Security Control Assessment SME, Senior

The Challenge:

Warnings about cyber threats are everywhere and the constantly evolving nature of these threats can make understanding them seem overwhelming to government agencies. In all of this “cyber noise”, how can these organizations understand their risks and how to mitigate them? The answer is you – an information security risk specialist who will break down complex threats into manageable plans of action.

As an information security risk specialist on our team, you’ll serve as the security control assessment (SCA) subject matter expert (SME), providing guidance and responding to SCA team questions to complete daily tasks, and troubleshoot issues to resolution. You will be responsible for managing the day-to-day operations of the SCA team to assess the severity of weaknesses or deficiencies discovered in the client's information systems and its environment of operation and recommend corrective actions to address identified vulnerabilities. You will be responsible for overall coordination, status reporting, and stability of complex and cross-functional IT project-oriented work efforts. You will establish and implement project management processes and methodologies to ensure all projects are delivered on time, within budget, adhere to high quality standards, and meet customer expectations. You will be responsible for tracking key project milestones, adjusting program plans or resources, delivering presentations, and leading client meetings. This position is open to remote delivery anywhere within the U.S., to include the District of Columbia.

You Have:

  • 7+ years of experience in information assurance, cyber security, or information technology

  • Experience assessing security controls based on cybersecurity principles and tenets, including, CIS CSC or NIST SP 800-53 Cybersecurity Framework

  • Experience performing security impact and risk assessments

  • Experience in preparing and containing results and findings from SAR reports

  • Knowledge of computer networking concepts and protocols, network security methodologies, risk management processes, including methods for assessing and mitigating risk, cybersecurity and privacy principles, cyber threats and vulnerabilities, and application vulnerabilities

  • Knowledge of authentication, authorization, performing risk assessments, and access control methods

  • Knowledge of NIST SP 800-53 and NIST 800-137

  • Public Trust

  • Bachelor's degree

  • Certified Information Systems Security Professional (CISSP) Certification

Nice If You Have:

  • Experience conducting vulnerability scans and recognizing vulnerabilities in security systems

  • Experience interpreting vulnerability scanner results to identify vulnerabilities

  • Knowledge of communication methods, principles, and concepts that support the network infrastructure


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Public Trust determination is required.


The proposed salary range for this position in Colorado is 115,000 to 125,000. Final salary will be determined based on various factors.

At Booz Allen, we celebrate your contributions, provide you with opportunities and choice, and support your total well-being. Our comprehensive benefit offerings include healthcare, retirement plan, insurance programs, commuter program, employee assistance program, paid and unpaid leave programs, education assistance, and childcare benefits.

Build Your Career:

Rewarding work, fun challenges, and a ton of investment in our people—that’s Booz Allen cyber. When you join Booz Allen, we’ll help you develop the career you want.

  • Competitions — From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we’ve got plenty of chances for you to show off your skills.

  • Paid Research — Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.

  • Cyber University — CyberU has more than 5000 instructor-led and self-paced cyber courses, a free online library that you can access from just about anywhere—including your phone—and certification exam prep guides that include practical assessments to prepare you for your exam.

  • Academic Partnerships — In addition to our tuition reimbursement benefit, we’ve partnered with University of Maryland University College to offer two graduate certificate programs in cybersecurity—fully funded without a tuition cap.

  • Maker/Hackerspaces — Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

#LI-AH1, #LI-Remote, DH1

Not ready to apply? Join our talent community and sign up for job alerts.