Job Descriptions:Ready for What's Next? Kratos is a leader in assured aerospace communication solutions and services. We are cutting-edge innovators and creative problem solvers working collaboratively to solve our customers’ toughest challenges. Our culture is fast-paced and innovative. We are a trusted partner—driven by doing the right thing and achieving maximum success for our customers, our partners and ourselves. Do you take information technology (IT) and information security seriously and want to make a difference? Helping leading-edge technology companies secure their cloud environments is at the core of what we do, and we make a difference. As a Security Consultant of Commercial Cybersecurity Services for Kratos, you will be supporting teams of professionals working to evaluate and secure innovative cloud computing solutions on the most advanced cloud and on-premises infrastructures, by providing security consulting services and performing security assessments. The ideal candidate will have a firm understanding of how to apply the principles of information security in a variety of circumstances and security requirements into common technical implementations. Must have previously worked on Federal Risk and Authorization Management Program (FedRAMP) assessments. While not required, experience working with other frameworks and publications, such as Department of Defense (DoD) Cloud Computing Security Requirements Guide, National Institute of Standards and Technology (NIST) Publications, Cybersecurity Maturity Model Certification (CMMC), PCI, etc.) is highly desirable. Key Responsibilities: Assessor Role
Support teams in the review and analysis of Security Packages for completeness and compliance with FedRAMP requirements.
Assist in the development of Security Assessment Plans (SAP), Security Assessment Reports (SAR), and security briefings.
Validate Cloud Service Provider (CSP) compliance with FedRAMP security control baselines through review of evidence, testing, interviews, and analysis of scans, etc. Familiarity with SSP, SAP, SAR, Plan of Action and Milestones (POA&M) Report, Deviation Requests, Significant Change Requests, Continuous Monitoring artifacts is required.
Conduct client interviews to assess the technical and operational effectiveness of security control implementations.
Assess existing security environments to validate that security implementations remain up to date throughout the life cycle of a system or environment.
Review security documentation and document ATPs as part of security testing for assessments. Security documentation includes but is not limited to: System Security Plans, Contingency Plans, Configuration Management Plans, Incident Response Plans, Privacy Impact Assessments, security policies and procedures.
Document security control implementations via Assessment Test Procedures (ATP) that appropriately reflect testing methodologies and evidence used to determine security implementation effectiveness.
Required Experience:
Minimum Five (5) years of cybersecurity experience.
Required certification(s): Certified Information System Security Professional (CISSP), and have at least one other industry certification from the following list:
CompTIA Advanced Security Practitioner (CASP+) Continuing Education (CE)
GIAC Certified Enterprise Defender (GCED)
GIAC Certified Incident Handler (GCIH)
GIAC Security Leadership (GSLC)
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Certified Cloud Security Professional (CCSP)
CISSP-Information Systems Security Architecture Professional (CISSP-ISSAP)
CISSP-Information Systems Security Engineering Professional (CISSP-ISSEP)
CISSP-Information Systems Security Management Professional (CISSP-ISSMP)
CyberSec First Responder (CFR)
Certified Chief Information Security Officer (CCISO).
Working knowledge of the FedRAMP process.
Ability and willingness to learn and support other security compliance frameworks (e.g., CMMC, HITRUST).
Ability to successfully pass security framework certification requirements.
Sufficient technical knowledge and understanding of cloud solutions, architecture, networks, protocols, cryptography, and identity and access management, at a minimum.
Excellent interpersonal and communication skills, both written and verbal.
Ability to translate technical materials and issues into non-technical/layman terms.
#LI-RemoteCompetitive salary based on experience and education Salary Range: $140,000-$150,000Kratos is valued for our ability to design and deliver leading edge, resilient solutions for aerospace communication, control, awareness and mission success across a continuum of offerings—from commercial to tailored custom solutions and integrated programs. Customers trust us to stay relevant and know we are in it for the long-haul. We bring both the capability and confidence that our customers value and depend on. And, we always deliver.Keyword: FedRAMP, 3PAO, FISMA, Compliance, Assessment and Authorization, Provisional Authorization, FedRAMP JAB, NIST 800-53, DoD CC SRG, Security Assessment Report, Assessment Test ProceduresKratos Defense is an Equal Opportunity Affirmative Action Employer. EOE, Minorities, Females, Vet, Disabled, Sexual Orientation, Gender Identity or any other protected class.All qualified job seekers are encouraged to apply. Kratos Defense is committed to America's veterans by providing opportunities for them to continue contributing after service to our nation. We also work to provide reasonable accommodations to individuals with disabilities.EEO Is The Law (http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf) Disability Accessibility AccommodationIf you require an accommodation to navigate or apply to our careers site, please send your request to HRAccessibility@kratosdefense.com or call 858-964-2916. Any inquires not related to requesting an accommodation will be discarded. Pay TransparencyThe company will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Job Applicant Privacy NoticeFor applicants in the EU and California residents, please review our privacy notice.From: Kratos Defense
Full-time