Security Controls Assessor (SCA) Representative

About The Position

Requirements

• An active TS/SCI and eligible for SAP/SAR, which is something only a U.S. citizen can obtain.
• Prior experience as a SAP SCA or SAP SCA Representative.
• Ability to travel 20%-50%.
• 5 years of Linux experience in implementation/principles/administration.
• Strong knowledge of RMF/CSF process activities and related documentation (e.g., life-cycle support plans, concept of operations, and operational procedures) to confirm the level of risk is within acceptable limits.
• Demonstrated ability perform cybersecurity assessments, identify gaps in cybersecurity architecture, and develop a security risk management plan that articulates risk to both technical and non-technical audiences.
• Ability to ensure Body of Evidence (BoE) artifacts such as plans of actions and milestones and cybersecurity plans are in place for vulnerabilities/deficiencies identified during risk assessments, audits, inspections, etc.
• Demonstrated history finding unique mitigations to varied systems’ cybersecurity challenges to assess the effectiveness of security controls.
• Demonstrated technical proficiency in at least two of the following areas of security: communications, networks, embedded systems, software, system testing or assessment, etc.
• Strong written and oral communication skills to support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
• Ability to verify software/network/system security postures are implemented within a DevSecOps process, agile methodology and continuous integration/continuous delivery (CI/CD) pipeline to ensure cybersecurity requirements are included in early during development.
• Demonstrated ability to develop methods to develop methods to monitor and measure risk, compliance, and information assurance efforts.
• Certified Information System Security Professional (CISSP).

Nice To Haves

• Bachelor's Degree in Engineering, Computer Science or other Technology related fields is desired.
• Prior law enforcement, counterintelligence or cyber operation experience is highly desired.
• Certified Cloud Security Professional (CCSP).
• Certified Ethical Hacker (CEH).
• AWS or other cloud technology security certification.

Responsibilities

• Conducts independent comprehensive assessments of the management, operational, and technical security controls, and control enhancements implementation within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST SP 800-37).
• Applies RMF/CSF principles to the development of integrated weapon systems.
• Conducts assessment and authorization (A&A) events to support recommendations to the USSF Special Access Program/Special Access Required (SAP/SAR) Authorizing Official (USSF SAP AO) based on requirements, security impact levels and projected/current operational environment.
• Develops Security Assessment Report to support Authorization to Operate decisions.
• Full-time job with frequent US travel required.

Benefits

• KBR offers a selection of competitive lifestyle benefits which could include 401K plan with company match, medical, dental, vision, life insurance, AD&D, flexible spending account, disability, paid time off, or flexible work schedule.
• We support career advancement through professional training and development.