Title:

Security Control Assessor - Representative (SCA-R)

KBR is seeking candidates with Risk Management Framework (RMF) and Cloud Service Providers experience to join a team supporting the United States Department of Defense (DoD) Defense Innovation Unit (DIU).

Position Description:

The selected candidate will serve in an SCA support role as a Security Control Assessor (SCA-R) and perform tasks related to Assessment & Authorization (A&A) and cybersecurity for the DIU to obtain and maintain Authorizations to Operate (ATO) for assigned systems (i.e., applications, networks, devices). This position will be part of a team developing recommended courses of action to fast-track authorization decisions.

Primary Responsibilities:

Provide solutions to complex problems that require the regular use of expertise and creativity. Problems are broadly defined, and solutions require the continuation of specialized theories and knowledgeServe as Subject Matter Expert (SME) on one or more technologies/skills related to A&A activitiesActively lead and participate in regular A&A status meetings with government and contract personnel to facilitate progress and address potential issues of RMF system efforts, schedule conflicts, and resource alignmentParticipate in sessions aimed at identifying, planning, and executing strategies in response to emerging cybersecurity/RMF policiesWorking directly with the SCA as a qualified agent to ensure validation activities are compliant with the cybersecurity test strategyUtilize analysis of actual outcomes or their expert opinion to recommend policies, doctrine, tactics, and procedures at the Federal, State, and Local levels.Review RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&M), Risk Assessment Reports, and packages submitted for authorization decisionsMake risk and authorization recommendation to the SCA and Authorizing Official

Minimum Qualifications:

Bachelor’s Degree and ten (10) years of experience with Cybersecurity / Information Technology. In lieu of degree, fifteen (15) years of hands-on experience with Cybersecurity / Information TechnologyDemonstrated experience with Risk Management FrameworkDemonstrated experience in AWS and DevOps-related technologies:Everyday AWS technologies:General: AWS IAM, AWS OrganizationsNetworking: VPCs, Security Groups, Route 53, WAF, ELBCompute: EC2, LambdaStorage: S3, EBS, RDSLogging & reporting: CloudTrail, CloudWatch, Config, SecurityHubDevOps products like GitLab, Kubernetes, Harbor, and KeycloakSecurity products and scanning tools like ACAS/Nessus, Trivy, RHACS / StackRoxGeneral understanding of protocols like: TCP/IP, OpenID, oAuth, SAML, YAML, XMLDemonstrated efficiency and experience in RMF package review, including POA&Ms (mitigation statements), Security Plans, Risk Assessments, architecture diagrams, hardware/software inventories, and system/site policies, procedures, and processesExperience working within the DoDUnderstand Cloud focused technologies and the 3PAO assessmentsExcellent customer service and organization skillsExcellent oral and written communication skillsActive DoD Secret security clearanceActive CISSP, AWS Solutions Architect, DevOps Engineer, or Azure Security Engineer certification(s)

Additional Skills Desired:

Experience working with the DIUFamiliarity with Air Force Platform One and DoD containerization guidanceExperience with FedRAMP authorizationsExperience in RMF policy development, process improvement, and strategy implementationAccess to SIPRNet environment for eventual IL6 deployment

Belong, Connect and Grow at KBR

At KBR, we are passionate about our people and our Zero Harm culture.  These inform all that we do and are at the heart of our commitment to, and ongoing journey toward being a People First company.  That commitment is central to our team of team’s philosophy and fosters an environment where everyone can Belong, Connect and Grow. We Deliver – Together. 

KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.