Job Description: Job Number: R0045854
Cyber Compliance Analyst, Senior
Serve as a security analyst for a security test team in a dynamic client environment. Use both manual and automated methodologies to identify, assess, and report security risks. Document security test results and vulnerabilities, risks, and corrective actions in assessment reports. Communicate threat, vulnerability, and risk information to stakeholders at management and technical levels. Recommend solutions for customer technical and security challenges. Provide customer outreach and education on Cybersecurity requirements through verbal and written communication formats. Review mitigation plans and other security documentation to determine the effectiveness of controls and mitigation actions to remediate vulnerabilities and meet control requirements. Analyze test procedures and plans to be used during evaluation activities.
2+ years of experience with the National Institute of Standards and Technology (NIST) SP 800 Special Publication series and testing the NIST SP 800-53 security control framework
2+ years of experience with conducting security compliance tests and vulnerability assessments of complex IT environments, including mainframes, UNIX and Linux, Windows, virtual environments, applications, databases, routers, switches, firewalls, and VPNs using manual methods and commercial automated tools
Knowledge of security principles, best practices, and solutions for security countermeasures
Ability to organize, plan, and prioritize multiple tasks
Ability to work independently and as part of a multi-disciplined team in a dynamic team environment
Ability to travel within the US and US territories up to 25% of the time
Ability to obtain a security clearance
BA or BS degree
Experience with conducting vulnerability assessments and compliance scanning using Nessus
Experience with evaluating Cloud environments for storing federal information
Knowledge of Cybersecurity threats and techniques used by adversaries to compromise systems
Possession of excellent oral and written communication skills for briefing technical and non-technical audiences on security threats, vulnerabilities, and risks
Possession of excellent analytical, problem-solving, and interpersonal skills
BA or BS degree in Cybersecurity, IT, CS, or Computer Engineering
Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), or Certified Information Systems Security Professional (CISSP) Certification
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.
We're an EOE that empowers our peopleno matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristicto fearlessly drive change.
Booz Allen Hamilton Inc.