KBR, Inc. is a leader in providing high-end engineering and advanced technology solutions to the intelligence and national security communities. The Cyber Security RMF Support role involves ensuring the security, quality, and compliance of ATO RMF documentation while collaborating with various stakeholders to secure national defense systems.
Support the SSC with ensuring security, quality, timeliness, mission partner support, completeness, and regulatory compliance of ATO RMF documentation
Experience creating, editing and reviewing RMF, policy documents to implement administrative controls for each of the Rev 5 control families.
Experience developing and reviewing and performing self-assessments of control narratives and System Control Traceability Matrix (SCTM)
Experiencing reviewing and editing ATO artifacts such as Ports, Protocol and Services, matrix and Hardware/Software lists.
Proposing, coordinating, implementing, and enforcing all Department of the Air Force information system security policies, standards, and methodologies
Familiarity with vulnerability assessments using the Assured Compliance Assessment Solution (ACAS), Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG), and the Security Content Automation Protocol (SCAP) Compliance Checker, incorporating automated Benchmarks
Knowledge of evaluating operating systems and network devices security configuration in accordance with Defense Information Systems Agency (DISA) approved Security Technical Implementation Guides
Performing security control continuous monitoring, security audits, risk analysis and developing mitigation strategies for DoD information systems
Ensures software, hardware, and firmware complies with appropriate security configuration guidelines (e.g., security technical implementation guides /security requirement guides)
Ensures proper configuration management procedures are followed prior to implementation and contingent upon necessary approval. Coordinate changes or modifications with the system-level Information System Security Manager (ISSM), Security Control Assessor (SCA), and/or the Wing Cybersecurity office
During system development, recommends protective or corrective measures, in coordination with the ISSM, when a security incident or vulnerability is discovered.
During system development, reports security incidents or vulnerabilities to the system-level ISSM and wing cybersecurity office according to AFI 17-203, Cyber Incident Handling
Recommends exceptions, deviations, or waivers to cybersecurity requirements.
Preparing certification letters and Memoranda of Agreement (MoA), Authorization to Connect (ATC) packages, Interconnection Security Agreement (SIA), and Security Impact Assessments with system owners for interface and networking implementations
Support the following responsibilities: security control assessor (SCA) and Security Technical Implementation Guide (STIG) curated to DOD/DAF/USSF baselines, audit standards, and plan of actions and milestones (POAM)
Attend cleared expert threat briefings; have oversight of security program design, incident response plans, cyber risk assessments, and attack surface assessments; investigate security breaches, perform red, blue, purple, ethical hacking, orchestrate vulnerability assessment, develop security protocols, conduct tabletop exercises, and breach readiness reviews
Completes and maintains required cybersecurity certification in accordance with (IAW) AFMAN 17-1303.
Qualification
Required
An active Secret clearance is required for this position
BA or BS degree in engineering, physics, chemistry, mathematics, computer science, network, and telecommunications; information systems, information technology, or computer information systems
Minimum 2 years of continuous Information Systems, Information Assurance/Cybersecurity (IA/CS) experience.
Understanding and working knowledge of Risk Management Framework (RMF) Rev 5 and DODI 8510.01.
2 continuous years of experience with security controls and implementation delineated in Committee of National Security Systems Instruction (CNSSI) 1253, National Institute of Standards and Technology (NIST), Special Publication (SP) 800-53, and the Joint Special Access Program Implementation Guide (JSIG).
2 continuous years of experience with performing vulnerability assessments using Assured Compliance Assessment Solution (ACAS), Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG), the Security Content Automation Protocol (SCAP) Compliance Checker, incorporating automated Benchmarks.
2 continuous years of experience using SolarWinds and Splunk or other network analysis tools.
Extensive experience working with Linux/Unix Command Line Interface and using regular expression queries.
Ability to read and extract Cisco configuration files.
2 continuous years of experience implementing operating systems and network devices security configuration in accordance with Defense Information Systems Agency (DISA) approved Security Technical Implementation Guides.
2 continuous years of experience performing security control continuous monitoring, security audits, risk analysis and developing mitigation strategies for DoD information systems.
Experience identifying Common Criteria and National Information Assurance Partnership (NIAP) certified technologies and the DISA Approved Products List (APL).
Experience working in a military organization in a cybersecurity role with military tactical or enterprise systems.
Possess DoD Approved Baseline Certification as Information Assurance Manager Level II in accordance with DoDM 8140.03. (i.e., CompTIA CASP+, CISSP).
Preferred
Master’s degree in Computer Science/Engineering with emphasis in Cyber Security
5+ years of work experience in Cyber Security
5+ years of work experience in System Engineering Architecture/Design
Linux and Cisco certifications
DoD Space program experience
Security Test and Evaluation (ST&E)
TS/SCI Clearance
Benefits
401K plan with company match
Medical
Dental
Vision
Life insurance
AD&D
Flexible spending account
Disability
Paid time off
Flexible work schedule
At KBR, we deliver science, technology and engineering solutions that are helping governments and companies around the world take on the great challenges of our time.
Glassdoor
4.0
Founded in 1919
Houston, Texas, USA
10001+ employees
https://www.kbr.com
At KBR, we deliver science, technology and engineering solutions that are helping governments and companies around the world take on the great challenges of our time.
