Phase2 Technology
Overview
Job Number: R0226107 — Security Program Architect
Cyber threats are everywhere, and the evolving threat landscape requires DoD agencies and related components to understand risks and mitigations. You will be the senior point of contact and lead for ensuring that DoD and industry best practices for confidentiality, integrity, and availability of IT systems and services are applied for a large-scale complex data platform. You will lead secure product design, management, and delivery efforts to bring the benefits of cloud computing and data analytics to DoD customers.
Responsibilities
Manage the platform's information security program in collaboration with government stakeholders and product delivery teams to ensure a comprehensive security approach across the program.
Review technical artifacts for current and new platform capabilities to assess the threat landscape and provide recommendations to improve security design and data safeguarding.
Lead security initiatives such as DoD Zero Trust and ensure the security program complies with regulations and audit requirements.
Translate security concepts for the client to support decision-making on securing cloud infrastructure, AI solutions, containerized applications, CI/CD pipelines, and sensitive data repositories.
Lead the team in developing and enforcing security policies to protect the platform’s data and infrastructure.
Define and enhance risk identification and assessment procedures with high-quality assessments from the cyber delivery team.
Lead organized incident response actions, including advising, guiding, and reporting to key stakeholders.
Coordinate with external entities to meet authorization timelines and support security objectives.
Qualifications
You Have:
10+ years of experience with risk management methodologies aligned to NIST SP 800-30, 800-53, 800-128, 800-160, 800-171, or CIS benchmarks, supporting system security configurations and oversight.
5+ years leading DoD security management and engineering policy guidance and directives, managing ISSOs, ISSMS, or cybersecurity engineers, and interfacing with program managers and authorize-officials.
5+ years of experience with RMF, vulnerability assessments, IAVA reporting, and Information Assurance (IA) problem resolution.
Experience implementing RMF, FedRAMP, ICD 503 controls and DoD Information Levels in IT solution design to achieve authorizations.
Experience implementing and maintaining security controls within a complex architecture, including AWS, DevSecOps, and containerized COTS, GOTS, and custom software in Agile environments.
Experience developing and reviewing ATO packages in eMASS or Xacta.
Top Secret clearance.
Bachelor’s degree in IT or Cybersecurity.
CISSP Certification.
Nice If You Have
Experience managing a cybersecurity team including engineers, ISSOs, and ISSMs responsible for enterprise security policies and practices.
Experience developing, testing, and sustaining secure solutions in dynamic multi-cloud and multi-security enclave environments.
Experience assessing and planning for DoD Zero Trust compliance per the Zero Trust Strategy and Reference Architecture.
Experience with cyber-related tools such as Ansible, Terraform, Splunk, or STIG Viewer.
Strong organizational, presentation, and verbal/written communication skills.
TS/SCI clearance.
Master’s degree in IT or Cybersecurity.
AWS Solutions Architect or Certified Security Specialist Certification.
Clearance Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information. Top Secret clearance is required.
Compensation At Booz Allen, we celebrate your contributions, provide opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, paid leave, professional development, tuition assistance, work-life programs, and dependent care. Full-time and part-time employees are eligible for Booz Allen benefit programs; individuals not meeting the threshold are eligible for select offerings. The projected compensation range for this position is $112,800.00 to $257,000.00 (annualized USD). This posting will close within 90 days from the Posting Date.
Identity Statement As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.
Work Model Our people-first culture prioritizes flexibility and collaboration, whether in person or remotely.
If listed as remote or hybrid, you’ll periodically work from a Booz Allen or client site facility.
If listed as onsite, you’ll work with colleagues and clients in person as needed.
Commitment to Non-Discrimination All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran, or any other status protected by applicable law.
#J-18808-Ljbffr
Cyber threats are everywhere, and the evolving threat landscape requires DoD agencies and related components to understand risks and mitigations. You will be the senior point of contact and lead for ensuring that DoD and industry best practices for confidentiality, integrity, and availability of IT systems and services are applied for a large-scale complex data platform. You will lead secure product design, management, and delivery efforts to bring the benefits of cloud computing and data analytics to DoD customers.
Responsibilities
Manage the platform's information security program in collaboration with government stakeholders and product delivery teams to ensure a comprehensive security approach across the program.
Review technical artifacts for current and new platform capabilities to assess the threat landscape and provide recommendations to improve security design and data safeguarding.
Lead security initiatives such as DoD Zero Trust and ensure the security program complies with regulations and audit requirements.
Translate security concepts for the client to support decision-making on securing cloud infrastructure, AI solutions, containerized applications, CI/CD pipelines, and sensitive data repositories.
Lead the team in developing and enforcing security policies to protect the platform’s data and infrastructure.
Define and enhance risk identification and assessment procedures with high-quality assessments from the cyber delivery team.
Lead organized incident response actions, including advising, guiding, and reporting to key stakeholders.
Coordinate with external entities to meet authorization timelines and support security objectives.
Qualifications
You Have:
10+ years of experience with risk management methodologies aligned to NIST SP 800-30, 800-53, 800-128, 800-160, 800-171, or CIS benchmarks, supporting system security configurations and oversight.
5+ years leading DoD security management and engineering policy guidance and directives, managing ISSOs, ISSMS, or cybersecurity engineers, and interfacing with program managers and authorize-officials.
5+ years of experience with RMF, vulnerability assessments, IAVA reporting, and Information Assurance (IA) problem resolution.
Experience implementing RMF, FedRAMP, ICD 503 controls and DoD Information Levels in IT solution design to achieve authorizations.
Experience implementing and maintaining security controls within a complex architecture, including AWS, DevSecOps, and containerized COTS, GOTS, and custom software in Agile environments.
Experience developing and reviewing ATO packages in eMASS or Xacta.
Top Secret clearance.
Bachelor’s degree in IT or Cybersecurity.
CISSP Certification.
Nice If You Have
Experience managing a cybersecurity team including engineers, ISSOs, and ISSMs responsible for enterprise security policies and practices.
Experience developing, testing, and sustaining secure solutions in dynamic multi-cloud and multi-security enclave environments.
Experience assessing and planning for DoD Zero Trust compliance per the Zero Trust Strategy and Reference Architecture.
Experience with cyber-related tools such as Ansible, Terraform, Splunk, or STIG Viewer.
Strong organizational, presentation, and verbal/written communication skills.
TS/SCI clearance.
Master’s degree in IT or Cybersecurity.
AWS Solutions Architect or Certified Security Specialist Certification.
Clearance Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information. Top Secret clearance is required.
Compensation At Booz Allen, we celebrate your contributions, provide opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, paid leave, professional development, tuition assistance, work-life programs, and dependent care. Full-time and part-time employees are eligible for Booz Allen benefit programs; individuals not meeting the threshold are eligible for select offerings. The projected compensation range for this position is $112,800.00 to $257,000.00 (annualized USD). This posting will close within 90 days from the Posting Date.
Identity Statement As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.
Work Model Our people-first culture prioritizes flexibility and collaboration, whether in person or remotely.
If listed as remote or hybrid, you’ll periodically work from a Booz Allen or client site facility.
If listed as onsite, you’ll work with colleagues and clients in person as needed.
Commitment to Non-Discrimination All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran, or any other status protected by applicable law.
#J-18808-Ljbffr