Do you take information technology (IT) and information security seriously and want to make a difference? Helping leading-edge technology companies secure their cloud environments is at the core of what we do and we make a difference.
As a Security Consultant of Commercial Cybersecurity Services for Kratos, you will be supporting teams of professionals working to evaluate and secure innovative cloud computing solutions on the most advanced cloud and on-premises infrastructures in the world by providing security consulting services and performing security assessments.
The ideal candidate will have a firm understanding of how to apply the principles of information security in a variety of circumstances and expertise translating security requirements into common technical implementations. Experience working across multiple compliance frameworks (FedRAMP, DOD SRG, CMMC, NIST, PCI, ISO, HIPAA, SOC, CJIS, etc.) is highly desirable.
- Support small teams in the review and analysis of security documentation packages for completeness and compliance with requirements across one or more cybersecurity frameworks (e.g., FedRAMP, DoD, NIST, CMMC, PCI, ISO, IA-Pre, or similar).
- Provide critical input into the development of Security Assessment Plans, Security Assessment Reports, and security briefings.
- Conduct client interviews and participate in working sessions to assess the technical and operational effectiveness of security control implementations.
- Assess existing security environments to validate security implementations remain up to date throughout the life cycle of a system or environment.
- Collaborate effectively within dynamic teams and across multiple customer organizations with diverse personalities and expertise to drive to agreement on complex issues.
- Effectively document successful and unsuccessful security control implementations that appropriately reflect testing methodologies and evidence used to determine security implementation effectiveness.
- Understand the impacts and information contained in vulnerability scan results from tools such as Nessus, Qualys, AppDetective, WebInspect, IBM AppScan, Burp Suite, etc.
- Conduct diagnostic/discovery sessions to gain an understanding of security architecture and control implementations towards identify gaps and developing supporting documentation.
- Work with multiple stakeholders (internal and external) to assess and identify security compliance gaps and propose technical and operational remediation solutions.
- Support the development of security documentation that translates complex concepts and solutions into compliant documentation that is required for the Certification or Authorization of compliance frameworks (e.g., FedRAMP, DoD, NIST, CMMC, PCI, ISO, IA-Pre, or similar). Security documentation includes but is not limited to: System Security Plans, Contingency Plans, Configuration Management Plans, Incident Response Plans, Privacy Impact Assessments, security policies and procedures.
- Provide consultative reviews of security documentation and provide recommend remediation and enhancements.