- Bachelor's Degree
- High School Diploma or GED
- NIST Standards
Serve in a technical leadership role responsible for planning, analyzing, designing, configuring, testing, implementing, maintaining and supporting Booz Allen’s enterprise computer and network security infrastructure that is responsive to changes in regulations and risk. Leverage a comprehensive understanding of Booz Allen's technology and information needs to develop and test security structures to protect its systems. Enable the detection functions within the Cyber Fusion Center through the design, deployment, and management of passive cybersecurity tools for incident detection, data loss prevention, security case management, and the correlation of security related data. Provide oversight to the design, build, and implementation of enterprise-class security systems for a production environment, that adhere to DFARS cybersecurity requirements and when available the cybersecurity Maturity Model Certification. Develop and lead the strategy for implementation across all affected functions, aligning to standards, frameworks and security with overall business and technology strategy, and tracking and reporting on progress to senior leaders within the organization and external leaders, as needed. Collaborate with peers across technology disciplines to define and enhance security solutions based on zero trust principles, alignment with regulatory standards and adherence to policies and procedures that guide and support the provision of information security services, and ensure security requirements for the identification of assets are known to the IS Asset and Configuration Management functions and providing feedback on the implementation strategies for these functions. Identify and communicate current and emerging security threats, design security architecture elements to mitigate threats as they emerge and create solutions that balance business requirements with information and cybersecurity requirements, and identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
10+ years of experience in security architecture, demonstrating solutions delivery, principles and emerging technologies and designing and implementing security solutions that include continuous monitoring, while making improvements to those solutions and working with an information security team
Experience in consulting and engineering in the development and design of security best practices and the implementation of solid security principles across the organization with the goal of meeting both business goals and customer and regulatory requirements
Experience with implementing Agile and DevSecOps concepts including scripting languages, API/web services, and RDBMS
Experience with implementing security controls based on standards or best practices including access control, privileged access management, data security, network security, data loss prevention, cloud security, vulnerability management, configuration management, privacy, and audits
Knowledge of security considerations of cloud computing, including data breaches, broken authentication, hacking, account hijacking, third parties, APTs, data loss, and DoS attacks
Knowledge of Identity and access management (IAM) serving as the framework of security policies and technologies that limit and track the access of those in an organization to sensitive technology resources
Knowledge of federal compliance and guidance policies, including FISMA, RMF, Federal Enterprise Architecture Framework, DoDAF, NIST Cybersecurity Framework, and NIST 800 series
Ability to obtain a security clearance
HS diploma or GED
Experience with COTS tools for TOGAF, DoDAF, or other representations of security architecture
BA or BS degree in Science, computer Science, Information Technology, Cybersecurity, Engineering, or Mathematics
CISM, CISSP, CISSP-ISSAP, CCSP, or CEH Certifications
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.
We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.