Vulnerability Risk Management Professional
Job Number: R0015099
Booz Allen Hamilton has been at the forefront of strategy and technology for more than 100 years. Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe. Booz Allen partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering and innovation expertise.
Assess clients’ vulnerability management programs and develop recommendations to achieve Cybersecurity best practices. Provide Cybersecurity and privacy analysis and consulting throughout the security assessment and compliance life cycle process. Plan, develop, and finalize continuous monitoring of Cybersecurity and privacy policies, programs, compliance artifacts, and standards. Assess and recommend automated and manual testing, examination, scanning, interviewing, and discovery techniques to identify, validate, and assess security vulnerabilities of large, complex information systems, including enclaves, networks and applications, services, and platform IT. Respond to client requests for information. Develop Booz Allen’s vulnerability management capability and service offerings. Work as a Cybersecurity professional with experience in the commercial sector. This position requires the ability to conduct extensive travel to client sites of up to 75%, typically Monday through Thursday.
-5+ years of experience with Cybersecurity vulnerability assessments and equivalent processes
-3+ years of experience with planning and executing comprehensive Cybersecurity scanning and assessments, including identifying applicable security controls, analyzing assessment procedures, and identification and using required tools
-Experience with using or configuring two or more of the following vulnerability assessment tools: Tenable/Nessus, Retina, QualysGuard, Nexpose, OpenVAS, HPE Fortify, Veracode, Tripwire, Guardium, RedSeal, or SkyBox
-Experience with using GRC tools and platforms to manage and automate vulnerability assessment workflows
-Experience with assessing organizational risks and recommending mitigation strategies
-Knowledge of Cybersecurity principles, including Threat Intelligence, Penetration Testing, Red Team, and Incident Response within the context of supporting vulnerability management functions
-Ability to consolidate, analyze, create, and brief findings on vulnerabilities and associated risk
-Ability to lead and train junior staff and travel up to 75%
-BA or BS degree
-CISSP, CISM, SABSA, or GIAC Certification
-Experience with ethical hacking, including information security, application vulnerability testing, code-level security auditing, and secure code reviews
-Experience in change management techniques associated with new technology implementation
-Experience assessing and validating security configurations of network operating systems, including Cisco IOS, database configurations, and UNIX systems and legacy operating systems, including AIX
-Knowledge of secure development best practices, including OWASP and how to apply security standards to improve the SDLC process
-Ability to use secure configuration benchmarks, including CIS and ISO to develop secure system configuration baseline policies
Integrating a full range of consulting capabilities, Booz Allen is the one firm that helps clients solve their toughest problems by their side to help them achieve their missions. Booz Allen is committed to delivering results that endure.