Booz Allen Hamilton Cybersecurity Policy and Compliance Analyst, Lead in McLean, Virginia

Cybersecurity Policy and Compliance Analyst, LeadinMcLean, VAatBooz Allen Hamilton Inc.

Date Posted:7/13/2018

ApplyApplyNot ready to Apply?

×Join Our Talent Network

Join us. The world can’t wait.

The Booz Allen Talent Network is your opportunity hub—a chance to learn about what we do, how we do it, and how you can help.

Tell us what interests you. We’ll send you:

  • Job alerts that match your passions

  • Details about relevant upcoming events

  • Information about our work in the news

  • And more

Empower change with us. Start by joining the Network.

Privacy Policy

Cookie Policy

Terms and Conditions

  • {{ err }}

Thanks for joining our Talent Network, {{vm.userName}}

This service is currently unavailable. Please try again at a later time.


By joining our Talent Network you have not officially applied to a position.

By joining our Talent Network you have not officially applied to a position.

Thanks for joining our Talent Network, {{ vm.userName }}

By joining our Talent Network you have not officially applied to a position. To apply for this position, please click the continue button.


Redirect in {{vm.counter}}

Share With:

Job Snapshot

  • Employee Type:


  • Location:

McLean, VA

  • Job Type:

Strategy - Planning

  • Experience:

Not Specified

  • Date Posted:


Job DescriptionJob Number: R0032030

Cybersecurity Policy and Compliance Analyst, Lead

Key Role:

Function as a technical security, FISMA analyst, and subject matter expert (SME) leading a team responsible for assessing NIST 800-53 Revision 4 management, operation, technical, and privacy security control implementation compliance for large, complex information systems. Support executing full SA&A life cycle and risk management functions, measuring risk, examining system documentation, interviewing appropriate system and site personnel, testing system technical security configuration settings, reviewing Nessus scan results, and developing findings reports. Demonstrate expertise in NIST 800-53 Revision 4 or NIST 800-53A Revision 4 security guidance and security control assessment (SCA) processes using the NIST risk management framework (RMF). Leverage knowledge of NIST 800–37 RMF, FIPS 199, NIST 800-34 Contingency Planning, and POA&M management and continuous monitoring. Test system technical security configuration settings, review Nessus scan results for compliance with industry standards, and assist with developing and reviewing compliance reports that identify security findings and proposed remediation strategies clearly. Comprehend and analyze market trends in conjunction with Cybersecurity, FISMA, RMF, vulnerability remediation, Cloud security, security control assessments, and security testing to develop business capture strategies tailored to capitalize on those areas. Propose solutions necessary to meet client Cybersecurity requirements.

Basic Qualifications:

-8+ years of experience with FISMA, RMF, and NIST SP 800–53 or 53A

-Experience with federal agencies

-Knowledge of FedRAMP and Cloud security processes

-Ability to interpret Nessus scan results

-Ability to conduct technical security audits for large and complex information systems

-Ability to analyze information system configurations and technical specifications against security control standards and identify deficiencies and remediation strategies

-Ability to coordinate with and gather information from several different data sources and client operating units simultaneously

-Ability to travel up to 50% of the time

-Ability to obtain a security clearance

-BA or BS degree

Additional Qualifications:

-Experience with translating Nessus vulnerability scan results into findings aligned to NIST SP 800–53 Revision 4 security controls

-Experience with current technologies used for technical security control reviews, including Microsoft System Center Configuration Manager, IBM Endpoint Manager (IEM) or Tivoli Endpoint Manager (TEM), BigFix, and Tenable Nessus software preferred

-Knowledge of security challenges and solutions

-Possession of excellent oral and written communication skills

-Security+ or CISSP Certification preferred


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status—to fearlessly drive change.