Key Role:

Develop, communicate, and implement cybersecurity architecture and administration processes for cloud environments across multiple network domains. Collaborate across our cloud infrastructure delivery team and with stakeholders using an Agile process to ensure design, implementation, verification, and continuous monitoring of cloud solutions across multiple domains. Develop Risk Management Framework (RMF) Body of Evidence artifacts, including system security plans and cybersecurity concept of operations documents for Azure operating within Cloud environments in alignment with existing RMF packages. Support assessment and authorization activities to achieve and maintain Authority to Operate (ATO) on multiple networks. Evaluate enhancements to Cloud environments against RMF controls and DoD Security Technical Implementation Guidance (STIG) requirements. Support data capture and configuration within tools to enable achievement of the organization’s Assessment and Authorization (A&A) objectives. Work without considerable direction. Mentor and supervise team members, as needed.

• Develop, communicate, and implement cybersecurity architecture and administration processes for cloud environments across multiple network domains.
• Collaborate across cloud infrastructure delivery team and with stakeholders using an Agile process.
• Ensure design, implementation, verification, and continuous monitoring of cloud solutions across multiple domains.
• Develop Risk Management Framework (RMF) Body of Evidence artifacts, including system security plans and cybersecurity concept of operations documents for Azure.
• Support assessment and authorization activities to achieve and maintain Authority to Operate (ATO) on multiple networks.
• Evaluate enhancements to Cloud environments against RMF controls and DoD Security Technical Implementation Guidance (STIG) requirements.
• Support data capture and configuration within tools to enable achievement of the organization’s Assessment and Authorization (A&A) objectives.
• Work without considerable direction.
• Mentor and supervise team members, as needed.

Basic Qualifications:

• 7+ years of experience with securing computer systems, performing authorization activities, and writing security plans
• 7+ years of experience with secure IT architecture, computing hardware, and software
• Experience working with Cloud technologies, including Azure or AWS, such as Infrastructure as a Service (IaaS)
• Experience defining and developing secure-based cloud architecture while adhering to development methodologies, engineering, and cloud standards
• Experience with developing Body of Evidence for NIST Risk Management Framework (RMF)
• Experience with supporting security reviews of software and system releases within a DevSecOps framework supporting recurring path-to-production software and system release activities
• Experience with terminology, processes, and regulations of IT system A&A for the RMF
• Ability to obtain a Secret clearance
• Bachelor's degree

Additional Qualifications:

• Experience with planning, implementing, and managing continuous monitoring solutions and working within an Agile based project management framework and with Red Hat Enterprise Linux (RHEL) or Windows system administration
• Experience providing detailed guidance to engineering team members creating in and operating cloud environments
• Experience with architecting Zero Trust solutions, road maps, and capabilities in alignment with industry standards, including NIST 800-207, CISA Maturity Model, or DoD Zero Trust Strategy
• Experience with leading product selection initiatives, including automation and orchestration, visibility and analytics, secure DevOps, identity and access management, conditional based access, attribute-based access control, or micro-segmentation
• Knowledge of terminology and federal regulations related to specification, development, and maintenance of IT systems
• Ability to collaborate with project and proposal teams to incorporate Cybersecurity solutions and develop high quality implementation plans and roadmaps
• Possession of excellent verbal and written communication skills
• Secret clearance
• Master's degree
• CISSP or CCSP certification

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

Compensation

At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen’s benefit programs. Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits. We encourage you to learn more about our total benefits by visiting the Resource page on our Careers site and reviewing Our Employee Benefits page.

Salary at Booz Allen is determined by various factors, including but not limited to location, the individual’s particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $96,600.00 to $220,000.00 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of Booz Allen’s total compensation package for employees. This posting will close within 90 days from the Posting Date.

Work Model

Our people-first culture prioritizes the benefits of flexibility and collaboration, whether that happens in person or remotely.

• If this position is listed as remote or hybrid, you’ll periodically work from a Booz Allen or client site facility.
• If this position is listed as onsite, you’ll work with colleagues and clients in person, as needed for the specific role.

EEO Commitment

We’re an equal employment opportunity/affirmative action employer that empowers our people to fearlessly drive change – no matter their race, color, ethnicity, religion, sex (including pregnancy, childbirth, lactation, or related medical conditions), national origin, ancestry, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, military or uniformed service member status, genetic information, or any other status protected by applicable federal, state, local, or international law.

Sodexo at University Hospitals

Sodexo at University Hospitals has a great opportunity for a BMET Cybersecurity Specialist located in Cleveland, OH.

Founded in 1866, University Hospitals serves the needs of patients through an integrated network of 21 hospitals (including five joint ventures), more than 50 health centers and outpatient facilities, and over 200 physician offices in 16 counties throughout northern Ohio.

University Hospitals provides compassionate care for more than a million patients a year – one patient at a time. Guided in this work by core values of Service Excellence, Integrity, Compassion, Belonging and Trust. Setting the highest standards for quality and patient safety and have received prestigious awards and recognition for high-quality care, a personalized patient experience, and the latest in medical and research innovations.

• Leads the technical activities associated with the delivery of a medical device cybersecurity program, such as collection of cybersecurity data elements in the asset inventory, implementation of cybersecurity controls, and execution of critical cybersecurity fixes.
• Leads the technical analysis of emerging cybersecurity threats to determine impact to any devices in the asset inventory.
• Advises on technical elements of cybersecurity strategy, including recommendations for improvement.
• Supports the collection of metrics and key performance indicators for leadership review.

