Title:
Senior RMF Policy Analyst
Program Summary:
KBR’s Mission Engineering Division delivers complex technical solutions and expert support to the U.S. Department of War, specializing in modeling and simulation, cyber transformation, air vehicle mission integration, and lifecycle support. As a trusted partner with a proven history in mission technology, KBR collaborates closely with clients to develop innovative and effective solutions. With a strong ethical framework, KBR prioritizes data security, privacy, and responsible information management to ensure mission success.
Job Summary:
KBR is seeking candidates with Risk Management Framework (RMF) expertise, policy and procedure experience, and excellent communications skills.
This position is not limited to the North Charleston, SC location. Full-time remote work for applicants outside of SC is available. Position is 100% full-time remote.
Roles and Responsibilities:
- Review, analyze, and update existing A&A Process SOPs, to reflect current Government approved practices.
- Review and update, where and when needed, the existing certification/testing model so it reflects best business practices in information technology/security once approved by the Government.
- Review current processes and recommend/develop automated processes in the areas of application risk assessments and additionally update/map these processes to existing interactive workflows and processes in SharePoint.
- Function as the primary Point of Contact with responsibility for the development and maintenance of the cybersecurity SOPs.
- Provide subject matter expertise in the area of DoD and DHA A&A requirements.
- Ensure accuracy of the information introduced in the SOPs and institute and exercise proper change control mechanisms when proposing or making changes to the technical, functional, or contextual information contained in the SOPs.
- Ensure the accuracy and correctness of the procedures and processes in the SOPs by utilizing a thorough Quality Assurance (QA) plan.
- Maintain all RMF/DIACAP documentation templates associated with A&A efforts and associated deliverables.
- Create, maintain, and manage training materials for approval by the Government.
- Apprise users about available assistance as well as technical security products and techniques. Varying levels of security training are required depending on a person's roles and responsibilities.
- Attend weekly CCB/SCAR Tiger Team meetings and monthly ACAS/CMRS meetings to understand issues and changes which drive potential updates to training content.
- Understand how eMASS functions and provide responses to technical and cyber related questions.
Basic Qualifications:
- Education: BS degree in Engineering, Physics, Network Security, or Computer Science. In lieu of degree, an additional 8 years of relevant experience can be substituted.
- Experience: Twelve (12) years of experience in Engineering, Systems Analysis, Medical Systems, Cybersecurity, Web Development, or Engineering Management to include: Technology Analysis and Assessment, Design Definition, Development of Systems Specification, Systems Analysis, Systems Architecture, Systems/Equipment Integration, Test & Evaluation Criteria, and Logistics support of C4ISR requirements. Five (5) years of technical experience in support of Cybersecurity/network protection or virtualization projects.
- Note: Experience may be concurrent. Advanced degrees in appropriate area substitute for experience as follows: Ph.D. (or equivalent terminal degree) – five (5) years of experience; MS or ME in appropriate area – two (2) years of experience.
- Clearance: Active Secret required.
- Certifications: Current CompTIA Security+ or DoD 8570 IAT/IAM level 1 or higher required.
- Required Skills:
- Demonstrated experience with RMF Steps 1-5
- Working knowledge of eMASS (Enterprise Mission Assurance Support Service)
- Knowledge of NIST SP 800-53 and 800-37, CNSSI 1254, and other DoD Risk Management policies
- Experience with the development of RMF Cyber Security documentation
- Familiarity with the use of vulnerability scanning and assessment tools necessary to identify and document compliance
Preferred Qualifications:
- Ability to lead teams and regularly interact with senior level program personnel
- Ability to manage multiple projects simultaneously
- Strong verbal and written communications and customer service skills
- A self-leader, self-thinker, needs little direction, ability to work in a dynamic team environment
- Experience with DHA Cyber Security Directorate is a plus
- Experience in conducting online or in-person training is a plus
Work Location: Position is 100% full-time remote.
Compensation: $139,840.00 - $209,760.00. The salary range posted is based on the national average. The offered rate will be based on the selected candidate’s location, knowledge, skills, abilities, and/or experience, contract affordability, and in consideration of internal parity.
Benefits:
KBR offers a selection of competitive lifestyle benefits which could include a 401K plan with company match, medical, dental, vision, life insurance, AD&D, flexible spending account, disability, paid time off, or flexible work schedule. We support career advancement through professional training and development.
Belong, Connect and Grow at KBR
At KBR, we are passionate about our people and our Zero Harm culture. These inform all that we do and are at the heart of our commitment to, and ongoing journey toward being a People First company. That commitment is central to our team of team’s philosophy and fosters an environment where everyone can Belong, Connect and Grow. We Deliver – Together.
KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.