Jobs · Business Development · Virginia

External Attack Surface Management Analyst

Booz Allen Hamilton · McLean, VA · 2 wk ago
HybridBusiness Development$99k–$225k/yrFull-time

The Opportunity

As an External Attack Surface Management (EASM) Analyst on our team, you’ll continuously identify, monitor, and manage the company’s internet-facing risk exposure. This role focuses on discovering all external assets, including known and shadow IT systems, assessing their security posture, and proactively identifying, prioritizing, and mitigating vulnerabilities and misconfigurations based on risk and potential impact.

You play a critical role in protecting Booz Allen from external threats by delivering real-time visibility, risk prioritization, and actionable remediation guidance. Working closely with threat intelligence, digital risk protection, and security engineering teams, this position ensures that external exposures are rapidly identified and addressed before they can be exploited.

You Have

  • 4+ years of experience in vulnerability management, security operations, or incident response
  • Experience with an Attack Surface Management discovery tool such as Defender EASM
  • Experience with securing cloud infrastructure such as AWS, Azure, or GCP
  • Experience with automation and data analysis such as Python preferred
  • Experience with API integrations to connect disparate systems, automate processes, and improve operational efficiency
  • Knowledge of networking fundamentals including TCP, IP, DNS, HTTP, HTTPS, SSL, and TLS
  • Associate’s degree and 7+ years of experience supporting IT projects and activities, Bachelor’s degree and 5+ years of experience supporting IT projects and activities, Master’s degree and 3+ years of experience supporting IT projects and activities, or 12+ years of experience supporting IT projects and activities in lieu of a degree

Nice If You Have

  • Experience with data analytics including data manipulation, visualization, and reporting
  • Experience partnering with system owners to identify mitigations or compensating controls when remediation is not immediately feasible
  • Experience triaging vulnerabilities and determining risk-based prioritization
  • Experience with IT service management platforms such as ServiceNow
  • Knowledge of Configuration Management Database (CMDB) concepts and implementation
  • Knowledge of security frameworks such as NIST CSF, MITRE ATT&CK, or CIS Controls
  • Ability to translate technical findings into business risk for non-technical stakeholders

Compensation

Compensation at Booz Allen is determined by various factors, including but not limited to location, the individual’s particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $99,000.00 to $225,000.00 (annualized USD).

Identity Statement

As part of the hiring process, we will ask you to complete an identity verification process that leverages advanced biometrics and artificial intelligence to ensure authenticity and protect against identity fraud. You are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.

Candidate AI Usage Policy

AI is a part of our daily work at Booz Allen, and we are committed to the responsible and ethical use of AI tools. However, we want to ensure a fair candidate process based on your own skills and knowledge. As part of this commitment, the use of artificial intelligence (AI) or other tools to assist with responses during interviews (whether in-person or virtual) is prohibited unless permission is explicitly provided.

Work Model

  • Remote: If this position is listed as remote, there may still be occasions when you are required to work in person at a Booz Allen or customer facility.
  • Hybrid: If this position is listed as hybrid, you will be expected to work from a Booz Allen facility frequently, in alignment with leadership expectations and the needs of the role. You may also be required to work from or visit a customer facility.
  • Onsite: If this position is listed as onsite, work will primarily be performed at a Booz Allen office or customer facility, where employees will collaborate directly with colleagues and customers as required by the role.

Commitment to Non-Discrimination

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.

Similar jobs

Electronic Attack Analyst

Johns Hopkins Applied Physics LaboratoryLaurel, MD· 2 mo ago
Sales$100k/yrapply on careers.jhuapl.edu