When our countrys cybersecurity is on the line, simply reacting is not enough we need to build an excellent security foundation by assessing the risks and analyzing the effectiveness of security controls. Thats why we need you, a security compliance analyst with the expertise required to conduct risk analysis, maintain information system assurance and accreditation, and analyze the policies that determine our cyber resilience. As a Security Compliance Analyst on our team, youll lead the assessment of security controls, perform security reviews, identify gaps in security architecture, and help contribute to the security risk management plan. Youll evaluate and audit system compliance with IT security, resilience, and dependability requirements and measure how policies stack up to regulations, best practices, and industry standards. As you guide your client through understanding acceptable risk and availability, youll determine the overall effectiveness of the controls aligned with NIST 800-37 (RMF).
Empower change with us.
-5 years of experience with preparing DIACAP or RMF packages and supporting documentation and DoD Authorization and Accreditation (A&A) process and standards
-Experience with cloud technologies, including Amazon Web Services or Microsoft Azure
-Experience with using the Enterprise Management Assurance Support Service (eMASS)
-Ability to conduct security control selection, tailoring, and overlay
-Ability to analyze a security plan and perform system security analysis
-Active TS/SCI clearance
-BA or BS degree and 5 years of experience with A&A and Compliance
-DoDD 8140 IAM Level II Certification, including CISA or CAP
-Cloud Certification, including AWS Certified Cloud Practitioner
Nice If You Have:
-3 years of experience with supporting government clients in the implementation or assessment of Cybersecurity controls or legacy DIACAP implementation
-3 years of experience with system and network vulnerability analysis, risk assessment and risk mitigation analysis, security test and evaluation (ST&E), contingency planning, and firewall policy, ports, and protocols
-Experience with Security Center, SCAP Compliance Checker, STIGs, hardening systems, and applying IA controls
-Experience with assessing Cloud based applications according to RMF standards
-Possession of excellent oral and written communication skills
Build Your Career:
Rewarding work, fun challenges, and a ton of investment in our peoplethats Booz Allen cyber. When you join Booz Allen, well help you develop the career you want.
Competitions From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, weve got plenty of chances for you to show off your skills.
Paid Research Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.
Cyber University CyberU has more than 5000 instructor-led and self-paced cyber courses, a free online library that you can access from just about anywhereincluding your phoneand certification exam prep guides that include practical assessments to prepare you for your exam.
Academic Partnerships In addition to our tuition reimbursement benefit, weve partnered with University of Maryland University College to offer two graduate certificate programs in cybersecurityfully funded without a tuition cap.
Maker/Hackerspaces Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.
Data Privacy For more information on how Booz Allen uses your information, please see our .