Cyber Validator and Risk Analyst, Mid

The Challenge:

Warnings about cyber threats are everywhere and the constantly evolving nature of these threats can make understanding them seem overwhelming to the Navy and the DoD. In all of this “cyber noise,” how can these organizations understand their risks and how to mitigate them? The answer is you – build your knowledge as an information security risk specialist who knows how to break down complex threats into manageable plans of action.

As a cyber risk analyst on our team, you’ll use your experience to work with Navy programs to discover their cyber risks, understand applicable policies, and develop a mitigation plan. You’ll get technical, environmental, and personnel details from engineers and SMEs to assess the entire threat landscape. Then, you’ll help your team guide your client through a plan of action with presentations, white papers, and milestones. You’ll work on translating security concepts for your client so they can make the best decisions to secure their mission critical networks and systems. This is your opportunity to act as an information security subject matter expert while broadening your skills in cybersecurity, security and network tools, systems engineering, and data science.

Empower change with us.

You Have:

  • 5+ years of experience in a professional IT work environment
  • 3+ years of experience with cybersecurity
  • 3+ years of experience with Assessment & Authorization (A&A) in support of Navy programs, including package development, artifact generation, and accreditor negotiation
  • Experience as a Navy Qualified Validator (NQV)
  • Experience with operating systems, including Windows, UNIX, and Linux, security tools and devices, such as network firewalls, web proxy, intrusion prevention systems, vulnerability scanners, or penetration tools), and scanning tools or security products, including ACAS, SCAP, STIG/SRGs, eMASS, and HBSS
  • Experience generating and maintaining System Security Plans (SSP), Implementation Plans, Privacy Impact Assessments, Security Assessment Plans (SAP), Risk Assessments, Plan of Action & Milestones (POA&M), and other Certification & Accreditation (C&A) documentation
  • Knowledge of Risk Management Framework (RMF) and the A&A activities needed to obtain and maintain an Authorization to Operate (ATO), including National Institute of Standards and Technology (NIST) and Committee on National Security Systems Instruction (CNSSI) (i.e., NIST SP 800-60, NIST SP 800-53, and CNSSI 1253)
  • Secret clearance
  • Bachelor's degree or 5+ years of experience working in cybersecurity environment in lieu of a degree
  • IAT Level II Certification, including Security+ CE

Nice If You Have:

  • Experience with DoD or Navy cybersecurity projects or programs, and Navy acquisition programs
  • Experience with DoD and Navy cybersecurity policies and frameworks, including RMF
  • Experience with administering Red Hat Enterprise Linux or Windows Server 2008 or higher
  • Experience troubleshooting networking issues in an enterprise-scale environment
  • Ability to provide subject matter expertise to system engineering documents, including technical requirements documents, interface control documents, and system specifications
  • Ability to analyze and communicate complex technical challenges to both technical and non-technical clients and stakeholders
  • Ability to communicate and integrate between multiple customer stakeholders
  • TS/SCI clearance
  • Master's degree
  • CISSP Certification


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

Build Your Career:

Rewarding work, fun challenges, and a ton of investment in our people—that’s Booz Allen cyber. When you join Booz Allen, we’ll help you develop the career you want.

  • Competitions — From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we’ve got plenty of chances for you to show off your skills.
  • Paid Research — Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.
  • Cyber University — CyberU has more than 5000 instructor-led and self-paced cyber courses, a free online library that you can access from just about anywhere—including your phone—and certification exam prep guides that include practical assessments to prepare you for your exam.
  • Academic Partnerships — In addition to our tuition reimbursement benefit, we’ve partnered with University of Maryland University College to offer two graduate certificate programs in cybersecurity—fully funded without a tuition cap.

We’re an equal employment opportunity/affirmative action employer that empowers our people to fearlessly drive change – no matter their race, color, ethnicity, religion, sex (including pregnancy, childbirth, lactation, or related medical conditions), national origin, ancestry, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, military or uniformed service member status, genetic information, or any other status protected by applicable federal, state, local, or international law.

Not ready to apply? Join our talent community and sign up for job alerts.