Security Control Assessor

The Challenge:

Warnings about cyber threats are everywhere and the constantly evolving nature of these threats can make understanding them seem overwhelming to government agencies. In all of this “cyber noise”, how can these organizations understand their risks and how to mitigate them? The answer is you – an information security risk specialist who will break down complex threats into manageable plans of action.

As a security control assessor on our team, you’ll function as part of a team conducting security audits of federal agency information system's security configuration settings, documentation, and processes against NIST 800-53/53A security controls. You’ll conduct the following activities: examine system documentation, interview appropriate system stakeholders, test system technical security configuration settings, review Nessus scan results for compliance requirements, assist with developing portions of the security assessment reports (SARs) and Risk Assessment Reports (RARs).

Empower change with us.

You Have:

  • 3+ years of experience with security control assessment conducting technical security audits, system hardening, or security administration for information systems

  • Experience with presenting control requirements and deficiencies to both technical and non-technical audiences

  • Experience with Risk Management Framework, Risk Assessments, Continuous Monitoring, System Scoping, NIST 800-53 rev. 4, and FISMA compliance

  • Ability to analyze technical, physical and administrative information system controls against NIST SP 800-53

  • BA or BS degree

  • CISSP, CISM, CGEIT or CRISC certification

Nice If You Have:

  • Experience with Federal Information and healthcare system requirements, including FISCAM, HIPAA, HITECH, OMB, DHS or FIPS 199

  • Experience with the Social Security Administration (SSA), Department of Veterans Affairs (VA) or other healthcare environment

  • Experience with cloud technology offerings from AWS and Azure and assessing systems hosted within those environments

  • Experience with GRC platforms, including eMASS, RSA Archer, or Xacta

  • CAP, Security+, or CEH certification

Build Your Career:

Rewarding work, fun challenges, and a ton of investment in our people—that’s Booz Allen cyber. When you join Booz Allen, we’ll help you develop the career you want.

  • Competitions — From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we’ve got plenty of chances for you to show off your skills.

  • Paid Research — Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.

  • Cyber University — CyberU has more than 5000 instructor-led and self-paced cyber courses, a free online library that you can access from just about anywhere—including your phone—and certification exam prep guides that include practical assessments to prepare you for your exam.

  • Academic Partnerships — In addition to our tuition reimbursement benefit, we’ve partnered with University of Maryland University College to offer two graduate certificate programs in cybersecurity—fully funded without a tuition cap.

  • Maker/Hackerspaces — Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

Not ready to apply? Join our talent community and sign up for job alerts.