Cybersecurity Assessment & Authorization (A&A) Engineer/Analyst

Title:

Belong, Connect, Grow, with KBR!

KBR's Defense Systems Engineering business unit is seeking to hire a Cybersecurity Assessment & Authorization Engineer/Analyst to join our Critical Infrastructure Protection (CIP) Operating Unit. CIP provides expertise in the design, installation, and maintenance of Electronic Security Systems (ESS) and Utilities/Control Systems for the DoD, FAA, and Federal Law Enforcement.

Position Description: The candidate plays a critical role in the assessment and authorization of existing or new systems. One of the primary responsibilities of this position will be to collaborate with system administrators in assessing the security posture of systems assigned to the candidate throughout the risk management framework (RMF) lifecycle (accreditations, annual reviews, risk assessments, and continuous monitoring activities). The candidate will be essential in interacting with all team members to ensure a comprehensive accreditation package is maintained.  This position will require a high degree of self-motivation and organization.

Position Requirements and Duties:

• Perform self-assessments utilizing all applicable tools (ACAS, SCAP, STIGs, SRGs) for technology area assigned (Requires SSBI/T5)
• Interact/collaborate with system owner on remediation activities
• Provide support to system owner on STIG/SRG requirements
• Develop POA&Ms (reason system cannot be remediated, mitigation statements, milestones)
• Work in eMASS (upload self-assessment results, manage assets, create/edit POA&Ms
• Respond to CCB requests for assigned technology area (review requests, assign security testing requirements, document final findings)
• Collaborate to create and maintain authorization documentation
• Provide weekly activity report

Minimum Security Clearance:   Active Secret required. Completed SSBI/T5 investigation (preferred and required to fulfill complete duties)

Certifications:

DoD or DoN Cybersecurity Workforce (CSWF) Certification or compliance (DoDD 8140 or SECNAV M-5239)

• Certifications: DoD 8570 Education and Training certification
• DoD Training: Approved DoD Training Courses

Highly Desirable:

• SSCP/CISSP

Qualifications:

• BS degree preferred and 8 years of hands-on experience in Information Technology/Information Assurance. In lieu of degree, 16 years of hands-on experience in Information Technology/Information Assurance.
• Travel: 10-15%
• Must possess a CompTIA Security + to start work 
• OS Certification/Approved Training completed within 180 days of hire

Required Skills:

• Ability to work in a team and independently
• Excellent communication skills (verbal and written)
• Excellent project planning and time management skills
• Experience with Word/Excel/Visio
• Global thinker/analyzer with the ability to assimilate a number of inputs into a cohesive output/strategy
• Well versed in Networking products/technologies
• Working knowledge of Database products/technologies such as: MSSQL, MySQL, Oracle
• Experience with all applicable DISA STIGs associated with listed technologies in preceding bullet
• Able to work with network engineers and system administrators to provide sound advice on technologies from a STIG perspective

Experience with RMF package development:

• Excellent technical writing skills and RMF control knowledge (must be able to technically document assigned area of responsibility as it relates to meeting the requirements of the control)
• Experience with developing POA&Ms (must be able to technically document mitigation strategies and milestones for findings associated with assigned area of responsibility)
• Experience with PPSM (must be able to utilize available information [ACAS scans, CCB forms, etc.] to evaluate and determine appropriateness of required ports/protocols/services for systems assigned)
• Experience with eMASS (must be able to utilize all functions of eMASS including: uploading test results, handling false positives, POA&M creation/management, control review/testing)
• Experience with ACAS (must be able to create/run/review scans, download and import to eMASS, create, and run reports)

INCLUSION AND DIVERSITY AT KBR

At KBR, we are passionate about our people, sustainability, and our Zero Harm culture.

These inform all that we do and are at the heart of our commitment to, and ongoing journey toward being a more inclusive and diverse company. That commitment is central to our team of team’s philosophy and fosters an environment of real collaboration across cultures and locations. Our individual differences and perspectives bring enhanced value to our teams and help us develop solutions for the most challenging problems. We understand that by embracing those differences and working together, we are more innovative, more resilient, and safer.

KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.