Required Qualifications:

• Associate degree or equivalent experience
• 3 years of functional experience

Preferred Qualifications:

• Medical Device Knowledge: very deep knowledge of the design of medical devices including protocols for device maintenance, thorough knowledge of medical device functions and how they are used for patient care.
• Software and Server Management: experience with hands-on management of highly technical and sensitive hardware and software used to support patient care.
• Strong Awareness of Hospital Processes.
• Drive for Results: ability to coordinate access & interactions with medical devices under complex situations.
• Demonstrated Specialization in Cybersecurity: passion for cybersecurity for medical devices and experience with hands-on cybersecurity activities.

Working in Healthcare Technology Management for Sodexo, you will partner with our Healthcare clients to manage their clinical technology needs. Together, we provide leadership and expertise for their business, patients, residents, and the staff who care for them. At Sodexo, we improve the Quality of Life of all those we serve. If you share these values, apply today!

Please learn more about University Hospitals at: https://www.uhhospitals.org/

Sodexo offers a full array of benefits including paid time off, holidays, medical, dental, vision, 401K and access to ongoing training and development programs, tuition reimbursement, plus health and wellness programs.

How far will your ambition, talent and dedication take you? Sodexo fosters a culture committed to the growth of individuals through continuous learning, mentoring and other career growth opportunities, along with the performance of organizations. We believe it is important for our work to be meaningful to all who contribute to it, and we remain faithful to our mission, our core values and the ethical principles. We support these values and help them thrive in each employee.

We strive to make working for Sodexo a genuinely great experience with benefits to promote your professional, personal, and financial well-being, and to improve your Quality of Life now and into the future. Our experiences with our over 50 million customers each and every day enable us to develop Quality of Life services that reinforce the well-being of individuals.

At Sodexo, we have HTM positions at numerous client locations across the United States. Continue your search for HTM jobs

Sodexo offers fair and equitable compensation, partially determined by a candidate's education level or years of relevant experience. While the budgeted range for the position is posted, Sodexo salary offers are based on a candidate's specific criteria, like experience, skills, education and training.

Sodexo is an EEO/AA/Minority/Female/Disability/Veteran employer.

Summary

To perform penetration testing against systems across NFCU in order to identify weaknesses and provide guidance on remediation and prevention. Conduct application, network, wireless, and mobile assessments as well as lead red team campaigns. Assess a wide variety of critical systems and applications to discover exploitable risks to the credit union and improve the risk posture of the organization. Provide findings and remediation guidance to relevant teams and serve as subject matter expert to help engineering teams understand findings and successfully manage risk. Work is performed under limited supervision.

• Independently manage penetration tests from inception through delivery to include:
• Scoping assessments and establishing rules of engagement
• Designing penetration tests for systems and applications using established assessment frameworks; account for common and unique application and system considerations
• Sourcing and leveraging information such as source code, architecture diagrams, etc. to enhance assessment coverage
• Coordinating & scheduling testing with engineering teams across the enterprise
• Effectively managing relationships and communicating with engineering teams before, during, and after testing
• Acting as subject matter expert with engineering teams when communicating results, preventative measures, remediation steps, and other security related information
• Acting as a technical lead for multi-resource engagements
• Identify and prescribe remediation for vulnerabilities in NFCU applications, systems, and networks
• Leverage complex tactics including, but not limited to, lateral movement, network tunneling/pivoting, credential compromise, and hash cracking
• Lead red team exercises with a focus on stealth, long campaigns, social engineering, and realistic threats
• Enhance testing by identifying novel attack patterns against NFCU systems and applications based on real-world data
• Perform attacks consistent with common threats (e.g. OWASP top 10) as well as uncommonly observed attacks specific to certain technologies and frameworks
• Research and develop exploits for local and remote targets
• Craft proofs of concept as well as deployable exploits for both public and novel vulnerabilities
• Create and automate custom fuzzing leveraging techniques relevant to NFCU technologies
• Develop custom scripts (Nuclei, Python, etc) to check for security requirements specific to individual applications
• Communicate complex technical risks concisely to non-technical and executive audiences
• Effectively employ OpSec best practices to minimize distribution of vulnerability data
• Mentor and support more junior staff across the security organization
• Perform other duties as assigned

Required Qualifications:

• Bachelor's Degree in Information Technology, Electrical Engineering, Computer Science, or the equivalent combination of education, training or experience
• Advanced hands on experience in the field of cybersecurity and/or application security, with hands-on penetration testing or red teaming as the primary/exclusive role
• Advanced knowledge of MITRE ATT&CK and/or CAPEC Frameworks
• Experience testing against Active Directory environments
• Experience testing against both Linux based and Windows based systems
• Experience developing custom malware and evading EDR solutions
• Experience coding in languages and on frameworks such as: Python, JavaScript, Bash, PowerShell, Java, C#, C++, Springboot, React, NodeJS
• Advanced networking knowledge spanning: IPv4/6, DNS, TCP/UDP, TLS/SSL, SSH, HTTP, SOCKS
• Advanced knowledge of modern cryptographic hashing & encryption methods and best practices
• Advanced organizational, planning and time management skills
• Advanced communication, presentation, and analytical skills

Preferred Qualifications:

• Advanced degree in Information Technology, Electrical Engineering, Computer Science, or the equivalent combination of education, training or experience
• At least one of the following certifications: OSCP, OSCE, OSEE, OSWE, OSWP, CREST penetration testing certifications ("Registered" and "Certified" levels such as CRT or CCSAS)
• Experience writing enterprise applications or performing techniques such as source code review, pair programming, etc.
• Experience leading testing engagements end to end.
• Advanced knowledge of Navy Federal's functions, philosophy, operations and organizational objectives

Hours: Monday - Friday, 8:00AM - 4:30PM

Locations: 820 Follin Lane, Vienna, VA 22180 | 5550 Heritage Oaks Dr. Pensacola, FL 32526 | 141 Security Dr. Winchester, VA 22602 | 9999 Willow Creek Road San Diego, CA 92131 | Remote