Posted today
Secret
Unspecified
Unspecified
Herndon, VA (On-Site/Office)
Job Description
Readiness Delivered. Kratos develops and fields transformative, affordable technology, platforms, and systems for United States National Security-related customers, allies, and commercial enterprises. We proactively build trusted relationships with our peers, partners, and customers, and take ownership of our actions-always striving to do the right thing. As Skillbridge FedRAMP Fellow for Kratos, you will be learning and supporting teams of professionals working to evaluate and secure innovative cloud computing solutions on the most advanced cloud and on-premises infrastructures, by providing security consulting services and performing security assessments. The ideal candidate will have an understanding of how to apply the principles of information security in a variety of circumstances and security requirements into common technical implementations. While not required, experience working with other frameworks and publications, such as Department of Defense (DoD) Cloud Computing Security Requirements Guide, National Institute of Standards and Technology (NIST) Publications, etc.) is highly desirable.
Key Responsibilities:
Assessor Role
Experience and Skills
Preferred Skills/Experience:
Job Benefits
Readiness Delivered. Kratos develops and fields transformative, affordable technology, platforms, and systems for United States National Security-related customers, allies, and commercial enterprises. We proactively build trusted relationships with our peers, partners, and customers, and take ownership of our actions-always striving to do the right thing. As Skillbridge FedRAMP Fellow for Kratos, you will be learning and supporting teams of professionals working to evaluate and secure innovative cloud computing solutions on the most advanced cloud and on-premises infrastructures, by providing security consulting services and performing security assessments. The ideal candidate will have an understanding of how to apply the principles of information security in a variety of circumstances and security requirements into common technical implementations. While not required, experience working with other frameworks and publications, such as Department of Defense (DoD) Cloud Computing Security Requirements Guide, National Institute of Standards and Technology (NIST) Publications, etc.) is highly desirable.
Key Responsibilities:
Assessor Role
- Support teams in the review and analysis of Security Packages for completeness and compliance with FedRAMP requirements.
- Assist in the development of Security Assessment Plans (SAP), Security Assessment Reports (SAR), and security briefings.
- Validate Cloud Service Provider (CSP) compliance with FedRAMP security control baselines through review of evidence, testing, interviews, and analysis of scans, etc. Familiarity with SSP, SAP, SAR, Plan of Action and Milestones (POA&M) Report, Deviation Requests, Significant Change Requests, Continuous Monitoring artifacts is required.
- Conduct client interviews to assess the technical and operational effectiveness of security control implementations.
- Assess existing security environments to validate that security implementations remain up to date throughout the life cycle of a system or environment.
- Review security documentation and document ATPs as part of security testing for assessments. Security documentation includes but is not limited to: System Security Plans, Contingency Plans, Configuration Management Plans, Incident Response Plans, Privacy Impact Assessments, security policies and procedures.
- Document security control implementations via Assessment Test Procedures (ATP) that appropriately reflect testing methodologies and evidence used to determine security implementation effectiveness.
- Contribute to formal assessment documentation including scoring matrices, objective evidence summaries, and POA&M validation support.
- Maintain regular communication with mentors and teammates; ask questions, offer support, and be proactive in sharing progress or blockers.
Experience and Skills
- Working knowledge of information security principles, system administration, and IT operations.
- Demonstrated interest in regulatory compliance, risk assessments, and cybersecurity governance.
- Ability to clearly document technical findings, summarize evidence, and communicate compliance posture in a concise and professional manner.
- Previous experience in one or more of the following: system/network administration, cybersecurity operations, compliance auditing, vulnerability management, or technical writing.
- Certification Requirements: One of the following certifications
- Certified Information System Security Professional or Associate (CISSP)
- Cisco Certified Network Associate Security (CCNA Security)
- Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops)
- Cybersecurity Analyst (CySA+)
- GIAC Certified Incident Handler (GCIH)
- GIAC Systems and Network Auditor (GSNA)
- GIAC Certified Intrusion Analyst (GCIA)
- Certified Information Systems Auditor (CISA)
- Certified Secure Software Lifecycle Professional (CSSLP)
- Certified Information Systems Security Officer (CISSO)
- CyberSec First Responder (CFR)
- CompTIA Advanced Security Practitioner Continuing Education (CASP+) Continuing Education (CE)
- CompTIA Cloud+ (Cloud+)
- Global Industrial Cyber Security Professional (GICSP)
- Securing Cisco® Networks with Threat Detection Analysis (SCYBER)
- BCR Cyber Technical Proficiency Testing Activity
Preferred Skills/Experience:
- Secret clearance
- Any CSO certifications (e.g., AWS, Azure, GCP, etc.)
- Familiarity with NIST SP 800-53 is highly beneficial
- Familiarity with CNSSI 1253 is highly beneficial.
Job Benefits
- Medical, Dental & Vision Insurance Coverage
- Life/ADD & Short/Long Term Disability Insurance
- 401(k) Savings Plan
- Employee Stock Purchase Plan (ESPP)
- Paid Time-Off (PTO)
- Holidays
- Education Reimbursement
group id: 91122198
N
