The Cyber Security Risk Analyst role executes the VA Enterprise Risk Analysis process using a custom ERA tool to identify key cyber security risk factors in network connected Research Scientific Computing Devices and Special Purpose Systems, including building automation systems, physical security systems, and operational technology. These risk factors are summarized, evaluated and reported using quantitative and qualitative scores to provide a VA authorizing official with awareness of the residual cyber risk prior to connecting these devices to the VA network. The ERA Analyst must acquire, review and leverage system documentation and data gathered through questionnaires and interviews with customers in the field and vendor or manufacturer representatives to accurately document critical security posture elements in a common reporting format. These elements include hardware or software inventory, communications profile, system interconnections, data types and stores, and the presence or lack of security controls, settings and mechanisms for a given device type. The analyst works within the Risk Management team and is expected to collaborate with Federal and contractor team mates to achieve best outcomes for the ERA process. This position is open to remote delivery anywhere within the U.S., to include the District of Columbia.
Empower change with us.
- Experience with Cybersecurity, risk management, or risk assessment for complex systems
- Experience with NIST SP 800-53 and NIST SP 800-30
- Experience with documenting and depicting network topology and network protocols
- Ability to engage directly with clients, and third parties to facilitate enterprise risk analysis
- Ability to obtain a security clearance
- HS diploma or GED and 18+ years of experience in a professional environment or BS degree in CS, IT or Engineering and 10+ years of experience in a professional environment
Nice If You Have:
- Experience with cybersecurity analysis of medical technology or Internet of Things (IoT)
- Experience with Governance, Risk, and Compliance (GRC)
- Experience with Assessment and Authorization (A&A) and eMASS
- Experience with Excel and Visio
- Ability to work in a remote team environment, strong communication skills, ability to multi-task, and willingness to take ownership of tasks
- Public Trust
- CompTIA Security+ or Certified Risk Management Professional (CRISC) or Certified in Risk and Information Systems Control (CRISC)
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.
Build Your Career:
Rewarding work, fun challenges, and a ton of investment in our people—that’s Booz Allen cyber. When you join Booz Allen, we’ll help you develop the career you want.
Competitions — From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we’ve got plenty of chances for you to show off your skills.
Paid Research — Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.
Cyber University — CyberU has more than 5000 instructor-led and self-paced cyber courses, a free online library that you can access from just about anywhere—including your phone—and certification exam prep guides that include practical assessments to prepare you for your exam.
Academic Partnerships — In addition to our tuition reimbursement benefit, we’ve partnered with University of Maryland University College to offer two graduate certificate programs in cybersecurity—fully funded without a tuition cap.
Maker/Hackerspaces — Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.
We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.