Information Assurance Engineer, Mid

Belcamp, MD
Jun 24, 2019
Jun 26, 2019
Full Time
Information Assurance Engineer, Mid
The Challenge:

Everyone knows security needs to be "baked in" to a system architecture, but you actually know how to bake it in. You can identify and implement ways to harden systems and reduce their attack surface. What if you could use your Cybersecurity skills to design and build secure systems for the Army ? We're looking for an engineer who can help create solutions for the Army that will stand up to even the most advanced Cyber threats.

As a Cybersecurity engineer on our project, you'll be providing information and assurance support to our clients. You'll analyze the Cyber posture of a test harness system, provide critical expertise to mitigate Cyber risk, and perform Cybersecurity activities, including identifying, assessing, monitoring, and mitigating Cybersecurity risks in an effort to obtain and sustain authorization to operate (ATO) certification. You'll work with our development and operational team of experts to identify the right mix of tools and techniques to translate customer's needs and future goals into a plan that will enable secure and effective solutions. We help customers overcome their most difficult challenges by integrating secure practices like defense-in-depth, risk management, identity and access management, and information assurance. You'll be able to gain experience in Cybersecurity and information assurance while building peace of mind in a critical infrastructure. You'll broaden your skillset into other areas by developing plans of action and milestones (POA&M), creating risk management framework (RMF) documentation in support of IA accreditation, and performing vulnerability management using automated systems, including ACAS data feeds. You'll create RMF packages for test harness, including documentation to mitigate non-compliance security controls. Your technical expertise will be vital as you help customers overcome their most difficult challenges by integrating secure practices like endpoint based detection, response, multi-factor authentication, identity and access management, patch management, vulnerability scanning, static-code analysis, and advanced analytics.

Empower change with us.

Build Your Career:

Rewarding work, fun challenges, and a ton of investment in our people-that's Booz Allen cyber. When you join Booz Allen, we'll help you develop the career you want.

Competitions - From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we've got plenty of chances for you to show off your skills.

Paid Research - Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.

Cyber University - CyberU has more than 5000 instructor-led and self-paced cyber courses, a free online library that you can access from just about anywhere-including your phone-and certification exam prep guides that include practical assessments to prepare you for your exam.

Academic Partnerships - In addition to our tuition reimbursement benefit, we've partnered with University of Maryland University College to offer two graduate certificate programs in cybersecurity-fully funded without a tuition cap.

Maker/Hackerspaces - Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.

You Have:

-3+ years of experience with system and network vulnerability analysis, risk assessment, and risk mitigation analysis

-Experience with Cybersecurity, Cyber engineering, IT, or information assurance

-Experience with the DoD A&A process, standards, and network environment and NIST, RMF, and eMASS

-Experience with DoD assess and authorize ATO, information assurance policies, directives, and STIGs

-Knowledge of NIST 800 series publications, including 800-30, 800-37, 800-53, and 800-53a

-Knowledge of Microsoft Office, Virtual Machine or Cloud, and SIPR Enclave

-Ability to perform validation and testing of security controls for DoD systems

-Active TS/SCI clearance

-BA or BS degree

-CISSP or CompTIA Security+ Certification

Nice If You Have:

-Experience with the NIST, DoD, and Committee on National Security Systems (CNSS)

-Experience with network and host-based IDS, IPS, firewall, proxy, and SIEM systems

-Experience with software, including Docker, Postgress, NiFi, Nginx, or XML

-Experience with the installation, configuration, and administration of IT resources, including software products

-Experience with tools, including ACAS, HBSS, STIG Viewer, or SonarQube preferred

-Experience with NETCOM or PEO IEW&S

-Experience with assessing organizational risks and recommending mitigation strategies

-Knowledge of Cloud security

-Knowledge of various protocols and services, including TCP/IP, DNS, FTP, SSH, SNMP, and TELNET

-Possession of excellent time management skills to identify and prioritize tasks

-DoD IAT Certification


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.

We're an EOE that empowers our people-no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic-to fearlessly drive change.

Similar jobs