Booz Allen Hamilton has been at the forefront of strategy and technology for more than 100 years. Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe. Booz Allen partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering and innovation expertise. Cross Domain Security Tester, Mid
Conduct assessment of threats and vulnerabilities through testing and evaluation activities, including network penetration testing, Web application security testing and conduct social engineering exercises. Determine deviations from required or acceptable configurations. Consult on the evaluation of the existing level of risk.
-5+ years of experience with computer Cybersecurity or information assurance and testing in a professional work environment
-Experience with Cross-Domain Solution development and testing and reviewing and interpreting DoD Cross-Domain requirements and the Cross-Domain Risk Model (CDRM) approval process
-Experience with Linux-based operating systems, including RedHat Enterprise Linux and Kali Linux or associated tools
-Experience with performing source code analysis using the following tools: HP Fortify, FindBugs, or Klocwork Static Code Analysis
-Experience with Wireshark network protocol analyzer
-Experience with DoD Risk Management Framework (RMF), including NIST 800-53 and associated overlays
-Ability to perform software validation analysis, define and document test plans and specifications required for regulatory compliance, and develop testing strategies, methodologies, and detailed procedures
-Active TS/SCI clearance
-BA or BS degree
-Experience with problem-solving through out-of-the-box approaches
-Experience with security methodologies, system dependencies, and source code analysis processes
-Knowledge of SELinux
-Knowledge of networking
-Knowledge of configuration management and automation tools, including JIRA, Stash, Subversion, Confluence, or Jenkins
-Knowledge of public-key cryptography, including certificates, certificate authorities, and revocation lists
-Knowledge of Agile development and management with Agile Scrum
-Knowledge of Cloud and VM technology to design and implement automated testing and scanning strategies
-Ability to troubleshoot problems that occur during the configuration and scanning process in a fast-paced, constantly changing environment
-Ability to make recommendations that mitigate security vulnerabilities identified in reports
-Possession of excellent oral and written communication skills
-DoD 8570 IAT Level II Certification
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.
Integrating a full range of consulting capabilities, Booz Allen is the one firm that helps clients solve their toughest problems by their side to help them achieve their missions. Booz Allen is committed to delivering results that endure.
We are proud of our diverse environment, EOE, M/F/Disability/Vet.