Security Control Assessor and System Certification Specialist, Senior
Booz Allen Hamilton, Arlington, VA, United States
Security Control Assessor and System Certification Specialist, Senior
Opportunity
Function as a Senior System Certification Specialist or Security Control Assessor as part of a team in the performance of Assessment and Authorization (A&A) activities ensuring NIST management, operation, technical, and privacy security control implementation compliance for large, complex DoD information systems. Provide support for executing the full A&A life cycle and risk management functions, measuring risk, examining system documentation, interviewing system and site personnel, testing system technical security configuration settings, reviewing scan results, and developing findings reports. Demonstrate subject‑matter expertise in NIST security guidance and security control assessment (SCA) processes using the NIST Risk Management Framework (RMF). Guide and mentor junior team members in the SCA process, provide advanced analysis and advice to the client, and manage complex assessments.
Experience and Skills
7+ years of experience providing security guidance and IS validation using NIST, RMF, DoD, and local security policies
Experience planning and executing comprehensive cybersecurity test events, including identifying security controls, analyzing assessment procedures, and using required tools such as ACAS or SCAP
Experience providing configuration management (CM) for information system security software, hardware, and firmware, and coordinating changes as an ISSO, ISSM, or Security Control Assessor
Experience interfacing with information assurance managers, including preparing and reviewing documentation such as SSPs, Risk Assessment Reports, C&A packages, and POA&Ms
Knowledge of NIST Contingency Planning, POA&M management, and DoD continuous monitoring
Top Secret clearance
High school diploma or GED
Cybersecurity IAT‑Level III, CISSP, or CAP certification
Nice to Have
Experience with DoD cybersecurity policies, directives, and DoD STIGs
Experience leveraging ACAS, CMRS, and eMASS tools
Experience assessing organizational risks and recommending mitigation strategies
Clearance
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information. Top Secret clearance is required.
Compensation and Benefits
Salary for this position is determined by location, education, skills, and experience, and is expected to be within the range of $86,800.00 to $198,000.00 (annualized USD). The compensation package includes health, life, disability, financial, and retirement benefits; paid leave; professional development; tuition assistance; work‑life programs; and dependent care. Full‑time and part‑time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen’s benefit programs.
Equal Opportunity Statement
All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.
#J-18808-Ljbffr
Opportunity
Function as a Senior System Certification Specialist or Security Control Assessor as part of a team in the performance of Assessment and Authorization (A&A) activities ensuring NIST management, operation, technical, and privacy security control implementation compliance for large, complex DoD information systems. Provide support for executing the full A&A life cycle and risk management functions, measuring risk, examining system documentation, interviewing system and site personnel, testing system technical security configuration settings, reviewing scan results, and developing findings reports. Demonstrate subject‑matter expertise in NIST security guidance and security control assessment (SCA) processes using the NIST Risk Management Framework (RMF). Guide and mentor junior team members in the SCA process, provide advanced analysis and advice to the client, and manage complex assessments.
Experience and Skills
7+ years of experience providing security guidance and IS validation using NIST, RMF, DoD, and local security policies
Experience planning and executing comprehensive cybersecurity test events, including identifying security controls, analyzing assessment procedures, and using required tools such as ACAS or SCAP
Experience providing configuration management (CM) for information system security software, hardware, and firmware, and coordinating changes as an ISSO, ISSM, or Security Control Assessor
Experience interfacing with information assurance managers, including preparing and reviewing documentation such as SSPs, Risk Assessment Reports, C&A packages, and POA&Ms
Knowledge of NIST Contingency Planning, POA&M management, and DoD continuous monitoring
Top Secret clearance
High school diploma or GED
Cybersecurity IAT‑Level III, CISSP, or CAP certification
Nice to Have
Experience with DoD cybersecurity policies, directives, and DoD STIGs
Experience leveraging ACAS, CMRS, and eMASS tools
Experience assessing organizational risks and recommending mitigation strategies
Clearance
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information. Top Secret clearance is required.
Compensation and Benefits
Salary for this position is determined by location, education, skills, and experience, and is expected to be within the range of $86,800.00 to $198,000.00 (annualized USD). The compensation package includes health, life, disability, financial, and retirement benefits; paid leave; professional development; tuition assistance; work‑life programs; and dependent care. Full‑time and part‑time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen’s benefit programs.
Equal Opportunity Statement
All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.
#J-18808-Ljbffr