Cybersecurity Policy and Compliance Analyst, Mid in Alexandria, VA at Booz Allen Hamilton Inc.

Date Posted: 10/3/2018

Job Snapshot

Job Description

Job Number: R0038912

Cybersecurity Policy and Compliance Analyst, Mid

Key Role:

Work in a challenging environment that combines technical security testing, security engineering, policy, and compliance expertise with business consulting skills to deliver high-value client IT security solutions and program planning. Contribute to a team of security professionals that provide DoD clients assurance that complex information technology systems and networks meet security controls and standards. Plan and execute system security assessments to meet client requirements, analyze results, develop reports to be used to determine system vulnerabilities and risk posture, and provide recommendations for remediation to achieve expected security and risk posture. Mentor and develop assigned validation team members to meet client requirements. Prepare Risk Management Framework (RMF) Security Authorization Packages needed to achieve system or network authorization. Monitor and respond to security-related data calls on behalf of the client organization, as needed.

Basic Qualifications:

-5+ years of experience with information technology or Cybersecurity

-3+ years of experience with preparing full Risk Management Framework (RMF) Security Authorization Packages or legacy DIACAP packages

-3+ years of experience with performing system decomposition analysis that resulted in a test battery required for security control assessments

-3+ years of experience with developing Security Assessment Plans, Security Assessment Reports, and Risk Assessment Reports

-2+ years of experience with populating security control compliance repository or tools, including eMASS, Xacta, and RSA Archer

-1+ years of experience with analyzing, assessing, or implementing NIST 800-53 Rev 4 security controls, CCIs, and associated assessment procedures

-Secret clearance

-HS diploma or GED

-DoD Cyber Security Work Force (CSWF) Certification, including Security+, CISSP, CASP, SSCP, CISM, or GSLC CEH

Additional Qualifications:

-Experience in working with a Department of the Navy (DON) organization

-Experience with performing compliance reviews of weapons systems, Industrial Control Systems (ICS), SCADA systems, Cloud-hosted systems, or RDT&E systems

-Experience with DON RMF process guide and templates

-Possession of excellent oral and written communication skills

-BA or BS degree in an IT-related field

-Navy Qualified Validator (NQV) Level I, II, or III Certified or legacy Fully Qualified Navy Validator (FQNV) or Marine Corps Qualified Validator (MCQV)

-Project Management Professional (PMP) Certification 


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status—to fearlessly drive change.


Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.

Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.