Vulnerability Risk Management Professional

Booz Allen Hamilton   •  

Philadelphia, PA

Industry: Accounting, Finance & Insurance


5 - 7 years

Posted 165 days ago

This job is no longer available.

Job Description

Job Number: R0015099

Booz Allen Hamilton has been at the forefront of strategy and technology for more than 100 years. Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe. Booz Allen partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering and innovation expertise.

VulnerabilityRisk ManagementProfessional

Key Role:
Assess clients’ vulnerability management programs and develop recommendations to achieve Cybersecurity best practices. Provide Cybersecurity and privacy analysis and consulting throughout the security assessment and compliance life cycle process. Plan, develop, and finalize continuous monitoring of Cybersecurity and privacy policies, programs, compliance artifacts, and standards. Assess and recommend automated and manual testing, examination, scanning, interviewing, and discovery techniques to identify, validate, and assess security vulnerabilities of large, complex information systems, including enclaves, networks and applications, services, and platform IT. Respond to client requests for information. Develop Booz Allen’s vulnerability management capability and service offerings. Work as a Cybersecurity professional with experience in the commercial sector. This position requires the ability to conduct extensive travel to client sites of up to 75%, typically Monday through Thursday.

Basic Qualifications:
-5+ years of experience with Cybersecurity vulnerability assessments and equivalent processes
-3+ years of experience with planning and executing comprehensive Cybersecurity scanning and assessments, including identifying applicable security controls, analyzing assessment procedures, and identification and using required tools
-Experience with using or configuring two or more of the following vulnerability assessment tools: Tenable/Nessus, Retina, QualysGuard, Nexpose, OpenVAS, HPE Fortify, Veracode, Tripwire, Guardium, RedSeal, or SkyBox 
-Experience with using GRC tools and platforms to manage and automate vulnerability assessment workflows
-Experience with assessing organizational risks and recommending mitigation strategies
-Knowledge of Cybersecurity principles, including Threat Intelligence, Penetration Testing, Red Team, and Incident Response within the context of supporting vulnerability management functions
-Ability to consolidate, analyze, create, and brief findings on vulnerabilities and associated risk
-Ability to lead and train junior staff and travel up to 75%
-BA or BS degree
-CISSP, CISM, SABSA, or GIAC Certification

Additional Qualifications:
-Experience with ethical hacking, including information security, application vulnerability testing, code-level security auditing, and secure code reviews
-Experience in change management techniques associated with new technology implementation
-Experience assessing and validating security configurations of network operating systems, including Cisco IOS, database configurations, and UNIX systems and legacy operating systems, including AIX
-Knowledge of secure development best practices, including OWASP and how to apply security standards to improve the SDLC process
-Ability to use secure configuration benchmarks, including CIS and ISO to develop secure system configuration baseline policies

Integrating a full range of consulting capabilities, Booz Allen is the one firm that helps clients solve their toughest problems by their side to help them achieve their missions.  Booz Allen is committed to delivering results that endure.