Open Positions

B&M is hiring Security Assessors (entry-level and experienced) for IT security testing, risk and vulnerability analysis, and consulting engagements on Federal projects. The Security Assessors will plan and conduct IT security assessments and testing of technical, management, and operational controls of Federal IT security and privacy programs and systems. These positions require an understanding of security principles, how they apply to system architectures, and the various testing methods utilized to ascertain the effectiveness of those controls. The candidates who fill the position will work in a team environment with an experienced Project Manager. The candidates will be assigned risk and vulnerability assessments under the direction of the Project Manager, and be expected to develop client-ready deliverables.

The candidates may perform any or all of the following: conduct IT security testing (risk and vulnerability analysis) of complex operational systems and facilities; define and describe risk exposure based on threats and exploit paths, while factoring in mitigating controls; provide recommendations for remediating detected vulnerabilities and compliance gaps; conducts independent testing of corrective actions to validate risk/vulnerability resolution. The candidates, with guidance from the Technical Project Manager, is expected to be able to evaluate technical controls related to areas such as, but not limited to, the adequacy of encryption controls implemented across a variety of platforms to protect sensitive data in transit and at rest; the architecture, configuration, and use of antivirus and malware detection and management solutions; audit log generation, aggregation, and analysis; and authentication solution configuration and management.

Responsibilities:

  • Familiar with OMB Circular A-130 and NIST requirements, particularly NIST SP 800-37 Revision 2 and SP 800-53 Revision 5
  • Able to plan, conduct, and document IT security testing in accordance with NIST SP 800-53A Revision 5
  • Facilitates and conducts Security Control Assessments (SCA) and possibly additional advanced-level Continuous Monitoring Activities within internally hosted and cloud-based environments
  • Ensures cyber security policies are adhered to and that required controls are implemented
  • Validates respective information system security plans to ensure NIST control requirements are met
  • Develops resultant SCA documentation, including but not limited to the Security Assessment Report
  • Initiates recommendations associated with the findings on how to improve the customer’s security posture in accordance with NIST controls
  • Reviews the controls that support the Requirements Traceability Matrix (RTM) and the details of the System Security Plan (SSP) to determine completeness and accuracy
  • Follows and abides by the SCA Standard Operating Procedure (SOP) that is provided by the client
  • Provides Security Assessment Results to meet client requirements and standards, which will include at a minimum the following documents: SAR, RTM, and a detailed technical results document as stipulated by the client upon Security Assessment completion
  • Assists with the interpretation and analysis of Security Assessment Results upon completion of each Security Assessment and/or as requested to assist with post-assessment questions, to assess the vulnerability and risk to the system and to the customer or other connected systems
  • Able to lead small, less complex system assessments independently
  • Able to assist team members with proper artifact collection to the client’s examples of artifacts that will satisfy assessment requirements
  • Be proficient at testing, analyzing and interpreting Security Assessment Results for all systems, including but not limited to the following platforms:
    • Microsoft Server 2008/2012/Other, UNIX/Linux, Microsoft SQL Server, Oracle DBMS, Sybase DBMS, Windows 7, IIS, Mobile Device Management solutions, Routers/Switches/Firewalls, Printers/Faxes/Multi-Function Devices, .Net and Java custom-developed applications
Tools:

Familiarity with the following tools is preferred, but is not required: Archer GRC, Qualys, Tenable, CoreImpact, DbProtect, Nessus, IBM AppScan, Symantec Endpoint Protection, Symantec DLP, FireEye ATP, McAfee SIEM, McAfee IDS/IPS, ForeScout, MS Excel pivot tables.

