Title:

Information System Security Manager (ISSM)

KBR is seeking candidates with Risk Management Framework (RMF) and Cloud Service Providers experience to join a team supporting the United States Department of Defense (DoD) Defense Innovation Unit (DIU).

Position Description:

The selected candidate will serve as an Information System Security Manager (ISSM) and perform tasks related to Assessment & Authorization (A&A) and cybersecurity for the DIU to obtain and maintain Authorizations to Operate (ATO) for assigned systems (i.e., applications, networks, devices). This position will be part of a team developing recommended courses of action to fast-track authorization decisions.

Primary Responsibilities:

Provide solutions to complex problems that require the regular use of expertise and creativity. Problems are broadly defined, and solutions require the continuation of specialized theories and knowledgeServe as Subject Matter Expert (SME) on one or more technologies/skills related to A&A activitiesParticipate in sessions aimed at identifying, planning, and executing strategies in response to emerging cybersecurity/RMF policiesReview RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&M), Risk Assessment Reports, and packages submitted for authorization decisionsPrepare the security assessment report documenting the issues, findings, and recommendations from the security control assessment

Minimum Qualifications:

Bachelor’s Degree and six (6) years of experience with Cybersecurity / Information Technology. In lieu of a degree, twelve (12) years of hands-on experience with Cybersecurity / Information Technology.Demonstrated experience with Risk Management FrameworkDemonstrated experience in AWS and DevOps-related technologies:Everyday AWS technologies:General: AWS IAM, AWS OrganizationsNetworking: VPCs, Security Groups, Route 53, WAF, ELBCompute: EC2, LambdaStorage: S3, EBS, RDSLogging & reporting: CloudTrail, CloudWatch, Config, SecurityHubDevOps products like GitLab, Kubernetes, Harbor, and KeycloakSecurity products and scanning tools like ACAS/Nessus, Trivy, RHACS / StackRoxGeneral understanding of protocols like: TCP/IP, OpenID, oAuth, SAML, YAML, XMLDemonstrated efficiency and experience in RMF package review, including POA&Ms (mitigation statements), Security Plans, Risk Assessments, architecture diagrams, hardware/software inventories, and system/site policies, procedures, and processesExperience working within the DoDUnderstand Cloud focused technologies and the 3PAO assessmentsExcellent customer service and organization skillsExcellent oral and written communication skillsActive DoD Secret security clearanceActive CISSP, AWS Solutions Architect, DevOps Engineer, or Azure Security Engineer certification(s)

Additional Skills Desired:

Experience working with the DIUFamiliarity with Air Force Platform One and DoD containerization guidanceExperience with FedRAMP authorizationsExperience in RMF policy development, process improvement, and strategy implementationAccess to SIPRNet environment for eventual IL6 deployment

Belong, Connect and Grow at KBR

At KBR, we are passionate about our people and our Zero Harm culture.  These inform all that we do and are at the heart of our commitment to, and ongoing journey toward being a People First company.  That commitment is central to our team of team’s philosophy and fosters an environment where everyone can Belong, Connect and Grow. We Deliver – Together. 

KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.