Job Description:
Ready for What’s Next? Kratos Defense & Security Solutions develops and fields transformative, affordable technology, platforms, and systems for United States National Security related customers, allies, and commercial enterprises. We proactively build trusted relationships with our peers, partners and customers, and take ownership for our actions-always striving to do the right thing.
Do you want to work with the most amazing cloud service providers in the tech space? As a Security Consultant of Commercial Cybersecurity Services for Kratos, you will be supporting teams of professionals working to evaluate and secure innovative cloud computing solutions on the most advanced cloud and on-premises infrastructures, by providing security consulting services and performing security assessments. The ideal candidate will have a firm understanding of how to apply the principles of information security in a variety of circumstances and security requirements into common technical implementations. Candidates must have experience working in classified environments. Must have previously performed assessment work based on Federal Risk and Authorization Management Program (FedRAMP) assessments, Department of Defense (DoD) Cloud Service Provider (CSP) Security Requirements Guide, and/or National Institute of Standards and Technology (NIST) Special Publications and frameworks.
Key Responsibilities:

Assessor Role

• Support teams in the review and analysis of Security Packages for completeness and compliance with FedRAMP/DoD/NIST requirements.
• Assist in the development of Security Assessment Plans (SAP), Security Assessment Reports (SAR), and security briefings.
• Validate Cloud Service Provider (CSP) compliance with FedRAMP/DoD/NIST security control baselines through review of evidence, testing, interviews, and analysis of scans, etc.
• Familiarity with SSP, SAP, SAR, Plan of Action and Milestones (POA&M) Report, Deviation Requests, Significant Change Requests, Continuous Monitoring artifacts is required.
• Conduct client interviews to assess the technical and operational effectiveness of security control implementations.
• Assess existing security environments to validate that security implementations remain up to date throughout the life cycle of a system or environment.
• Review security documentation and document thorough description of assessment results as part of security testing for assessments.
• Understand and have the ability to direct engineers to demonstrate technical security implementations using common Infrastructure as a Service (IaaS) security services.

Experience and Skills:

• At least 2 years of experience supporting cybersecurity assessments
• Related industry certification (e.g., CompTIA, ISACA, ISC2)
• Adjudicated Top-Secret (TS) clearance with Sensitive Compartmented Information (SCI)
• Current, or ability to obtain AWS Certified Cloud Practitioner (CCP) prior to contract start

PREFERRED SKILLS AND EXPERIENCE

• In-depth knowledge of GCP, AWS and/or Azure IaaS capabilities and services
• Experience working with within eMASS and/or Xacta.
• Experience with DoD CSP SRG guidance, CNSSP 32 and CNSSI 1253
• FedRAMP Assessment Experience
• Active TS/SCI Counterintelligence (CI) Polygraph

• Support teams in the review and analysis of Security Packages for completeness and compliance with FedRAMP/DoD/NIST requirements.
• Assist in the development of Security Assessment Plans (SAP), Security Assessment Reports (SAR), and security briefings.
• Validate Cloud Service Provider (CSP) compliance with FedRAMP/DoD/NIST security control baselines through review of evidence, testing, interviews, and analysis of scans, etc.
• Familiarity with SSP, SAP, SAR, Plan of Action and Milestones (POA&M) Report, Deviation Requests, Significant Change Requests, Continuous Monitoring artifacts is required.
• Conduct client interviews to assess the technical and operational effectiveness of security control implementations.
• Assess existing security environments to validate that security implementations remain up to date throughout the life cycle of a system or environment.
• Review security documentation and document thorough description of assessment results as part of security testing for assessments.
• Understand and have the ability to direct engineers to demonstrate technical security implementations using common Infrastructure as a Service (IaaS) security services