Title: Security Control Assessor - Representative (SCA-R) KBR is seeking candidates with Risk Management Framework (RMF) and Cloud Service Providers experience to join a team supporting the United States Department of Defense (DoD) Defense Innovation Unit (DIU). Position Description: The selected candidate will serve in an SCA support role as a Security Control Assessor (SCA-R) and perform tasks related to Assessment & Authorization (A&A) and cybersecurity for the DIU to obtain and maintain Authorizations to Operate (ATO) for assigned systems (i.e., applications, networks, devices). This position will be part of a team developing recommended courses of action to fast-track authorization decisions. Primary Responsibilities: + Provide solutions to complex problems that require the regular use of expertise and creativity. Problems are broadly defined, and solutions require the continuation of specialized theories and knowledge + Serve as Subject Matter Expert (SME) on one or more technologies/skills related to A&A activities + Actively lead and participate in regular A&A status meetings with government and contract personnel to facilitate progress and address potential issues of RMF system efforts, schedule conflicts, and resource alignment + Participate in sessions aimed at identifying, planning, and executing strategies in response to emerging cybersecurity/RMF policies + Working directly with the SCA as a qualified agent to ensure validation activities are compliant with the cybersecurity test strategy + Utilize analysis of actual outcomes or their expert opinion to recommend policies, doctrine, tactics, and procedures at the Federal, State, and Local levels. + Review RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&M), Risk Assessment Reports, and packages submitted for authorization decisions + Make risk and authorization recommendation to the SCA and Authorizing Official Minimum Qualifications: + Bachelor’s Degree and ten (10) years of experience with Cybersecurity / Information Technology. In lieu of degree, fifteen (15) years of hands-on experience with Cybersecurity / Information Technology + Demonstrated experience with Risk Management Framework + Demonstrated experience in AWS and DevOps-related technologies: + Everyday AWS technologies: + General: AWS IAM, AWS Organizations + Networking: VPCs, Security Groups, Route 53, WAF, ELB + Compute: EC2, Lambda + Storage: S3, EBS, RDS + Logging & reporting: CloudTrail, CloudWatch, Config, SecurityHub + DevOps products like GitLab, Kubernetes, Harbor, and Keycloak + Security products and scanning tools like ACAS/Nessus, Trivy, RHACS / StackRox + General understanding of protocols like: TCP/IP, OpenID, oAuth, SAML, YAML, XML + Demonstrated efficiency and experience in RMF package review, including POA&Ms (mitigation statements), Security Plans, Risk Assessments, architecture diagrams, hardware/software inventories, and system/site policies, procedures, and processes + Experience working within the DoD + Understand Cloud focused technologies and the 3PAO assessments + Excellent customer service and organization skills + Excellent oral and written communication skills + Active DoD Secret security clearance + Active CISSP, AWS Solutions Architect, DevOps Engineer, or Azure Security Engineer certification(s) Additional Skills Desired: + Experience working with the DIU + Familiarity with Air Force Platform One and DoD containerization guidance + Experience with FedRAMP authorizations + Experience in RMF policy development, process improvement, and strategy implementation + Access to SIPRNet environment for eventual IL6 deployment Belong, Connect and Grow at KBRAt KBR, we are passionate about our people and our Zero Harm culture. These inform all that we do and are at the heart of our commitment to, and ongoing journey toward being a People First company. That commitment is central to our team of team’s philosophy and fosters an environment where everyone can Belong, Connect and Grow. We Deliver – Together. KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.