Manage the ATO, ATC, and all security policy-related responsibilities for the cloud infrastructure within the VA's AWS Gov Cloud. Conduct vulnerability scanning, container scanning, remediation planning, and incident response. Leverage expertise to make recommendations on maintaining, enhancing, and automating the overall technical security posture of the MAP environments. Provide detailed system documentation and updates. Create or assist in implementing tools, frameworks, and communication channels to drive work to successful and timely completion. Maintain positive relationships with Government and contractor stakeholder groups to execute system steward duties and translate security concepts into actionable recommendations. Identify, document, and manage cybersecurity risks, project milestones, and progress reports and briefings for clients and senior management. This position is open to remote delivery anywhere within the U.S., to include the District of Columbia.
2+ years of experience with supporting system Authority to Operate (ATO) processes and creating artifacts, control implementation details, and POAMs
Experience with managing complex system records in the Enterprise Mission Assurance Support Service (eMASS) tool
Experience with managing the remediation plan for vulnerability scans, including Nessus, Database, Compliance, and Pentest
Experience with National Institute of Standards and Technology (NIST) security controls, the Governance, Risk Management, and Compliance (GRC) security documentation tool, Risk Management Framework (RMF), Federal Information Security Management Act (FISMA), Federal Information System Controls Audit Manual (FISCAM) criteria, and security compliance processes
Experience with stakeholder engagement, advising clients, leading meetings, and executive-level communications
Experience with Microsoft Office Suite, including Excel, PowerPoint, Visio, and SharePoint
Knowledge of PKI, JWT, AD user and application authentication mechanisms, and Infrastructure and Application monitoring capabilities and tools
Ability to facilitate meetings, analyze authorization documents and associated artifacts against authorization requirements to identify gaps, establish a schedule to address outstanding authorization requirements, and coordinate directly with system team stakeholders
Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements
Bachelor's degree in a Cybersecurity, Computer Science, Engineering, or Technical field or 8+ years of experience working in a professional environment in lieu of a degree
Experience with all phases of the software development life cycle (SDLC) in AWS GovCloud using Agile methods and DevSecOps methods and tools, including Jenkins, Bitbucket, Jira, Docker, Kubernetes, or Vagrant
Experience with Linux OS
Experience Hashicorp tools, including Consul, Vault, and Packet, ElasticSearch, FluentD, Prometheus, or Grafana
Experience with working in professional collaborative settings while leading the development of multiple work products and deliverables
Experience with process improvement, strategic communications, change management, or strategic planning
Knowledge of service-oriented architecture (SOA) development and designing and implementing RESTful Web services
Ability to learn technical concepts quickly and communicate with multiple functional groups
Applicants selected will be subject to a government investigation and may need to meet eligibility requirements of the U.S. government client.
The proposed salary range for this position in Colorado is 100,000 to 115,000. Final salary will be determined based on various factors.
At Booz Allen, we celebrate your contributions, provide you with opportunities and choice, and support your total well-being. Our comprehensive benefit offerings include healthcare, retirement plan, insurance programs, commuter program, employee assistance program, paid and unpaid leave programs, education assistance, and childcare benefits.
We’re an equal employment opportunity/affirmative action employer that empowers our people to fearlessly drive change – no matter their race, color, ethnicity, religion, sex (including pregnancy, childbirth, lactation, or related medical conditions), national origin, ancestry, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, military or uniformed service member status, genetic information, or any other status protected by applicable federal, state, local, or international law.