports. Demonstrate expertise in NIST 800-53 Revision 4 or NIST 800-53A Revision 4 security guidance and security control assessment (SCA) processes using the NIST risk management framework (RMF). Leverage knowledge of NIST 800–37 RMF, FIPS 199, NIST 800-34 Contingency Planning, and POA&M management and continuous monitoring. Test system technical security configuration settings, review Nessus scan results for compliance with industry standards, and assist with developing and reviewing compliance reports that identify security findings and proposed remediation strategies clearly. Comprehend and analyze market trends in conjunction with Cybersecurity, FISMA, RMF, vulnerability remediation, Cloud security, security control assessments, and security testing to develop business capture strategies tailored to capitalize on those areas. Propose solutions necessary to meet client Cybersecurity requirements.

Basic Qualifications:
-8+ years of experience with FISMA, RMF, and NIST SP 800–53 or 53A
-Experience with federal agencies
-Knowledge of FedRAMP and Cloud security processes
-Ability to interpret Nessus scan results
-Ability to conduct technical security audits for large and complex information systems
-Ability to analyze information system configurations and technical specifications against security control standards and identify deficiencies and remediation strategies
-Ability to coordinate with and gather information from several different data sources and client operating units simultaneously

-Ability to travel up to 50% of the time

-Ability to obtain a security clearance
-BA or BS degree

Additional Qualifications:
-Experience with translating Nessus vulnerability scan results into findings aligned to NIST SP 800–53 Revision 4 security controls
-Experience with current technologies used for technical security control reviews, including Microsoft System Center Configuration Manager, IBM Endpoint Manager (IEM) or Tivoli Endpoint Manager (TEM), BigFix, and Tenable Nessus software preferred
-Knowledge of security challenges and solutions
-Possession of excellent oral and written communication skills
-Security+ or CISSP Certification preferred


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status—to fearlessly drive change.


Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.

Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.