Cybersecurity Assessment & Authorization (A&A) Engineer Analyst

Title:

Cybersecurity Assessment & Authorization (A&A) Engineer Analyst

Program Summary:

KBR's Product and Technology Solutions Division specializes in rapid prototyping and advanced technology solutions for directed energy, electronic warfare, and security applications. With expertise in electronic warfare systems, critical infrastructure protection, and product R&D, KBR delivers cutting-edge innovations to meet mission-critical needs. Backed by a global presence and a strong ethical framework, KBR collaborates closely with customers to develop secure, effective, and forward-thinking solutions.

Job Summary:

The candidate plays a critical role in the assessment and authorization of existing or new systems. One of the primary responsibilities of this position will be to collaborate with system administrators in assessing the security posture of systems assigned to the candidate throughout the risk management framework (RMF) lifecycle (accreditations, annual reviews, risk assessments, and continuous monitoring activities). The candidate will be essential in interacting with all team members to ensure a comprehensive accreditation package is maintained. This position will require a high degree of self-motivation and organization.

Roles and Responsibilities:

• Perform self-assessments utilizing all applicable tools (ACAS, SCAP, STIGs, SRGs) for technology area assigned (Requires SSBI/T5)
• Interact/collaborate with system owner on remediation activities
• Provide support to system owner on STIG/SRG requirements
• Develop POA&Ms (reason system cannot be remediated, mitigation statements, milestones)
• Work in eMASS (upload self-assessment results, manage assets, create/edit POA&Ms
• Respond to CCB requests for assigned technology area (review requests, assign security testing requirements, document final findings)
• Collaborate to create and maintain authorization documentation
• Provide weekly activity report

Basic Qualifications:

Minimum Security Clearance: Active Secret required. Completed SSBI/T5 investigation (preferred and required to fulfill complete duties)

Certifications: DoD or DoN Cybersecurity Workforce (CSWF) Certification or compliance (DoDD 8140 or SECNAV M-5239)

• Certifications: DoD 8570 Education and Training certification
• DoD Training: Approved DoD Training Courses
• SSCP/CISSP (Highly desirable)

Education/Experience:

• BS degree preferred and 8 years of hands-on experience in Information Technology/Information Assurance. In lieu of degree, 16 years of hands-on experience in Information Technology/Information Assurance.
• Must possess a CompTIA Security + to start work
• OS Certification/Approved Training completed within 180 days of hire

Travel: 10-15%

Preferred Qualifications:

• Ability to work in a team and independently
• Excellent communication skills (verbal and written)
• Excellent project planning and time management skills
• Experience with Word/Excel/Visio
• Global thinker/analyzer with the ability to assimilate a number of inputs into a cohesive output/strategy
• Well versed in Networking products/technologies
• Working knowledge of Database products/technologies such as: MSSQL, MySQL, Oracle
• Experience with all applicable DISA STIGs associated with listed technologies in preceding bullet
• Able to work with network engineers and system administrators to provide sound advice on technologies from a STIG perspective

Experience with RMF package development:

• Excellent technical writing skills and RMF control knowledge (must be able to technically document assigned area of responsibility as it relates to meeting the requirements of the control)
• Experience with developing POA&Ms (must be able to technically document mitigation strategies and milestones for findings associated with assigned area of responsibility)
• Experience with PPSM (must be able to utilize available information [ACAS scans, CCB forms, etc.] to evaluate and determine appropriateness of required ports/protocols/services for systems assigned)
• Experience with eMASS (must be able to utilize all functions of eMASS including: uploading test results, handling false positives, POA&M creation/management, control review/testing)
• Experience with ACAS (must be able to create/run/review scans, download and import to eMASS, create, and run reports)

Belong, Connect and Grow at KBR

At KBR, we are passionate about our people and our Zero Harm culture. These inform all that we do and are at the heart of our commitment to, and ongoing journey toward being a People First company. That commitment is central to our team of team's philosophy and fosters an environment where everyone can Belong, Connect and Grow. We Deliver - Together.

KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.