Entry-Level Requirements:
  • Bachelor or Master of Science in Computer Science or Cybersecurity with GPA > 3.5
  • Knowledge of Federal information security standards and methodologies preferred, including FISMA requirements, OMB standards and guidelines, and NIST Federal Information Processing Standards (FIPS) Publications and Special Publications (NIST FIPS 199, NIST FIPS 200, NIST SP 800-37, NIST SP 800-53/A, etc.)
  • Ability to apply information security principles to enterprise applications, operating systems, and networks
  • Excellent written and verbal communication skills
Experienced-Level Requirements:
  • Bachelor or Master of Science in Computer Science or Cybersecurity with GPA > 3.5
  • 2 - 4 years of Security control assessment (SA&A) experience
  • Experience in performing IT security testing, IT control assessments/audits, and/or IT Security Testing and Evaluation (ST&E) preferred
  • Knowledge of Federal information security standards and methodologies preferred, including FISMA requirements, OMB standards and guidelines, and NIST Federal Information Processing Standards (FIPS) Publications and Special Publications (NIST FIPS 199, NIST FIPS 200, NIST SP 800-37, NIST SP 800-53/A, etc.)
  • Ability to apply information security principles to enterprise applications, operating systems, and networks
  • Excellent written and verbal communication skills
  • One or more of the following certifications is preferred: CISSP, CEH, CISA, CISM, CAP


Citizenship Requirements:

U.S. Citizens only. Applicants selected will be subject to a government security investigation and must be able to pass a Federal background check for a public trust clearance.


To Apply:

Please send your detailed resume that includes a summary of your SA&A qualifications at the top of the resume to hr@bm-consulting-group.com

.
Equal Opportunity Employer

B&M Consulting Group, Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

B&M is hiring Security Engineers (Entry-Level, Mid-Level, and Experienced) based in the Washington, DC Metro Area to assist with installation, configuration, integration, operations, and maintenance of security capabilities for cloud-hosted and on-premises systems and applications. The candidates who fill the positions will work in a team environment with a highly experienced Technical Lead and Project Manager.

Responsibilities:

  • Designing, implementing, testing, and maintaining cloud-native and on-premises security capabilities aligned with Federal standards and client requirements.
  • Supporting the integration of security capabilities with cloud-native and on-premises systems and applications.
  • Working with business/mission stakeholders and application teams to define security requirements for cloud-native and on-premises systems and applications, and performing testing/validation to ensure secure configuration and implementation of systems and applications.
  • Designing enterprise and system security architectures aligned with Federal requirements, to include zero-trust.

Qualifications:
  • Bachelor or Master of Science in Cybersecurity Engineering or similar field with GPA > 3.5
  • Familiarity with various security tools and capabilities, including intrusion detection, firewalls and content filtering, vulnerability scanning, etc.
  • Familiarity with cloud development, implementation, and maintenance
  • Familiarity designing secure networks, systems and application architectures
  • Knowledge of risk assessment tools, technologies and methods
  • Ability to communicate security issues to peers and management in writing and verbally
  • Ability to read and use results of various security testing tools, perform false-positive analysis and validation, and communicate results and recommended remediation actions to technical and non-technical audiences

Tools:

Familiarity with the following tools is preferred, but not required: Splunk, Tenable/Nessus, StealthBits, dynamic application security testing (DAST) tools, static application security testing (SAST) tools, and various cloud security capabilities.

Citizenship Requirements:

U.S. Citizens or Permanent Residents (Green Card Holders). Applicants selected will be subject to a government security investigation and must be able to pass the Federal background check for a public trust clearance.

To Apply:

Please send your detailed resume that includes a summary of your qualifications at the top of your resume, as well as your overall GPA for each degree to hr@bm-consulting-group.com.


Equal Opportunity Employer

B&M Consulting Group, Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

B&M is seeking a Human Resources (HR) Specialist to be based in the Rockville, MD office to support the corporate team. The Human Resources Specialist will partner with B&M management to provide full operational HR, recruiting, and benefits support, as required by the business needs. This opportunity is ideal for a candidate with Human Capital consulting experience, who has the strategic, analytical, solid writing and presentation skills; is able to develop HR policies, supporting documentation, as well as review and incorporate evolving Federal requirements into HR policy. This position is based in Rockville, MD, with eventual opportunity for telework.
Responsibilities:
HR Strategy and Policies:

  • Remain apprised of Federal, state, and local business requirements and HR-related mandates to advise managers and employees on business compliance;
  • Develop and implement HR strategy and HR policies;
  • Support the delivery of HR projects and change initiatives, in line with the organizational HR strategy;
  • Maintain and update the Employee Handbook and corresponding policies, procedures, and supporting documentation.


