Software Security Control Assessor, Junior

The Challenge:

Warnings about software security threats are everywhere and the constantly evolving nature of these threats can make understanding them seem overwhelming. In all of this “cyber noise”, how can organizations understand their risks and how to mitigate them? The answer is you – build your knowledge as a Software Security Control Assessor who can help organizations understand their software security posture and make meaningful risk-based, cybersecurity-informed engineering decisions.

As a Software Security Control Assessor on our team, you’ll assist Air Force programs with discovering their software security cyber risks, understanding applicable policies, and developing a mitigation plan. You’ll gather technical, environmental, and personnel details from software developers and software security engineers to help with assessment of the entire threat landscape. You’ll learn how to guide Air Force programs through a plan of action with presentations, white papers, and milestones and help to translate software security concepts so they can make the best decisions to secure their mission critical space systems. This is your opportunity to build experience in the exciting and rapidly evolving domain of space systems cybersecurity while developing greater breadth and depth of software security knowledge. Join us as we protect our nation’s mission critical space systems.

Empower change with us.

You Have:

  • Experience with determining the protection needs and security controls of information systems, networks, or software components

  • Experience with assessing security controls and determining associated risks

  • Knowledge of cybersecurity principles and methods that apply to software development, including modularization, layering, abstraction, data hiding, and simplicity and minimization

  • Knowledge of system and application security threats and vulnerabilities, including buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language (PL/SQL) and injections, race conditions, covert channel, replay, return-oriented attacks, or malicious code

  • Knowledge of risk management processes, policies, requirements, and procedures

  • Knowledge of software development models, including Waterfall Model, Spiral Model, or DevSecOps

  • Ability to identify, tailor, and assess security controls applicable to software security throughout the software development life cycle, including requirements, design, implementation, test, deployment, operations and maintenance, and decommissioning

  • Secret clearance

  • Bachelor’s degree

  • Ability to obtain Security+ CE, CISSP, or Associate Certification within 6 months of hire

Nice If You Have:

  • Experience in designing countermeasures to identified security risks

  • Experience with secure test plan design, including unit, integration, system, or acceptance

  • Knowledge of secure software deployment methodologies, tools, and practices

  • Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity, including Risk Management Framework (RMF) and Application Security and Development (ASD) Security Technical Implementation Guide (STIG)

  • Knowledge of embedded systems or operational technology (OT)

  • Knowledge of supply chain risk management standards, processes, and practices

  • Ability to identify basic common secure coding flaws at a high level

  • Top Secret clearance

  • Security+ CE, CISSP, or Associate Certification

  • CSSLP Certification

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

Build Your Career:

Rewarding work, fun challenges, and a ton of investment in our people—that’s Booz Allen cyber. When you join Booz Allen, we’ll help you develop the career you want.

  • Competitions — From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we’ve got plenty of chances for you to show off your skills.
  • Paid Research — Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.
  • Cyber University — CyberU has more than 5000 instructor-led and self-paced cyber courses, a free online library that you can access from just about anywhere—including your phone—and certification exam prep guides that include practical assessments to prepare you for your exam.
  • Academic Partnerships — In addition to our tuition reimbursement benefit, we’ve partnered with University of Maryland University College to offer two graduate certificate programs in cybersecurity—fully funded without a tuition cap.
  • Maker/Hackerspaces — Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

Not ready to apply? Join our talent community and sign up for job alerts.