Job Descriptions:
Readiness Delivered. Kratos is a leader in assured aerospace communication solutions and services. We are cutting-edge innovators and creative problem solvers working collaboratively to solve our customers' toughest challenges. Our culture is fast-paced and innovative. We are a trusted partner-driven by doing the right thing and achieving maximum success for our customers, our partners and ourselves. Kratos has an opportunity, in Colorado Springs, CO, for an ISSO to support the Information Assurance (IA) development and sustainment of assigned systems and to serve as a security support element for technical teams. This is accomplished in compliance with CMMC and Risk Management Framework (RMF) policies and procedures, including the development of System Security Plans (SSP), Risk Assessment Reports (RAR), Plans of Action and Milestones (POA&M), and Security Control Traceability Matrices (SCTM). The ISSO maintains the operational security posture to ensure that security policies, standards, and procedures are followed throughout the system lifecycle. Additionally, the ISSO supports vulnerability and risk assessment analysis to achieve and sustain Authorization to Operate (ATO) and ensures information system security requirements are integrated into configuration management for software, hardware, and firmware.
This position is based on multiple DoD Directives; including DoD 5205.07 volumes 1-4; DoDD 5205.02E; DoDI 5025.01, 5205.11, 5200.39, 5220.22, DoDM 3305.13; DoD 8140 series; Intelligence Community Directive Series 500/600/700; NIST 800 series special publications; Executive Orders 13556 and 13636, the Joint Special Access Program Implementation Guide Rev 4, and DISA Security Technical Implementation Guides.
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. U.S. citizenship is required. Travel to customer sites and other program locations may be required.
Primary Responsibilities:
Perform security assessments such as vulnerability and compliance assessments, threat analysis, security code reviews, and risk assessments to identify potential design and implementation vulnerabilities.
Participate in regular security self-inspections and audits.
Assist with the selection and implementation of security controls and features for systems and applications.
Identify new security features and recommend updates to existing products to ensure security is maintained throughout the product lifecycle.
Perform security assessments on new and proposed products and technologies to ensure secure integration into the approved baseline.
Provide product security engineering support and recommendations used to resolve integration and testing issues.
Create and refine standard RMF Body-of-Evidence artifacts.
Maintain a standardized set of security product requirements and produce metrics to report performance against those requirements.
Review and define security diagnostics and tools to facilitate the analysis and reporting of security events.
Assist other teams with mitigating security risks, responding to product security incidents, and product security related issues.
Participate in security architecture and design review meetings.
Required Experience:
7+ years technical experience in cybersecurity or information technology with focus on cybersecurity implementations.
Must meet position and certification requirements for the following DoW Cyberspace Workforce Role Code(s) and Proficiency Level(s):
722 - Information Systems Security Manager (Proficiency Level: Advanced)
462 - (Control Systems Security Specialist) (Proficiency Level: Advanced)
541 - Vulnerability Assessment Analyst (Proficiency level: Advanced)
Firm understanding of the DoD 8500.1-M, DoDM 5205.07, Volume 1, Joint SAP Implementation Guide (JSIG), National Institute of Standards and Technology (NIST) Special Publication 800-53, Intelligence Community Directive (ICD) Number 503.
Experience with eMASS, XACTA, or equivalent RMF tools.
Experience with both Vulnerability and Compliance scanning tools (ACAS, Nessus Professional, SCC, Evaluate-STIG).
Experience with system security logs and associated Security Information and Event Management (SIEM) tools (Splunk, ELK stack).
Ability to work well independently as well as follow detailed instructions for completing tasks
Demonstrated ability to complete tasks, drive projects to closure, assimilate and correlate project information in a fast-paced environment with minimum guidance
Experience with both Linux- and Windows-based operating systems
Must be a team player and be able to work within all levels of a project team
Excellent time management, scheduling, and organizational skills
Demonstrated ability to shift from one project to another in a dynamic, agile work environment
Excellent oral and written communication skills and ability to clearly translate client technical needs into technical specifications
Ability to communicate technical approaches and details within small project teams, including team interactions and presentations
Familiarity with security procedures while working in a SCIF/SAPF environment
Preferred Skills and Experience
Collaboratively build teams through excellent interpersonal and communication skills
Operate independently and take initiative
Cloud security experience
Interpreting and applying cybersecurity policy down to security control implementation on weapon systems
#LI-Onsite
The grade-based pay range for this job is listed below. Individual salaries within that range are determined through a wide variety of factors including but not limited to education, experience, knowledge, and skills.
Competitive salary based on experience and education Salary Range: $89,000-$125,000
Kratos is valued for our ability to design and deliver leading edge, resilient solutions for aerospace communication, control, awareness and mission success across a continuum of offerings-from commercial to tailored custom solutions and integrated programs. Customers trust us to stay relevant and know we are in it for the long-haul. We bring both the capability and confidence that our customers value and depend on. And we always deliver.
This posting will close within 90 days from the Posting Date.
Keyword: , system hardening, STIGs, ACAS, vulnerability management, configuration management, incident response, security architecture, network security, cloud security, Linux security, Windows security, SSP
Kratos Defense is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, pregnancy, genetic information, disability, status as a protected veteran, or any other protected category under applicable federal, state, and local laws.
Disability Accessibility Accommodation
If you require an accommodation to navigate or apply to our careers site, please send your request to HRAccessibility@kratosdefense.com or call 858-964-2916. Any inquires not related to requesting an accommodation will be discarded.
Pay Transparency
The company will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant.
Job Applicant Privacy Notice
For applicants in the EU and California residents, please review our privacy notice.
From: Kratos Defense
