Cybersecurity and Risk Management Framework Policy SME, Senior

Employment Type

: Full-Time


: Miscellaneous

The Challenge :

Everyone knows security needs to be “baked in” to a system architecture, but you actually know how to bake it in. You can identify and implement ways to harden systems and reduce their attack surface. What if you could use your cybersecurity skills to design and build secure systems for the DoD? We’re looking for a Cybersecurity SME who can create solutions that will stand up to even the most advanced cyber threats.

As a cybersecurity SME on our project, you’ll advise our clients on Risk Management Framework (RMF) policy issues and verify compliance with their systems. You’ll coordinate work with in house teams to identify the right mix of tools and techniques to translate your customer’s IT needs and future goals into a plan that will enable secure and effective solutions. We need to come up with the best solution, so you’ll investigate new techniques, break free from the legacy model, and go where the industry is going. You’ll lead the team through a critical approach to network design, providing alternatives and customizing solutions, to maintain a balance of security and mission needs. This is a chance to make a difference in the security of warfighter mission and communications systems. Your technical expertise will be vital as you help customers overcome their most difficult challenges by integrating secure practices like National Institute of Standards and Technology (NIST) RMF and Assessment and Authorization (A&A) processes. You’ll be able to broaden your skillset into areas like cloud-based security while building peace of mind in a critical infrastructure. Join our team, as we improve the ISR warfighter mission through cybersecurity.

You Have:

  • 5+ years of experience with securing computer systems, performing DoD accreditation activities, and writing security plans
  • Experience with scripts and Bash to provide automated scanning or monitoring solutions
  • Knowledge of DoD A&A processes, activities, standards, and available analytic tools
  • Knowledge of terminology, processes, and regulations applicable to IT system A&A for the RMF
  • Knowledge of secure IT architecture, computing hardware, and software
  • Ability to work independently and as an integrated member of a project team
  • Ability to adapt to evolving requirements and deliver to project deadlines
  • Active TS/SCI clearance
  • BA or BS degree
  • Completed DoD Directive 8570 or 8140 Series Certification requirements
  • Nice If You Have :

  • Experience with planning, implementing, monitoring, and managing continuous monitoring solutions
  • Experience in working with cloud technologies, including Amazon Web Services (AWS) or Azure, particularly Infrastructure as a Service
  • Experience with Red Hat Enterprise Linux (RHEL) or Windows system administration
  • Experience with the US Army, DoD, or intelligence community Information Assurance (IA), including Information Systems Security Officer (ISSO) or Information Assurance Manager (IAM) roles preferred
  • Experience with developing Body of Evidence artifacts for Certification and Accreditation (C&A) of systems under frameworks, including NIST Special Publication (SP) 800-Series, DoD RMF, and Intelligence Community Directive (ICD) 503
  • Experience with eMASS or Xacta tools
  • Knowledge of terminology and federal regulations applicable to specification, development, acquisition, and maintenance of IT systems
  • Possession of excellent oral and written communication skills
  • Clearance:

    Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.

    Build Your Career:

    Rewarding work, fun challenges, and a ton of investment in our people—that’s Booz Allen cyber. When you join Booz Allen, we’ll help you develop the career you want.

    Competitions — From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we’ve got plenty of chances for you to show off your skills.

    Paid Research — Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.

    Cyber University — CyberU has more than 5000 instructor-led and self-paced cyber courses, a free online library that you can access from just about anywhere—including your phone—and certification exam prep guides that include practical assessments to prepare you for your exam.

    Academic Partnerships — In addition to our tuition reimbursement benefit, we’ve partnered with University of Maryland University College to offer two graduate certificate programs in cybersecurity—fully funded without a tuition cap.

    Maker/Hackerspaces — Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.

    We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

    Launch your career - Create your profile now!

    Create your Profile

    Loading some great jobs for you...