Information System Security Officer

Your growth matters to us - explore our career development opportunities.

Connect with others in our people-first culture and enhance our collective ingenuity.

Learn how we’ll support you as you pursue a balanced, fulfilling life.

Discover what to expect during your journey as a candidate with us.

Cyber threats are everywhere, and the constantly evolving nature of these threats can make understanding them seem overwhelming to government agencies and military organizations. In all of this “cyber noise”, how can these organizations understand their risk and mitigate them? The answer is you. We need your knowledge as an Information Systems Security Officer ( ISSO ) to help break down complex threats into manage able plans of action.

As an ISSO on our team, you lead all Risk Management Framework ( RMF ) and cybersecurity efforts and coordinate with outside agencies and at the client location. You are responsible for ensuring that the cybersecurity risk management process is in place and the appropriate operational security posture is maintained and documented to protect and defend the capabilities and assets of the client's Enterprise Type Training Enclaves, Information Systems, fielded Program Managed Systems, and Training and Exercise Networks. In this role, you'll c ond uct scheduled scans of networks and systems, validate applied Security Technical Implementation Guides ( STIGs ) and patches performed by System Administrators ( SAs ) and Network Administrators ( Nas ) , and create or implement required RMF products, such as Plans of Action and Milestones ( POA & M ) and STIGs. You'll perform continuous monitoring of applied STIGs and patches, c ond uct periodic auditing to assess vulnerabilities of networks and systems, and assist the Information Systems Security Manager ( ISSM ) in meeting their duties and responsibilities and initiate protective measures for cybersecurity incidents. You'll produce artifacts, trackers, and other necessary documents to meet the Security Control Assessment Validation ( SCA-V ) and maintain the United States Army Type Authority to Operate ( ATO ) .

Join us. The world can’t wait.

You Have:

• 10+ years of experience in application of NIST, DoD, and Army Cybersecurity and Risk Management Framework policies , directives, instructions, manuals, and best business practices
• 4+ years of experience in a supervisory role
• Knowledge of industry methods for evaluating, implementing, and disseminating IT security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities
• Knowledge of disa ster recovery continuity of operations plans, enterprise incident response programs, roles, and responsibilities, and network security architecture concepts, including topology, protocols, components, and principles such as application of Defense-in-Depth
• Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins, measures, or indicators of system performance and availability, and network systems management principles, models, methods, such as end-to-end systems performance monitoring, and tools
• Knowledge of server administration and systems engineering theories, concepts, and methods, and systems lifecycle management principles, including sof tware security and usability
• Ability to determine how a security system should work, including its resilience and dependability capabilities, and how changes in c ond itions, operations, or the environment will affect these outcomes
• TS / SCI clearance
• DOD 8570.01-M IAM II certification

Nice If You Have:

• 5+ years of experience working in MTCs

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information ; TS/SCI clearance is required.

Compensation

At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen’s benefit programs. Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits. We encourage you to learn more about our total benefits by visiting the Resource page on our Careers site and reviewing Our Employee Benefits page.

Salary at Booz Allen is determined by various factors, including but not limited to location, the individual’s particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $77,600.00 to $176,000.00 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of Booz Allen’s total compensation package for employees. This posting will close within 90 days from the Posting Date.

Information System Security Officer

The Opportunity:

Cyber threats are everywhere, and the constantly evolving nature of these threats can make understanding them seem overwhelming to government agencies and military organizations. In all of this “cyber noise”, how can these organizations understand their risk and mitigate them? The answer is you. We need your knowledge as an Information Systems Security Officer ( ISSO ) to help break down complex threats into manage able plans of action.

As an ISSO on our team, you lead all Risk Management Framework ( RMF ) and cybersecurity efforts and coordinate with outside agencies and at the client location. You are responsible for ensuring that the cybersecurity risk management process is in place and the appropriate operational security posture is maintained and documented to protect and defend the capabilities and assets of the client's Enterprise Type Training Enclaves, Information Systems, fielded Program Managed Systems, and Training and Exercise Networks. In this role, you'll c ond uct scheduled scans of networks and systems, validate applied Security Technical Implementation Guides ( STIGs ) and patches performed by System Administrators ( SAs ) and Network Administrators ( Nas ) , and create or implement required RMF products, such as Plans of Action and Milestones ( POA & M ) and STIGs. You'll perform continuous monitoring of applied STIGs and patches, c ond uct periodic auditing to assess vulnerabilities of networks and systems, and assist the Information Systems Security Manager ( ISSM ) in meeting their duties and responsibilities and initiate protective measures for cybersecurity incidents. You'll produce artifacts, trackers, and other necessary documents to meet the Security Control Assessment Validation ( SCA-V ) and maintain the United States Army Type Authority to Operate ( ATO ) .

Join us. The world can’t wait.

You Have:

• 10+ years of experience in application of NIST, DoD, and Army Cybersecurity and Risk Management Framework policies , directives, instructions, manuals, and best business practices
• 4+ years of experience in a supervisory role
• Knowledge of industry methods for evaluating, implementing, and disseminating IT security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities
• Knowledge of disa ster recovery continuity of operations plans, enterprise incident response programs, roles, and responsibilities, and network security architecture concepts, including topology, protocols, components, and principles such as application of Defense-in-Depth
• Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins, measures, or indicators of system performance and availability, and network systems management principles, models, methods, such as end-to-end systems performance monitoring, and tools
• Knowledge of server administration and systems engineering theories, concepts, and methods, and systems lifecycle management principles, including sof tware security and usability
• Ability to determine how a security system should work, including its resilience and dependability capabilities, and how changes in c ond itions, operations, or the environment will affect these outcomes
• TS / SCI clearance
• Bachelor's degree
• DOD 8570.01-M IAM II certification

Nice If You Have:

• 5+ years of experience working in MTCs

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information ; TS/SCI clearance is required.

Compensation

At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen’s benefit programs. Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits. We encourage you to learn more about our total benefits by visiting the Resource page on our Careers site and reviewing Our Employee Benefits page.

Salary at Booz Allen is determined by various factors, including but not limited to location, the individual’s particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $77,600.00 to $176,000.00 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of Booz Allen’s total compensation package for employees. This posting will close within 90 days from the Posting Date.

Identity Statement

As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.

Work Model
Our people-first culture prioritizes the benefits of flexibility and collaboration, whether that happens in person or remotely.

• If this position is listed as remote or hybrid, you’ll periodically work from a Booz Allen or client site facility.
• If this position is listed as onsite, you’ll work with colleagues and clients in person, as needed for the specific role.

Commitment to Non-Discrimination

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.