KBR Cyber Assessment & Authorization (A&A) Engineer/Analyst 4 in Charleston, South Carolina
Cyber Assessment & Authorization (A&A) Engineer/Analyst 4
Position Description : The candidate plays a critical role in the assessment and authorization of existing or new systems. One of the primary responsibilities of this position will be to collaborate with system administrators in assessing the security posture of systems assigned to the candidate throughout the risk management framework (RMF) lifecycle (accreditations, annual reviews, risk assessments, and continuous monitoring activities). The candidate will be essential in interacting with all team members to ensure a comprehensive accreditation package is maintained. This position will require a high degree of self-motivation and organization.
Position Requirements and Duties :
Perform self-assessments utilizing all applicable tools (ACAS, SCAP, STIGs, SRGs) for technology area assigned (Requires SSBI/T5)
Interact/collaborate with system owner on remediation activities
Provide support to system owner on STIG/SRG requirements
Develop POA&Ms (reason system cannot be remediated, mitigation statements, milestones)
Work in eMASS (upload self-assessment results, manage assets, create/edit POA&Ms
Respond to CCB requests for assigned technology area (review requests, assign security testing requirements, document final findings)
Collaborate to create and maintain authorization documentation
Provide weekly activity report
BS degree and ten (10) years of experience with Information Technology/Information Assurance or fifteen (15) years of hands-on experience with Information Technology/Information Assurance.
Willing to Travel: 30-35%
Must possess a CompTIA Security + to start work
OS Certification/Approved Training completed within 180 days of hire
Clearance: Active Secret clearance required.
DoD or DoN Cybersecurity Workforce (CSWF) Certification or compliance (DoDD 8140 or SECNAV M-5239)
Certifications: DoD 8570 Education and Training certification
DoD Training: Approved DoD Training Courses
CCNA or above
Ability to work in a team or independently
Excellent communication skills (verbal/written)
Excellent project planning/ time management skills
Experience with Word/Excel/Visio
Global thinker/analyzer with the ability to assimilate a number of inputs into a cohesive output/strategy
Well versed in Networking products/technologies such as: routing and routing protocols, L2/L3 switching, firewalls, IPS/IDS, AAA, Remote Access, VPN (IPsec/SSL/GETVPN/LISP)
Experience with all applicable DISA STIGs associated with listed technologies in preceding bullet
Able to work with network engineers and system administrators to provide sound advice on technologies from a STIG perspective
Experience with RMF package development:
Excellent technical writing skills and RMF control knowledge (must be able to technically document assigned area of responsibility as it relates to meeting the requirements of the control)
Experience with developing POA&Ms (must be able to technically document mitigation strategies and milestones for findings associated with assigned area of responsibility)
Experience with PPSM (must be able to utilize available information [ACAS scans, CCB forms, etc.] to evaluate and determine appropriateness of required ports/protocols/services for systems assigned)
Experience with eMASS (must be able to utilize all functions of eMASS including: uploading test results, handling false positives, POA&M creation/management, control review/testing)
Experience with ACAS (must be able to create/run/review scans, download and import to eMASS, create and run reports)
Scheduled Weekly Hours:
KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.
KBR is a global provider of differentiated professional services and solutions across the asset and program life cycle within the government services and technology sectors. KBR employs approximately 28,000 people worldwide with customers in more than 80 countries and operations in 40 countries.
KBR is proud to work with customers across the globe to provide technology, value-added services, and long- term operations and maintenance services to ensure consistent delivery with predictable results. At KBR, We Deliver.
Attempts to commit fraud against individuals has infiltrated the job placement market both on the internet and through direct phone or email contact. Such attempts have on occasion, included the unauthorized use of KBR’s name and logo to solicit potential job seekers for employment or to extend fraudulent job offers. Bad actors may place advertisements for fake positions mixed with legitimate job postings, with false contact instructions for expressing interest of obtaining additional information. These misrepresentations typically include promises of high-paying jobs with the requirement that job seekers send sensitive personal information or money to pay for things such as visa applications or processing fees.
Please be advised that KBR will never ask a potential job seeker for any sort of advance payment as part of the recruiting or hiring process, and candidate profiles are carefully managed to protect personal information.