Title:
Technical Professional (IT Information Assurance)
POSITION IS CONTINGENT UPON CONTRACT FUNDING
KBR has an opening for a Technical Professional – IT Information Assurance to join our team of qualified, diverse individuals onsite at NBVC Point Mugu, CA This position requires on site presence. Remote or Tele-Work is not available.
Roles and Responsibilities:
Serves as an Information Systems Security Officer (ISSO) for Government information systems in support of a Program Management Activity (PMA).
Performs extensive assessments of systems and networks within the networking environment or enclave and identify where those systems/networks deviate from acceptable configurations, enclave policy, or local policy; Candidate will achieve this through passive evaluations (compliance audits) and active evaluations (vulnerability assessments).
Establish strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems; This includes process support, analysis support, coordination support, security certification test support, security documentation support, investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits.
Assists in the implementation of the required government policy (i.e., RMF, NISPOM, JSIG) and makes recommendations on process tailoring.
Performs extensive analyses to validate established security requirements and to recommends additional security requirements and safeguards.
Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports.
Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed.
Functional Job Description:
Implement Risk Management Framework (RMF) in accordance with NIST SP 800, Joint Special Access Program Implementation Guide (JSIG).
Participates in the development and maintenance of system security plans and contingency plans for all systems under their responsibility.
Draft, maintain, Planned, System Security Checklists, Privacy Impact Assessments, POA&M, and Authority to Operate (ATO) artifacts.
Develop Plan of Action and Milestones (POA&M) for identified vulnerabilities and ensure compliance through monthly / quarterly updates.
Maintain inventory of all information Security System assigned.
Develop a variety of Assessment & Authorization deliverables including; System Security Plan (SSP), Security Assessment Report (SAR), Contingency Plan (CP) and POA&M for review and approval for Authorization Official
Monitor and conduct Security Control Assessment to ensure all controls meet security requirements as stipulated in the SSP, NIST SP 800-53, JSIG.
Effectively communicate Technical Information to non-technical personnel
Coordinate with Leadership across the organization to ensure timely compliance.
Develop Waivers and exceptions for information system vulnerabilities.
Basic Qualifications:
Master’s degree in computer and architecture information systems management or related field from an accredited college or university or equivalent experience is required. OR
Twelve (12) or more years of combined experience performing duties as described. OR
Bachelor’s degree and an additional four (4) years of relevant experience may be substituted for a master’s degree. OR
Associate’s degree and an additional eight (8) years of relevant experience may be substituted for a Master’s Degree
Two (2) years of experience with mid-sized client/server systems in systems analysis, software design, software development, and system administration is required.
Experience with DoD M5205.07 Series, Risk Management Framework (RMF) and Joint SAP Implementation Guide (JSIG) requirements is required.
Knowledge of quality assurance, quality control, and independent verification and validation techniques is required.
Experience working independently and as part of a team in researching data, developing analytical techniques and methodologies is required.
Experience with managing secure Information Systems (IS) and databases while implementing and maintaining cross-domain solutions is required.
A current Information Assurance Manager (IAM) Level I certification in accordance with DoD 8570.01-M, or the ability to gain the IAM Level I certification within six months is required.
Applicant selected may be subject to a government security investigation and must meet eligibility requirements for access to classified information.
A current Secret Clearance is required.
Contract requirements regarding education and experience will prevail.
KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.