Key Role:

Provide subject matter expertise in support of cybersecurity activities, such as the Assessment and Authorization (A&A) and the Risk Management Framework (RMF) process.  Review and evaluate security test and evaluation (ST&E) plans, risk assessments, security plans, continuous monitoring, and contingency plans. Conduct policy analysis, product assurance evaluations, and security posture presentations.  Analyze and report on the implementation of security controls during all phases of the system development life cycle (SDLC) to identify and manage the security implications of system engineering activities, providing corresponding recommendations to decision-makers for risk mitigation strategies.  Review and provide input to security engineering activities, including collaborating with system engineers to identify and implement security controls, perform manual and automated security testing, and verify compliance of system configuration with applicable hardening guidance.

Basic Qualifications:

• 5+ years of experience applying the RMF to the analysis and testing of NIST 800-53 security controls for information systems for Federal Information Security Modernization Act (FISMA) Compliance
• Experience with the Cyber Security Assessment and Management (CSAM)
• Experience working with Weakness Completion Verification (WCVF) forms
• Experience working with Plans of Action and Milestones (POA&Ms)
• Experience with Assessment & Authorization activities
• Experience with using Microsoft Office, including Word, Excel, Visio, PowerPoint, Project, and SharePoint
• Ability to obtain a security clearance
• HS diploma or GED
• Security+ CE certification

Additional Qualifications:

• Experience with securing Industrial Control Systems
• Experience with securing Web Applications
• Experience with analysis of IT infrastructure systems such as PKI, network appliances, intrusion detection/prevention systems, and firewalls
• Experience with managing security considerations for cloud deployments and integration with traditional system architectures
• Experience with securing database technologies, including Oracle, Hadoop, and MongoDB
• Experience with manual and automated vulnerability assessments with Nessus Vulnerability Scanner or related vulnerability management tools
• CASP, CAP, CISM, or CISSP Certification

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

Compensation:

The proposed salary range for this position in Colorado is 90,000 to 110,000. Final salary will be determined based on various factors. At Booz Allen, we celebrate your contributions, provide you with opportunities and choice, and support your total well-being. Our comprehensive benefit offerings include healthcare, retirement plan, insurance programs, commuter program, employee assistance program, paid and unpaid leave programs, education assistance, and childcare benefits.

Build Your Career:

Rewarding work, fun challenges, and a ton of investment in our people—that’s Booz Allen cyber. When you join Booz Allen, we’ll help you develop the career you want.

Competitions — From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we’ve got plenty of chances for you to show off your skills.

Paid Research — Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.

Cyber University — CyberU has more than 5000 instructor-led and self-paced cyber courses, a free online library that you can access from just about anywhere—including your phone—and certification exam prep guides that include practical assessments to prepare you for your exam.

Academic Partnerships — In addition to our tuition reimbursement benefit, we’ve partnered with University of Maryland University College to offer two graduate certificate programs in cybersecurity—fully funded without a tuition cap.

Maker/Hackerspaces — Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.