Systems and Network Security Engineer

Booz Allen Hamilton•San Diego, CA

About The Position

Systems and Network Security Engineer The Opportunity: Are you looking for an opportunity to share your experience in cybersecurity compliance, vulnerability management, and risk-based decision-making to support national security missions? As a Systems Security and Network Security Engineer, you can identify the tools, technologies, and security controls needed to assess vulnerabilities and recommend the best solution and security strategy. We need your experience to lead the development and implementation of security solutions that will strengthen system security posture and enable mission-critical operations across DoW and Intelligence Community environments. On our team, you will troubleshoot and analyze complex challenges for customers using your knowledge of vulnerability management, tools, RMF processes, and security control implementation. You will use your curiosity for technology and market trends to further research and develop security solutions. Using your knowledge and experience in ACAS, Nessus, Splunk, and enterprise security tools, you will assess security threats and implement infrastructure controls. Success in this role requires strong attention to detail, the ability to manage competing priorities, and a proactive approach to problem-solving. You will be expected to work across multiple efforts, maintain visibility into ongoing activities, and contribute to consistent progress across security initiatives. In this role, you’ll closely impact critical national security environments by supporting system authorization, reducing cybersecurity risk, and ensuring compliance with DoW security standards. With mentoring, challenging hands-on problem-solving, and opportunities to learn new tools and skills, we focus on growing as a team to make the best solutions for our customers. Work with us as we secure and protect mission-critical defense and intelligence systems for the better.

Requirements

5+ years of experience supporting cybersecurity for IT systems, including Risk Management Framework (RMF), and vulnerability management activities
Experience developing or contributing to RMF artifacts and Authorization to Operate (ATO) packages
Experience with vulnerability scanning tools, including ACAS and Nessus, remediation tracking, performing risk analysis, developing mitigation strategies, and POA&M lifecycle management
Experience operating independently with ownership of assigned systems or program areas
Knowledge of RMF lifecycle, NIST SP 800-53 security controls, and STIG implementation
Ability to communicate technical findings clearly in written formats, including control narratives, and risk justifications
Ability to work directly with engineering teams and navigate technical discussions and pushback
Ability to meet DoD 8140 Cyber Workforce requirements for assigned roles
TS/SCI clearance
Bachelor's degree in STEM, or 5+ years of experience in cybersecurity or engineering for complex programs and systems in lieu of a degree

Nice To Haves

Experience supporting an ATO or reauthorization effort end-to-end
Experience briefing leadership on risk posture, vulnerabilities, or compliance status
Experience building Splunk dashboards or generating security-relevant reporting metrics
Experience with Agile or sprint-based environments
Experience coordinating remediation efforts across multiple stakeholders
Experience developing or maintaining governance artifacts, such as SSP, ISPP, and policy updates
Experience with ISSO or ISSM support
Experience working in classified environments
Ability to improve documentation clarity or compliance workflows
Cybersecurity, CISSP, or CASP+ Certification

Responsibilities

Develop relationships quickly and easily with other teams, communicating the complexities of security with a wide variety of audiences, including senior management.
Implement infrastructure and cyber security controls, including enhanced detection and vulnerability capabilities and improved event correlation in large enterprises.
Perform risk and vulnerability assessments in network, system, and application areas; leverage big data analytics and traditional security event types to identify advanced threats or indicators of compromise.