Apply on Employer Site

Booz Allen Hamilton · 2 days ago

Information Systems Security Officer

Alexandria, VA

Full-time

Hybrid

Mid, Senior Level

$99K/yr - $225K/yr

5+ years exp

Booz Allen Hamilton is focused on addressing cyber threats faced by Department of Defense (DoD) agencies. They are seeking an Information Systems Security Officer (ISSO) to work with government stakeholders and development teams to identify cyber risks, develop mitigation plans, and ensure compliance with cybersecurity standards.

ConsultingCyber SecurityIT InfrastructureManagement ConsultingSecurity

Growth Opportunities

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Work with government stakeholders and a cloud-based application and platform development team to identify cyber risks, understand applicable policies, and develop a mitigation plan

Review technical, environmental, and personnel details from security engineers, platform and application developers, and enterprise architects to assess the entire threat landscape

Coordinate with product delivery teams to ensure their products meet DoD cybersecurity standards and support a larger cyber team to collectively guide your client through a plan of action with presentations, documentation, and milestones

Translate security concepts for clients to help them secure cloud infrastructure, AI solutions, containerized applications, CI/CD application pipelines, and sensitive data repositories

Conduct risk assessments, considering data confidentiality, integrity, and availability

Be involved in organized Incident Response actions such as consulting, guiding, and reporting back to key stakeholders

Support the team in meeting authorization timelines and coordinating communications with external entities in support of that objective

Qualification

Risk management methodologiesCybersecurity leadershipAWS cloud securitySecurity controls implementationATO authorization packagesCompliance analysisAudit log reviewsCybersecurity certificationsCommunication skillsOrganizational skills

Required

5+ years of experience implementing risk management methodologies contained in best practice documentation such as NIST SP 800-30, SP 800-53, SP 800-128, SP 800-160, SP 800-171, or CIS benchmarks in support of system security configurations, practices, and oversight

3+ years of experience providing cybersecurity leadership in an ISSO capacity, interfacing with internal and external SMEs such as PMs, Cyber Assessors, and AOs

Experience with control implementations associated with RMF, FedRAMP, ICD 503, and DoD Information Levels, including applying them to the design and implementation of IT solutions to achieve system authorizations

Experience implementing and maintaining security controls within AWS cloud, containerized, CI/CD pipeline, and Agile development environments

Experience developing and reviewing ATO authorization packages in Xacta or eMASS

Experience analyzing compliance and vulnerability scan results and implementing appropriate mitigations

Experience performing audit log reviews to detect anomalous behavior in information systems and networks and overseeing continuous monitoring activities

Active TS/SCI clearance; willingness to take a polygraph exam

Bachelor's degree

CGRC, CAP, CASP+, CCSP, Cloud+, SSCP, Security+, or GSEC Certification

Preferred

Experience with DoD security technical implementation guides (STIGs), checklists, and testing tools, including STIG Viewer, SCAP, and ACAS scanning tools

Experience with cyber related tools such as Ansible, Terraform, Splunk, or STIG Viewer

Ability to work through challenging security requirements to maintain compliance

Possession of excellent written, presentation, and verbal communication skills

Possession of excellent organizational skills

TS/SCI clearance with a polygraph

Bachelor's degree in IT, Cybersecurity, Data Science, Information Systems, or CS

DoD 8570 IAT or IAM Level III Certification such as CISSP Certification

AWS Solutions Architect or Certified Security - Specialty Certification