Be an early applicantLess than 25 applicants

Company

Original Job Post

Booz Allen Hamilton · 3 days ago

Cyber Strategy and Risk Advisory Specialist

Washington, DC

Full-time

Onsite

Senior Level

$97K/yr - $220K/yr

8+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

ConsultingCyber Security

H1B Sponsorship

Growth Opportunities

Insider Connection @Booz Allen Hamilton

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Lead client delivery teams to solve clients' toughest challenges in cyber strategy and risk management.

Collaborate with experts to develop risk management programs and identify technical vulnerabilities.

Craft threat and risk-aligned mitigations to help clients proactively stop cyber-attacks.

Guide staff in various industry verticals and prioritize their growth and empowerment.

Establish quality standards, delegate responsibility, navigate conflict, and foster a culture of accountability.

Ensure solutions meet high-quality standards and are delivered within established timelines and budgets.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Cybersecurity AssessmentsEnterprise ConsultingStrategic AdvisoryThreat ModelingVulnerability IdentificationCyber Risk ManagementRoot Cause AnalysisRisk-Based MitigationsAssessment ReportsPresentationsCISSP CertificationCEH CertificationGSEC CertificationOSCP CertificationCISM CertificationThird-Party Risk ManagementSupply Chain Risk ManagementGRC ProgramsApplication SecurityProduct SecurityDevOpsDevSecOpsSDLCCloud Assessment MethodologiesWindows System AdministrationLinux System AdministrationNetwork SecuritySOCThreat HuntingRisk Modeling

Required

8+ years of experience executing cybersecurity assessments against industry-standard frameworks such as NIST CSF, NIST 800-53, and ISO 27001

5+ years of experience leading enterprise consulting engagements with Fortune 500 and Global 1000 clients with a focus on delivering results to C-level executives and Director-level stakeholders, including identifying root cause issues, and recommending threat and risk-aligned mitigations that extend beyond basic control gaps to uplift our client’s cyber resilience

5+ years of experience in strategic advisory client-facing roles leading delivery teams, managing client expectations, briefing executive stakeholders, and leading projects from inception through completion, including delivering results within specified timelines and budgets, and leading cross-functional engagement teams comprising of 2+ staff members in consulting or customer service delivery roles

3+ years of experience with cyber threat modeling techniques such as MITRE ATT&CK, PASTA, or STRIDE

3+ years of experience identifying technology vulnerabilities using both manual and automated processes, including automated compliance and vulnerability scanners and system configuration reviews such as CIS Benchmarks, STIGS, Nessus, or Splunk

2+ years of experience with cyber risk management frameworks and methodologies, such as FAIR, NIST RMF, or COBIT

Ability to identify root cause issues, analyze vulnerabilities, and propose risk-based mitigations that materially enhance organizational security risk posture

Ability to write whitepapers, assessment reports, presentations, and briefs, communicate effectively across all organizational levels, and explain complex technical ideas to diverse audiences, including executives such as board members, CEOs, CFOs, CTOs, and CISOs

Bachelor’s degree

CISSP, CEH, GSEC, OSCP, or CISM Certification

Preferred

7+ years of experience working at a large Technology or Management Consulting Firm

3+ years of experience designing or building Cyber Risk Management, Third-Party Risk Management (TPRM), Supply Chain Risk Management (SCRM), or GRC Programs

Experience with application security or product security, including in DevOps, DevSecOps, and SDLC, and with cloud assessment methodologies, including utilizing built-in processes for assessing native cloud services, including optimizing cloud infrastructure for efficiency, security, and cost-effectiveness

Experience with Windows or Linux system administration, including managing and securing operating systems effectively, and administering and assessing network devices and security, including routers, switches, firewalls, and intrusion detection and prevention systems

Knowledge of SOC and threat hunting and threat modeling and analysis

Knowledge of emerging topics, including regulations, industry practices, and new technologies such as AI, Cyber Risk Quantification (CRQ), Zero-Trust Architecture (ZTA), threat modeling, and risk modeling

Possession of excellent leadership, analytical, critical thinking, and problem-solving skills

Possession of excellent verbal and written communication skills

CRISC, COBIT 5, FAIR, or MITRE ATT&CK Certifications

GIAC Certified Incident Handler (GCIH), GIAC Enterprise Incident Response (GEIR), or MITRE Threat Hunting Certifications

Benefits

Health, life, disability, financial, and retirement benefits

Paid leave

Professional development

Tuition assistance

Work-life programs

Dependent care

Recognition awards program

Company

Booz Allen Hamilton

Glassdoor

4.2

Booz Allen Hamilton is a consulting firm that specializes in analytics, technology, and engineering.

Founded in 1914

Mclean, Virginia, USA

10,001+ employees

http://www.boozallen.com

H1B Sponsorship

Booz Allen Hamilton has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Trends of Total Sponsorships

2023 (14)

2022 (31)

2021 (29)

2020 (38)