Job Number: R0018279
Booz Allen Hamilton has been at the forefront of strategy and technology for more than 100 years Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe. Booz Allen partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering and innovation expertise.Information Systems Security Engineer, Senior
Provide Cybersecurity engineering and support to security controls assessors and validators on assessment and authorization efforts for systems that are considered major upgrades or use complex or leading-edge technology, participating in and providing subject matter expertise for laboratory and operational security assessments. Participate in Information Assurance (IA) discovery briefs with the client's Delegated Authorizing Official. Review security controls selections, tailoring, implementation, and testing, analyze scan results from network- and host-based security scanning tools, and recommend mitigations for security control deficiencies. Perform security assessments, design reviews, and provide IA guidance for new technologies, including Cloud implementations, cross-domain solutions, Big Data and relational databases, and Web services. Develop, design, integrate, test, document, deploy, operate, and maintain automated tools for security testing, including Host Based Security System (HBSS) and Assured Compliance Assessment Solution (ACAS). Support the architectural design, integration, installation, configuration, testing, documentation, administration, and operations and maintenance (O&M) of systems and capabilities to support scanning, monitoring, and reporting of compliance testing and Intelligence Community Vulnerability Alerts and Bulletins (ICVA/ICVB). Develop security documentation that is compliant with Intelligence Community Directive (ICD) 503, 500-series Intelligence Community Standards (ICSs), and related National Institutes of Standards and Technology (NIST) 800-series Special Publications (SPs).
-Experience with DoD Information Assurance (IA) Certification and Accreditation Process (DIACAP), DoD Risk Management Framework (RMF), ICD 503, and NIST RMF
-Experience with the intelligence community (IC), DoD, Navy Intelligence (NAVINTEL) IA, Fleet Cyber Command, and DoD Intelligence Information System (DoDIIS) tools, systems, reporting mechanisms, and requirements for Assessment and Authorization (A&A)
-Experience with implementing and executing security engineering practices in the system or software development life cycle (SDLC) process and designing, developing, and using host-based and network-based scanning tools
-Experience in the installation, configuration, testing, deployment, and O&M of enterprise-wide network-based scanning tools, including Retina and ACAS in support of compliance testing and continuous monitoring
-Experience in UNIX/Linux, including Solaris or Red Hat Enterprise Linux or Microsoft Windows operating systems, including Server 2012R2, Server 2016, Windows 7, Windows 10, and DoD Secure Host Baselines
-Knowledge of the DoD, IC, and national-level system security initiatives and secure information, Local Area Network/Wide Area Network, Cloud technologies, cross-domain solutions, and technologies
-Knowledge of developing security controls, testing methodologies, and test procedures for systems, Cloud-based architectures, and cross-domain solutions
-BA or BS degree in Computer Science (CS), Electrical Engineering (EE), Information Technology (IT), or Information Assurance (IA)
-Certified Information System Security Professional (CISSP) Certification
-2 years of experience with project management preferred
-Experience with Security Content Automation Protocol (SCAP) based tools and specifications
-Experience in system or software design, development, integration, testing, system administration, and O&M
-Experience in Java, C, or C++ software development
-Ability to display proactive, results-oriented, interpersonal, and customer relations and team-building expertise
-Possession of excellent oral and written communications skills
-MS degree in Computer Science (CS), Electrical Engineering (EE), Information Technology (IT), Information Assurance (IA), or related field
-CISSP-Information System Security Engineering Professional (CISSP-ISSEP) Certification
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.
Integrating a full range of consulting capabilities, Booz Allen is the one firm that helps clients solve their toughest problems by their side to help them achieve their missions. Booz Allen is committed to delivering results that endure.
We are proud of our diverse environment, EOE, M/F/Disability/Vet.