Security Assessment/Independent Verification and Vulnerability Engineer, Senior in Arlington, VA at Booz Allen Hamilton

Date Posted: 2/9/2018

Job Snapshot

Job Description

Job Number: R0023295

Booz Allen Hamilton has been at the forefront of strategy and technology for more than 100 years. Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe. Booz Allen partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering and innovation expertise.

Security Assessment/Independent Verification and Vulnerability Engineer, Senior

Key Role:
Analyze Cybersecurity foundational elements within DoD organizations to assess their ability to defend against, respond to, and recover from an attack and validate agency implementation of technical controls, tools, and technologies and people, processes, and program maturity. Participate in the mission meetings required to document client requirements and analyze the production of a mission Security Assessment Plan (SAP), including System Under Test (SUT) security control areas, mission timelines, communication plan, scope, and a testing plan for security control validation. Support Independent Verification and Validation (IV&V) assessment missions for DoD clients, including automated and manual testing, examination, scanning, interviewing, and discovery techniques to identify, validate, and assess vulnerabilities. Work collaboratively as part of a team to assess any device on the DoD enterprise backbone, including servers, workstations, network devices, storage devices, such as Fibre Channel, NAS, and storage controllers, applications, such as Web, database, e–mail, FTP, and SSH, and security devices, such as firewalls, IDS, and Web content filters. Assist with the development of a Security Assessment Final Report (SAFR) to summarize the security assessment mission, identify high security risks, threats, and failures found during the mission within the executive summary, provide a detailed findings section detailing every finding with an overview, evidence, root cause analysis, and recommended mitigation plan of action addressing each security issue. Support rapid assessments to perform ad hoc missions at the request of the client, including in–depth vulnerability assessments, validation of system security configurations, and generation of a Rapid Assessment Report (RAR) and conclude with a Rapid Assessment Final Report (RAFR). Support application code review performing automated scans and manual reviews and scan newly deployed servers and applications in test and production environments to ensure vulnerabilities have been mitigated and configured in accordance with DoD Security Technical Implementation Guides (STIGs).

Basic Qualifications:
-7+ years of experience with software testing and assessment or software security assurance (SSA)  
-Secret clearance
-BA or BS degree
-DoD 8570 IAT II Certification, including CCNA-Security, CISP, GSEC, Security+ CE, or SSCP
-Technical or Administrator Certification in Linux+ within 6 months of hire

Additional Qualifications:
-Experience with securing system configurations per DoD STIG using STIGviewer, SCAP Compliance Checker, and Open SCAP
-Experience with auditing and reporting on network, system, and application security, scanning and detecting system vulnerabilities, performing risk analysis and risk assessment, and mitigating risks to systems security
-Experience in working with DoD STIGs
-Knowledge of DIACAP for GENSER systems, National Institute of Standards and Technology (NIST) SP 800–53 for unclassified systems, and DoDI 8500.01–DIACAP or RMF
-Ability to produce briefings and reports for senior–level audiences
-Ability to develop effective working relationships that improve the quality of work products
-Ability to handle competing priorities
-Possession of excellent organizational skills
-Possession of excellent oral and written technical communication skills
-Top Secret clearance
-BA or BS degree in CS, MIS, or a related technical field
-DoD 8570 IAT III Certification, including CASP CE, CISA, CISSP or Associate, GCED, GICSP, or GCIH

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

Integrating a full range of consulting capabilities, Booz Allen is the one firm that helps clients solve their toughest problems by their side to help them achieve their missions.  Booz Allen is committed to delivering results that endure.

We are proud of our diverse environment, EOE, M/F/Disability/Vet.

Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.

Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.