Booz Allen Hamilton Inc. Alexandria , VA 22313
Job Description: Job Number: R0039870
Cyberecurity Policy and Compliance Analyst, Mid
Work in a challenging environment that combines expertise in technical security testing, security engineering, policy, and compliance with expertise in business consulting to deliver high-value client IT security solutions and program planning. Contribute to a team of security professionals that provide DoD clients assurance that complex IT systems and networks meet security controls and standards. Plan and execute system security assessments to meet client requirements, analyze results, develop reports to be used to determine system vulnerabilities and risk posture, and provide recommendations for remediation to achieve preferred security and risk posture. Mentor and develop assigned validation team members to meet client requirements. Prepare the risk management framework (RMF) security authorization packages needed to achieve system and network authorization. Monitor and respond to security data calls on behalf of the client organization, as needed.
3+ years of experience with IT or Cybersecurity
3+ years of experience with performing system decomposition analysis resulting in test batteries required for security control assessments
3+ years of experience with developing security assessment plans, security assessment reports, and risk assessment reports
2+ years of experience with populating security control compliance repositories or tools, including eMASS, Xacta, and RSA Archer
1+ years of experience with preparing full RMF security authorization packages or legacy DIACAP packages
1+ years of experience with analyzing, assessing, or implementing assessment procedures, including NIST security controls and CCIs
Active Secret clearance
BS or BA degree
One or more DoD Cybersecurity Workforce Certifications, including Security+, CISSP, CASP, SSCP, CISM, or GSLC CEH
Experience in working with a Department of the Navy (DON) organization
Experience with performing compliance reviews of weapons systems, industrial control systems (ICS), SCADA systems, Cloud-hosted systems, or research, development, test, and evaluation (RDT&E) systems
Experience with the DON RMF process guide and templates
BA or BS degree in an IT-related field
Navy Qualified Validator (NQV) Level I, II, or III, Legacy Fully Qualified Navy Validator (FQNV), or Marine Corps Qualified Validator (MCQV) Certification
Project Management Professional (PMP) Certification
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.
We're an EOE that empowers our peopleno matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran statusto fearlessly drive change.
#LI-AH1, CB15, CJ1, DH1, GD15, MPPC, NMC