Cybersecurity Policy and Compliance Analyst, Senior in Washington, DC at Booz Allen Hamilton

Date Posted: 3/21/2018

Job Snapshot

Job Description

Job Number: R0016657

Booz Allen Hamilton has been at the forefront of strategy and technology for more than 100 years. Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe. Booz Allen partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering and innovation expertise.

Cybersecurity Policy and Compliance Analyst, Senior

Key Role:
Function as a technical security, FISMA analyst, and subject matter expert (SME) as part of a team responsible for assessing and ensuring NIST 800–53 Revision 4 management, operation, technical, and privacy security control implementation compliance for large, complex information systems. Provide support for executing full SA&A lifecycle and risk management functions, measuring risk, examining system documentation, interviewing appropriate system and site personnel, testing system technical security configuration settings, reviewing Nessus scan results, and developing findings reports. Demonstrate subject matter expertise in NIST 800–53 Revision 4 or NIST 800–53A Revision 4 security guidance and security control assessment (SCA) processes using the NIST Risk Management Framework (RMF). Leverage knowledge of NIST 800–37 RMF, FIPS 199, NIST 800–34 Contingency Planning, and POA&M management and continuous monitoring. Test system technical security configuration settings, review Nessus scan results for compliance with industry standards, and assist with developing and reviewing compliance reports that clearly identify security findings and proposed remediation strategies. Comprehend and analyze market trends in conjunction with Cybersecurity, FISMA, RMF, vulnerability remediation, Cloud security, security control assessments, and security testing to develop business capture strategies tailored to capitalize on those areas. Propose solutions necessary to meet client Cybersecurity requirements.

Basic Qualifications:
-5+ years of experience with IT
-Experience with FISMA, RMF, and NIST SP 800–53 or 53A
-Experience with federal agencies
-Knowledge of FedRAMP and Cloud security processes
-Ability to interpret Nessus scan results
-Ability to conduct technical security audits for large and complex information systems
-Ability to analyze information system configurations and technical specifications against security control standards and identify deficiencies and remediation strategies
-Ability to coordinate with and gather information from several different data sources and client operating units simultaneously
-BA or BS degree

Additional Qualifications:
-Experience with translating Nessus vulnerability scan results into findings aligned to NIST SP 800–53 Revision 4 security controls
-Experience with current technologies used for technical security control reviews, including Microsoft System Center Configuration Manager, IBM Endpoint Manager (IEM) or Tivoli Endpoint Manager (TEM), BigFix, and Tenable Nessus software preferred
-Knowledge of security challenges and solutions
-Possession of excellent oral and written communication skills
-Security+ or CISSP Certification preferred

Integrating a full range of consulting capabilities, Booz Allen is the one firm that helps clients solve their toughest problems by their side to help them achieve their missions.  Booz Allen is committed to delivering results that endure.

We are proud of our diverse environment, EOE, M/F/Disability/Vet.


Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.

Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.