Information System Security Manager (ISSM)

Title:

KBR is seeking candidates with Risk Management Framework (RMF) and Cloud Service Providers experience to join a team supporting the United States Department of Defense (DoD) Defense Innovation Unit (DIU).

Position Description:

The selected candidate will serve as an Information System Security Manager (ISSM) and perform tasks related to Assessment & Authorization (A&A) and cybersecurity for the DIU to obtain and maintain Authorizations to Operate (ATO) for assigned systems (i.e., applications, networks, devices). This position will be part of a team developing recommended courses of action to fast-track authorization decisions.

Primary Responsibilities:

• Provide solutions to complex problems that require the regular use of expertise and creativity. Problems are broadly defined, and solutions require the continuation of specialized theories and knowledge
• Serve as Subject Matter Expert (SME) on one or more technologies/skills related to A&A activities
• Participate in sessions aimed at identifying, planning, and executing strategies in response to emerging cybersecurity/RMF policies
• Review RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&M), Risk Assessment Reports, and packages submitted for authorization decisions
• Prepare the security assessment report documenting the issues, findings, and recommendations from the security control assessment

Minimum Qualifications:

• Bachelor’s Degree and six (6) years of experience with Cybersecurity / Information Technology. In lieu of a degree, twelve (12) years of hands-on experience with Cybersecurity / Information Technology.
• Demonstrated experience with Risk Management Framework
• Demonstrated experience in AWS and DevOps-related technologies:
  • Everyday AWS technologies:
    • General: AWS IAM, AWS Organizations
    • Networking: VPCs, Security Groups, Route 53, WAF, ELB
    • Compute: EC2, Lambda
    • Storage: S3, EBS, RDS
    • Logging & reporting: CloudTrail, CloudWatch, Config, SecurityHub
  • DevOps products like GitLab, Kubernetes, Harbor, and Keycloak
  • Security products and scanning tools like ACAS/Nessus, Trivy, RHACS / StackRox
  • General understanding of protocols like: TCP/IP, OpenID, oAuth, SAML, YAML, XML
• Demonstrated efficiency and experience in RMF package review, including POA&Ms (mitigation statements), Security Plans, Risk Assessments, architecture diagrams, hardware/software inventories, and system/site policies, procedures, and processes
• Experience working within the DoD
• Understand Cloud focused technologies and the 3PAO assessments
• Excellent customer service and organization skills
• Excellent oral and written communication skills
• Active DoD Secret security clearance
• Active CISSP, AWS Solutions Architect, DevOps Engineer, or Azure Security Engineer certification(s)

Additional Skills Desired:

• Experience working with the DIU
• Familiarity with Air Force Platform One and DoD containerization guidance
• Experience with FedRAMP authorizations
• Experience in RMF policy development, process improvement, and strategy implementation
• Access to SIPRNet environment for eventual IL6 deployment

Belong, Connect and Grow at KBR

At KBR, we are passionate about our people and our Zero Harm culture.  These inform all that we do and are at the heart of our commitment to, and ongoing journey toward being a People First company.  That commitment is central to our team of team’s philosophy and fosters an environment where everyone can Belong, Connect and Grow. We Deliver – Together. 

KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.