Title:Cybersecurity RMF Analyst
Job Summary:KBR is seeking candidates with cloud-based cybersecurity experience and Risk Management Framework (RMF) experience to join a team supporting the NIWC. **Note: This position is fully remote, but candidate must be available for EST conference calls and able to travel (up to 20%) as required by the customer and project leads.
The selected candidate will serve in RMF validator and analyst roles performing tasks related to Assessment & Authorization (A&A) and cybersecurity to prepare for Authorizations to Operate (ATOs) for assigned DoW systems (i.e., cloud-based applications, services, and networks). This position will be part of a team that will also develop documentation and cybersecurity guidance related to cloud-based technologies.
Roles and Responsibilities:- Assess cybersecurity standards and practices of cloud-based systems against FedRAMP, DoW, and DHA requirements
- Document cybersecurity posture in support of the RMF process
- Facilitate movement of multiple information systems through the RMF process and maintain accreditations through continuous monitoring and annual reviews
- Provide solutions to complex problems that require the regular use of expertise and creativity. Problems are broadly defined and solutions require the continuation of specialized theories and knowledge
- Serve as Subject Matter Expert (SME) on one or more technologies/skills related to A&A activities and documentation.
- Participate in sessions aimed at identifying, planning, and executing strategies in response to emerging cybersecurity/RMF policies
- Maintain awareness and knowledge of evolving security and risk management standards and communicate and apply relevant changes to existing processes
- Develop, update, and/or review RMF documentation to include IV&V results, Risk Assessment Reports, and POA&M development.
- Develop, update, and/or review cybersecurity documentation for the use of cloud native services such as those offered by Microsoft, Amazon, Oracle, and Google
- Assess system compliance against NIST, DoW, and DHA security requirements to include the NIST 800-53 controls, and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
- Produce evidence as necessary to support compliance status of NIST, and DoW.
- Review and assess authorization boundary diagrams, service architecture diagrams, data flow diagrams, hardware and software inventories
- Analyze vulnerability scans of information systems
- Excellent customer service and organization skills
- Excellent oral and written communication skills
Basic Qualifications:- Bachelor's Degree and ten (10) years of experience with Cybersecurity / Information Technology, or eighteen (18) years of hands-on experience with Cybersecurity / Information Technology in lieu of degree.
- Active DoW Secret security clearance
- DoW 8570-compliant certification
- Demonstrated experience assessing, managing, engineering, or architecting cloud technologies from major vendors such as Microsoft, Amazon, or Google
- A cloud related certification such as Google Certified Professional Cloud Architect, Microsoft Azure Fundamentals, AWS Certified SysOps Administrator, or ServiceNow Certified Administrator
- Experience with Risk Management Framework
- Experience in RMF package review, including POA&Ms (mitigation statements), Security Plans, Risk Assessments, architecture diagrams, hardware/software inventories, and system/site policies, procedures, and processes
- Experience working within DoW
- Experience in assessing systems using NIST 800-53 and/or DISA STIGs and SRGs
Preferred Qualifications:- Experience working with DoW or DoN RMF processes or IT systems
- Experience with FedRAMP
- Familiarity and experience with the eMASS
- Technical experience with network, database, containers, AI, or DevOps technologies
Compensation: $129,300.00 - $194,000.00. The salary range posted is based on the national average. The offered rate will be based on the selected candidate's location, knowledge, skills, abilities, and/or experience, contract affordability, and in consideration of internal parity.
Benefits:KBR offers a selection of competitive lifestyle benefits which could include a 401K plan with company match, medical, dental, vision, life insurance, AD&D, flexible spending account, disability, paid time off, or flexible work schedule. We support career advancement through professional training and development.
