Vulnerability Risk Management Professional

Key Role:

Assess clients’ vulnerability management programs and develop recommendations to achieve Cybersecurity best practices. Provide Cybersecurity and privacy analysis and consulting throughout the security assessment and compliance life cycle process. Plan, develop, and finalize continuous monitoring of Cybersecurity and privacy policies, programs, compliance artifacts, and standards. Assess and recommend automated and manual testing, examination, scanning, interviewing, and discovery techniques to identify, validate, and assess security vulnerabilities of large, complex information systems, including enclaves, networks and applications, services, and platform IT. Respond to client requests for information. Develop Booz Allen’s vulnerability management capability and service offerings. Work as a Cybersecurity professional with experience in the commercial sector. This position requires the ability to conduct extensive travel to client sites of up to 75%, typically Monday through Thursday.

Basic Qualifications:

• 5+ years of experience with Cybersecurity vulnerability assessments and equivalent processes
• 3+ years of experience with planning and executing comprehensive Cybersecurity scanning and assessments, including identifying applicable security controls, analyzing assessment procedures, and identification and using required tools
• Experience with using or configuring two or more of the following vulnerability assessment tools: Tenable/Nessus, Retina, QualysGuard, Nexpose, OpenVAS, HPE Fortify, Veracode, Tripwire, Guardium, RedSeal, or SkyBox
• Experience with using GRC tools and platforms to manage and automate vulnerability assessment workflows
• Experience with assessing organizational risks and recommending mitigation strategies
• Knowledge of Cybersecurity principles, including Threat Intelligence, Penetration Testing, Red Team, and Incident Response within the context of supporting vulnerability management functions
• Ability to consolidate, analyze, create, and brief findings on vulnerabilities and associated risk
• Ability to lead and train junior staff and travel up to 75%
• BA or BS degree
• CISSP, CISM, SABSA, or GIAC Certification

Additional Qualifications:

• Experience with ethical hacking, including information security, application vulnerability testing, code-level security auditing, and secure code reviews
• Experience in change management techniques associated with new technology implementation
• Experience assessing and validating security configurations of network operating systems, including Cisco IOS, database configurations, and UNIX systems and legacy operating systems, including AIX
• Knowledge of secure development best practices, including OWASP and how to apply security standards to improve the SDLC process
• Ability to use secure configuration benchmarks, including CIS and ISO to develop secure system configuration baseline policies