The Challenge:

Warnings about cyber threats are everywhere and the constantly evolving nature of these threats can make understanding them seem overwhelming to government agencies. In all of this “cyber noise”, how can these organizations understand their risks and how to mitigate them? The answer is you –build your knowledge as an information security risk specialist who can help break down complex threats into manageable plans of action. As an information security risk specialist on our team, you’ll assist “military leaders” with discovering their cyber risks, understanding applicable policies, and developing a mitigation plan. You’ll gather technical, environmental, and personnel details from SMEs, to help with assessment of the entire threat landscape. You’ll learn how to guide your client through a plan of action with presentations, white papers, and milestones and help to translate security concepts so they can make the best decisions to secure their mission critical systems. This is your opportunity to build experience in a strategic information security role while developing skills in cloud computing technologies. Join us as we protect our nation’s cyber infrastructure.

Advise and assist with component organizations to comply with security guidance in their cloud application environments, including ensuring compliance with all Security Technical Implementation Guides (STIGs) and Ports and Protocols guidance. Analyze the design and building of, test, and deploy technical solutions and processes to improve the efficiency and security of client cloud migrations and ensure compliance with necessary laws, regulations, and industry standards. Select and operate security and compliance tools, understand information security principles as they apply to Cloud-hosted applications, provide industry knowledge of DevSecOps trends and tools, and use technical expertise to implement technical solutions in either AWS or Azure cloud environments.

You Have:

• 6+ years of experience with the development of Risk Management artifacts, including SSP, SAP, SAR, RAR, and POA&M
• 4+ years of experience with tools for vulnerability assessments and compliance reporting using eMASS, Xacta, ACAS, Continuous Monitoring and Risk Scoring (CMRS), Host-based Security System (HBSS), STIGs, or SRGs
• 2+ years of experience with cloud applications in a DevOps or DevSecOps environment
• 1+ years of experience with FedRamp
• Knowledge of cloud computing concepts and how security controls are applied to those cloud-based technologies, including architecture and networking, identity and access management, data protection, logging detection and response, security controls for containers
• Knowledge of Information Assurance and Cybersecurity policies, procedures, and practices, including the RMF, FISCAM, and NIST SP 800-53
• Secret clearance
• BA or BS degree 
• DoD 8140 IAT II Certification

Nice If You Have: 

• Experience with Cloud security such as AWS or Azure
• Ability to plan the testing and evaluation of moderately complex operating systems, including Windows and Linux, Database Systems, including MS SQL and Impala), and web applications
• TS/ SCI clearance preferred
• CEH, CASP+ CE, CCNP Security, CISA, CISSP, GCED, or GCIH certification preferred

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

Build Your Career:

Rewarding work, fun challenges, and a ton of investment in our people—that’s Booz Allen cyber. When you join Booz Allen, we’ll help you develop the career you want.

• Competitions — From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we’ve got plenty of chances for you to show off your skills.
• Paid Research — Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.
• Cyber University — CyberU has more than 5000 instructor-led and self-paced cyber courses, a free online library that you can access from just about anywhere—including your phone—and certification exam prep guides that include practical assessments to prepare you for your exam.
• Academic Partnerships — In addition to our tuition reimbursement benefit, we’ve partnered with University of Maryland University College to offer two graduate certificate programs in cybersecurity—fully funded without a tuition cap.
• Maker/Hackerspaces — Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.