Cybersecurity Engineer and Risk Analyst
The Opportunity:

Are you looking for an opportunity to advance your experience in cybersecurity and security engineering that will safeguard our nation? As an information security risk specialist, you can identify the tools, applications, and systems needed to assess vulnerabilities and recommend the best solution and security strategy. We need your experience to develop and implement security solutions that will protect our military.

On our team, you'll troubleshoot and analyze complex challenges for customers using your knowledge of cybersecurity policy, networks and system infrastructure, and risk management. You'll use your curiosity for technology and market trends to further research and develop security solutions. Using your knowledge and experience in Risk Management Framework (RMF), you'll assess security threats and implement infrastructure controls.

In this role, you'll closely impact Navy missions by championing cybersecurity, discovering cyber risks, and providing hands-on support to critical mission areas. With mentoring, challenging hands-on problem-solving, and opportunities to learn new tools and skills, we focus on growing as a team to make the best solutions for our customers.

Work with us as we secure and protect our military's cybersecurity posture for the better.

What You'll Work On:

• Develop relationships quickly and easily with others, communicating the complexities of security with a wide variety of audiences, including senior management.
• Implement infrastructure and cybersecurity controls, including enhanced detection and vulnerability capabilities and improved event correlation in large enterprises.
• Perform risk and vulnerability assessments in network, system, and application areas.
• Leverage big data analytics and traditional security event types to identify advanced threats or indicators of compromise.

Join us. The world can't wait.

You Have:

• 3+ years of experience working with the Information Technology (IT) systems for a DoD or government agency
• 3+ years of experience working with Navy Risk Management Framework (RMF), including Assessment and Authorization (A&A) activities, and the preparation, direct development, and maintenance of RMF artifacts, packages, and deliverables across all steps
• 3+ years of experience implementing security controls and policies, performing cybersecurity compliance testing using industry standard tools, and performing vulnerability analysis and remediation of networks, systems, and communications protocols
• Experience with operating systems, platforms, and technologies, including Windows, Linux, cloud, or virtualization
• Experience with eMASS and hands-on processing of packages through workflows, assisting with generating security policies, evaluating assessment documentation, and developing written security risks, mitigations, and recommendations
• Ability to devise and execute client deliverables, work independently, identify problems and devise analysis and solutions, communicate results to both technical and non-technical audiences, and lead the accomplishments of client tasks from inception to completion
• Ability to plan, implement, upgrade, or monitor cybersecurity measures to improve cyber defenses and maintain a cyber-resilient network
• TS/SCI clearance
• Bachelor's degree
• DoD 8140 Certification

Nice If You Have:

• Experience with tools such as Assured Compliance Assessment Solution (ACAS), DoD Security Technical Implementation Guides (STIG), and Evaluate-STIG
• Experience integrating security into DevOps or DevSecOps pipelines
• Experience implementing automation methodologies and processes
• Experience deploying, implementing, maintaining, and integrating cybersecurity tools and applications in alignment with the current threat landscape and analyzing risks and opportunities at both tactical and strategic levels
• Experience with network engineering functions, including Windows, Linux, and virtual operating systems, security tools, platforms, and technologies, including network and web application firewalls, web proxy, intrusion prevention systems, vulnerability scanners, and penetration tools
• Experience responding to computer security breaches to re-establish protections and making required reports
• Ability to meet cyber schedule, performance, and quality metrics within the systems development lifecycle and acquisition lifecycle
• Master's degree
• OS Certification

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.

Compensation

At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen's benefit programs. Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits. We encourage you to learn more about our total benefits by visiting the Resource page on our Careers site and reviewing Our Employee Benefits page.

Salary at Booz Allen is determined by various factors, including but not limited to location, the individual's particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $61,900.00 to $141,000.00 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of Booz Allen's total compensation package for employees. This posting will close within 90 days from the Posting Date.

Identity Statement

As part of the hiring process, we will ask you to complete an identity verification process that leverages advanced biometrics and artificial intelligence to ensure authenticity and protect against identity fraud. You are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.

Candidate AI Usage Policy

AI is a part of our daily work at Booz Allen, and we are committed to the responsible and ethical use of AI tools. However, we want to ensure a fair candidate process based on your own skills and knowledge. As part of this commitment, the use of artificial intelligence (AI) or other tools to assist with responses during interviews (whether in-person or virtual) is prohibited unless permission is explicitly provided.

Work Model
Our people-first culture prioritizes the benefits of collaboration, whether it occurs in person or virtually. To support engagement and effective communication, employees working virtually are generally expected to have their cameras on during meetings.

• Remote: If this position is listed as remote, there may still be occasions when you are required to work in person at a Booz Allen or customer facility.
• Hybrid: If this position is listed as hybrid, you will be expected to work from a Booz Allen facility frequently, in alignment with leadership expectations and the needs of the role. You may also be required to work from or visit a customer facility.
• Onsite: If this position is listed as onsite, work will primarily be performed at a Booz Allen office or customer facility, where employees will collaborate directly with colleagues and customers as required by the role.