Employee Relations:
  • Coach and advise employees and managers on effective personnel management and collaborative work environment;
  • Maintain, update, and manage the company annual performance review program;
  • Manage employee relations and resolve any personnel issues that may come up;
  • Manage, maintain, and update company on-boarding and off-boarding procedures, to include relevant training sessions;
  • Manage subcontractor agreements, including reviewing and updating them with evolving Federal requirements;
  • Positively influence culture and collaboration across the organization.


HR Operations:
  • Manage day-to-day HR operations, to include payroll and benefits management.


Recruiting:
  • Manage employee recruitment, to include candidate identification, vetting, screening, interviewing, and conducting the references and background checks.


Requirements:
  • Bachelor’s or Master’s Degree in a related field
  • 5+ years of HR experience
  • SHRM certifications preferred
  • Strong analytical skills
  • Human Resources or Human Capital consulting experience is preferred
  • Excellent written and verbal communication skills
  • Demonstrated ability to consult and partner with management on HR strategy implementation
  • Proactive, highly motivated, results-focused, and detail-oriented
  • Solid understanding of Maryland and Montgomery County employment law

To Apply:

Please send your detailed resume that includes a summary of your HR qualifications at the top of the resume to hr@bm-consulting-group.com The summary should include all key areas listed under responsibilities and outline your relevent experience for each area.


Equal Opportunity Employer

B&M Consulting Group, Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.



B&M Consulting Group, Inc. (B&M) is seeking a Technical Writer to support a robust cybersecurity program. Ideal candidate would have 3-5 years’ experience working with systems and application teams to document and maintain system security documentation, including Standard Operating Procedures (SOP) and System Security Plans (SSP), as well as experience developing templates and cybersecurity guidelines for use throughout an organization.


Responsibilities:
  • Develop and maintain Federal Risk Management Framework (RMF) documents, including Standard Operating Procedures (SOPs) and System Security Plans (SSPs)
  • Write control implementation statements for NIST security and privacy controls for systems/applications and groups of systems
  • Act as the RMF subject-matter expert, providing advice and guidance to system teams on how to meet security documentation standards
  • Coordinate and collaborate with system stakeholders to develop and/or update system security documentation within specified timeframes
  • Develop and maintain security standards and guidelines to implement security policy at the application level
  • Create templates and guides/plans related to cybersecurity for the client’s IT community, and internal team-focused standard operating procedures and desk references
  • Develop crisp and professional presentations (PowerPoint) on a variety of security topics, including briefs to executive management, training and awareness presentations, and reports
  • Contribute to corporate documentation efforts, including proposal development
  • Develop white papers in consultation with cybersecurity engineers

Qualifications:
  • Bachelor or Master degree
  • Cumulative>Cumulative GPA of 3.5 or above
  • Strong problem-solving and analytical skills
  • Excellent written and verbal communication skills
  • Excellent copy-editing and proofreading skills
  • Ability to work independently and within a team
  • Detailed-oriented and highly organized
  • Motivated and self-driven

Professional Skills:
  • Strong documentation management and version control mindset
  • Experience reading and interpreting Federal and Departmental cybersecurity policy
  • Advanced to expert business writing in long and short form
  • Technical writing and copy editing, delivering clean and consistent content across multiple documents

Technical Skills:
  • Advanced to Expert: Microsoft Word and Microsoft PowerPoint (formatting, creating templates)
  • Intermediate: Microsoft Excel
  • Beginner: SharePoint, Teams, PowerApps, general understanding of Federal Cloud computing

To Apply:

Please send your detailed resume that includes a summary of your HR qualifications at the top of the resume to hr@bm-consulting-group.com The summary should include all key areas listed under responsibilities and outline your relevent experience for each area.


Citizenship Requirements

U.S. Citizens and Permanent Residents ONLY. Applicants selected will be subject to a governmentsecurity investigation and must be able to pass a Federal background check for a public trust clearance.


Equal Opportunity Employer

B&M Consulting Group, Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.