KBRwyle Sr. Information System Security Analyst in Norfolk, Virginia
Sr. Information System Security Analyst
JOIN A WINNING TEAM!
KBRWwyle is a global government services organization delivering full life cycle professional and technical services from over 60 U.S. and 40 international locations. Our core capabilities include logistics, engineering, science, IT, cyber and security services. We offer challenging assignments on some of the world's largest and most complex projects where our customers have come to value us, because they know, We Deliver!
This position will support Commander, Navy Installations Command (CNIC) process and procedure development, that are broad and complex in nature, requiring originality and ingenuity.
The position acts as a primary liaison with CNIC for assessment and authorization (A&A) efforts. Conducts cybersecurity analysis in preparation for assessment and authorization. Covers technical information security aspects including, but not limited to, identifying risks, providing mitigation plan of action, analyzing system designs, assisting with assessment and authorization issues that may be preventing a system from receiving authorization, and developing custom mitigation solutions for information system vulnerabilities.Key areas of responsibility:
Assessment and Authorization –
Identifies key stakeholders in the assessment and authorization effort for medical systems and networks and works with them to confirm that the system documentation reflects the current security configuration of the system, in terms of hardware and software components, data flow, interconnections, and ports, protocols, and services
Identifies potential risks associated with the configuration of the system and appropriate mitigation strategies
Conducts status meetings and determines next steps in moving the systems toward a successful accreditation effort
Works with the cybersecurity team to develop and implement the detailed test plan and review findings from self-assessment to determine readiness for independent assessment
Conducts manual checks of the systems during independent testing and reports them in a plan of action and milestones (POA&M) document
Uses the automated tools to capture and report test results
Assists the system owners and system SAs in interpreting and applying mitigation strategies
Independent Validation and Verification (IV&V) –
Conducts in-depth analysis of IV&V and functional/operational test results for accuracy, compliance, and adherence to DoD and Federal cybersecurity technical and operational security requirements
Documents residual risks by conducting a thorough review of all the vulnerabilities, architecture, and defense in depth and provides the cybersecurity risk analysis and mitigation determination results for the Test Report
Assists the Validator with producing the risk assessment artifacts describing residual risks identified during certification testing
Schedules and conducts eMASS training for CNIC and Program Office personnel
Develops/maintains agency level cybersecurity policy and processes that implement DoD Cybersecurity program
Has an expert knowledge of NIST publications and is able to work strategically on transition of DIACAP to RMF
Has knowledge of DISA STIGs/FDCC requirements, defense-in-depth, and other information security and assurance principles and associated supporting technologies
Risk Assessment –
Communicates the security posture of systems up the chain of command via CSTAR and eMASS so that accreditation decisions can be made based on a thorough understanding of the risks associated with the particular configuration of systems and networks
Identifies strategies for improving the assessment and authorization processes and procedures to meet increasingly tight timelines and budgets
BA/BS in Information Systems Management, Computer Science or related discipline plus 15 years of experience. In lieu of formal education, at least 18 years of related experience. Specific contract requirements regarding education and experience will prevail.
Must have CompTIA Security to start work
Travel: 30-50% domestic and international locations
DIACAP and RMF experience preferred
Experience with Accreditation package management in eMASS preferred
Excellent customer service and organization skills
Excellent oral and written communication skills
Health & Wellness benefits
Inclusive, flexible and supportive culture
Ongoing training and development opportunities
For questions about this position, please contact firstname.lastname@example.org
KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.
Job: Information Technology
Primary Location: US-US-VA-Norfolk
Other Locations: US-US-DC-Washington
Req ID: 1054162