Kratos is a leader in assured aerospace communication solutions and services. We are cutting-edge innovators and creative problem solvers working collaboratively to solve our customers’ toughest challenges. We are a trusted partner—driven by doing the right thing and achieving maximum success for our customers, our partners and ourselves.
Kratos is valued for our ability to design and deliver leading edge, resilient solutions for aerospace communication, control, awareness and mission success across a continuum of offerings—from commercial to tailored custom solutions and integrated programs. Customers trust us to stay relevant and know we are in it for the long-haul. We bring both the capability and confidence that our customers value and depend on. And, we always deliver.
At Kratos, we encourage an entrepreneurial spirit balanced with fiscal and operational discipline. We work hard, we solve hard problems, and we look out for and take care of our customers, each other and our families. Protecting and enabling our nation and global customers through innovative aerospace solutions is what motivates us. We continually build trusted relationships with our peers, our partners and customers, and we take ownership for our actions—always doing the right thing.
Kratos S2 is looking for an Information Systems Security Manager (ISSM), to support the Agile Cyber Development and Sustainment (ACDS) program. The ISSM will lead and support other Information System Security professionals in execution of information assurance programs through security authorization activities in compliance with Risk Management Framework (RMF) policies and procedures to include System Security Plans (SSPs), Risk Assessment Reports, Assessment & Authorization (A&A) packages, and Security Controls Traceability Matrix (SCTM). Maintains operational security posture to ensure information systems (IS), security policies, standards, and procedures are established and followed. The successful candidate will be able perform vulnerability/risk assessment analysis to support A&A as well as provides configuration management (CM) for information system security software, hardware, and firmware.
This position requires in-depth knowledge of the governments risk management framework (RMF) as outlined in various publications. The ISSM also serves as the local authorizing official for all ACDS cyber security issues. The ISSM is the primary interface with government agencies regarding assigned cyber security matters and requirements.
This position based on the various DoD Directives; specifically, DoD 5205.07 volumes 1-4; DoDD 5205.02E; DoDI 5025.01, 5205.11, 5200.39, 5220.22, DoDM 3305.13; Intelligence Community Directive Series 500/600/700; National Institute of Standards and Technology (NIST) publications 800 series; Executive Orders 13556, 13636 and the Joint Special Access Program Implementation Guide Rev 4 and Defense Information System Agency (DISA) Security Technical Implementation Guides (STIGs).
- In coordination with the government, develops and maintains an ACDS cybersecurity program and associated policies.
- Leverages guidance pertinent to all applicable directives and publications.
- Obtains guidance and approval from the appropriate authorizing official.
- Responsible for generation and maintenance of RMF documentation.
- Plays an active role in monitoring a system and its environment of operation to include developing and updating the system artifacts, managing, and controlling changes to the system, and assessing the security impact of those changes.
- Reviews and updates all artifacts for each unique system ensuring ATO compliance.
- Coordinates with CPSO on approval of external information systems.
- Maintains, per individual system and its accreditation, a baseline of configuration, hardware, software, and firmware.
- Develops, maintains, and executes information system continuous monitoring plan.
- Ensure all users have the requisite security clearances, authorization, need-to-know, and are aware of their security responsibilities before granting access to the IS.
- Ensures data ownership and responsibilities are established for each IS and specific requirements (for example, accountability/access/special handling requirements) are enforced.
- Maintains a working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
- Ensures adherence to these information system security policies and procedures.
- Ensures proper procedures are followed, per the Cyber Incident Response Plan, when information system security incidents are discovered.
- Ensures the development and implementation of an effective information system security education, training, and awareness program. Ensures initial, annual, and as-needed training is accomplished and documented.
- Conducts review of audit reports collected and reports anomalies to leadership. Ensures events captured are as outlined in applicable directives and publications.
- Liaises between KratosS2 and government authorities regarding system security posture requirements.
- Work with government stakeholders to resolve computer security incidents and vulnerability compliance.
- Work with government sponsors/ISSMs to plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
- Directs information system security inspections, tests, and reviews. Ensures leadership understands inspection timelines, operational impacts, and results.
- Schedules periodic testing to evaluate the security posture of information systems.
- Coordinates with disinterested parties to employ various intrusion attacks.
- Ensures all system security-related vulnerabilities are documented and ensure serious/unresolved violations are reported to the AO/DAO.
- Reviews results with Kratos S2 ACDS leadership for possible remedies, as necessary.
- Oversees the operation, maintenance, and disposition of IS according to the policies and procedures outlined in the body of evidence for each system.
- Advises users on the proper operation of a specific IS as outlined in its SCTM.
- Assists SAs in the approved maintenance procedures as approved by the ATO.
- Provides guidance, based on component classification, before purging and release.
- Assesses changes to the system and operational needs that could affect its accreditation.
- Updates system diagrams according to configuration control board direction.
- Oversees monitoring of available resources that provide warnings of system vulnerabilities or ongoing attacks to ensure system administrators (SA) compliance.
- Confirms domain/local policies are configured to meet regulatory requirements.
- Monitors system backup and recovery processes to ensure security features and procedures can be properly restored and are functioning correctly.
- Ensures they and any ISSOs under their purview are appointed, in writing, and assigned duties commensurate with their expertise. Assumes the ISSOs responsibilities in the absence or if no ISSO is assigned.
- Reviews duty requirements and research technical/security training to be obtained.
- Ensures ISSOs receive the appropriate training to carry out their duties.