Information Systems Security Engineer

About The Position

Requirements

• Bachelor’s Degree and fifteen (15) years of experience with Cybersecurity / Information Technology, or in lieu of a degree eighteen (18) years of hands-on experience with Cybersecurity / Information Technology Contract requirements regarding education and experience will prevail.
• An active TS/SCI clearance is required
• Must have experience working with Special Access Programs (SAPs)
• DoD 8570-compliant
• Demonstrated expert-level experience with Risk Management Framework RMF policy development, process improvement, and strategy implementation
• Demonstrated expert-level experience with DISA STIGs and SRGs
• Demonstrated efficiency and expert-level experience in RMF package development, including POA&Ms (mitigation statements), Security Plans, Risk Assessments, architecture diagrams, asset inventories, and system/site policies, procedures, and processes
• Experience with Assured Compliance Assessment Solution (ACAS)
• Experience in assessing systems using NIST 800-53, DISA STIGs/SRGs, and ACAS
• Deep familiarity and experience with the DoD tool eMASS
• Experience working within DoD (experience under DHA a plus)
• Excellent customer service and organization skills
• Excellent oral and written communication skills
• Familiarity with NIST publications

Nice To Haves

• Experience working under DHA
• Experience with HBSS
• Knowledge in Continuous Monitoring and Risk Scoring (CMRS)
• Experience with Fortify, WebInspect, and/or AppDetective

Responsibilities

• Support team in a Senior ISSE capacity for multiple information systems
• Serve as Subject Matter Expert (SME) on one or more technologies/skills related to A&A activities
• Conduct risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs
• Provide solutions to complex problems that require the regular use of expertise and creativity. Problems are broadly defined and solutions require the continuation of specialized theories and knowledge
• Actively lead and participate in regular A&A status meetings with senior government and contract personnel to facilitate progress and address potential issues of RMF system efforts
• Participate in sessions aimed at identifying, planning, and executing strategies in response to emerging cybersecurity/RMF policies
• Maintain awareness and knowledge of evolving security and risk management standards and communicate and apply relevant changes to existing processes
• Lead and/or attend meetings with SDD stakeholders to discuss statuses of efforts
• Assess system compliance against NIST, DoD, and DHA security requirements to include the NIST 800-53 controls, DISA Security Technical Implementation Guides (STIGs), and DISA Security Requirements Guides (SRGs)
• Produce evidence as necessary to support compliance status of NIST, DoD, and DHA security requirements
• Analyze vulnerability scans of information systems and assist in remediation tasks
• Submit weekly reports to DHA leadership regarding system/program status
• Develop, update, and/or review RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports
• Coordinate with other system SMEs to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories

Benefits

• KBR offers a selection of competitive lifestyle benefits which could include 401K plan with company match, medical, dental, vision, life insurance, AD&D, flexible spending account, disability, paid time off, or flexible work schedule.
• We support career advancement through professional training and development.