Full Job Description
Warnings about cyber threats are everywhere and the constantly evolving nature of these threats can make understanding them seem overwhelming to government entities. In all of this “cyber noise”, how can these organizations understand their risks and how to mitigate them? The answer is you – an information security risk specialist who will break down complex threats into manageable plans of action.
As an information security risk specialist on our team, you’ll use your experience to work with leaders to discover their cyber risks, understand applicable policies, and develop a mitigation plan. You’ll review technical, environmental, and personnel details from subject matter experts to engineers to assess the entire threat landscape. Then you’ll guide your client through a plan of action with presentations, white papers, and milestones. You’ll work with your client to translate security concepts so they can make the best decisions to secure their mission critical systems and networks. This is your opportunity to act as an information security subject matter expert while broadening your skills in risk assessment of hardware and software vulnerabilities. Join us as we protect our clients and their cyber infrastructure.
Empower change with us.
8 years of experience with information Cybersecurity engineering or security operations
Experience with the design and implementation of enterprise-wide security controls to secure systems, applications, networks or infrastructure services
Knowledge of federal compliance standards, including NIST 800-53, FIPS, or FedRAMP
Knowledge of Transmission Control Protocol Internet Protocol (TCP/IP) networking concepts and Domain Name Servers (DNS) and using packet analysis tools, including Wireshark or tcpdump
Ability to obtain a security clearance
BA or BS degree
One of the following certifications: SANS GIAC Security, including Administration, Software, Forensics, or GSE Expert, ISC2 CISSP, or a security systems vendor administration-level certification
Nice If You Have:
4 years of experience with building and administering security devices, including network firewalls, web proxies, data loss prevention systems, and intrusion prevention systems, building and administering Windows Server and Active Directory, Linux or UNIX-based systems, or network devices, such as Cisco or Juniper, conducting dynamic web application security testing, both manual testing and application security tools to discover exploitable vulnerabilities, conducting database security assessment and monitoring and managing Cloud security operations, including identity and access control, secure configuration management, network security, enforcement policy scripting, workload security, data security, and logging, or public key infrastructure (PKI) management and data encryption for data-at-rest and data-in-transit
Experience with creating and updating security baselines
BA or BS degree in Information Security, Computer Engineering, Information Systems, Telecommunications, or Technology
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.
Build Your Career:
Rewarding work, fun challenges, and a ton of investment in our people—that’s Booz Allen cyber. When you join Booz Allen, we’ll help you develop the career you want.
Competitions — From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we’ve got plenty of chances for you to show off your skills.
Paid Research — Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.
Cyber University — CyberU has more than 5000 instructor-led and self-paced cyber courses, a free online library that you can access from just about anywhere—including your phone—and certification exam prep guides that include practical assessments to prepare you for your exam.
Academic Partnerships — In addition to our tuition reimbursement benefit, we’ve partnered with University of Maryland University College to offer two graduate certificate programs in cybersecurity—fully funded without a tuition cap.
Maker/Hackerspaces — Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.
We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.