Sr. Information System Security Analyst

KBR   •  

Suffolk, VA

Industry: Business Services


5 - 7 years

Posted 410 days ago

The Information Systems Security Analyst is a Navy Cyber, DIACAP, RMF and Information Assurance (IA) policy/ documentation subject matter expert. This position is for a Senior Information Systems Security Analyst experienced in performing cybersecurityinspections; developing and reviewing DIACAP/NIST accreditation documents; or perform Computer Network Defense (CND) activities.

The analyst will perform cybersecurity work. Specific responsibilities and tasks may include:

  • Travel to commands/sites and perform technical functions such as running scans, review command documentation/policies, upload results into VMS, and any other tasks necessary to complete a cyberinspection/assessment/audit.

  • Provide full-time subject matter expert (SME) support to Department of the Defense (DoD) customers, such as the Navy, Air Force, and Army, in regard to certification and accreditation (C&A)

  • Perform vulnerability scans, conduct risk assessments, and implementing or overseeing of the implementation of vulnerability assessments

  • Responsible for the full range of Information Assurance (IA) activities, specializing in C&A matters

  • Analyze customer's requirements regarding applicable security disciplines (physical, personnel, information, communications, and computer)

  • Evaluate customer's security policy and provide recommendations

  • Submit and track DIACAP accreditation packages, to include annual reviews of accredited networks/systems

  • Provide guidance on Information Assurance matters during configuration design and modification of information systems; review system designs for IA directive compliance; recommend changes, mitigations and remediation

  • Monitor and review periodic vulnerability and IA compliance testing

  • Verify that applicable security measures identified by the IA Vulnerability Management (IAVM) program are applied

  • Monitor mitigation and remediation progress; draft and update Plans of Action and Milestones (POA&Ms)

  • Participate in certification and accreditation collaboration meeting

  • Provide IA and risk analysis support; provide level of effort Technical Support on-site

  • Provide augmentation support to observe and support Certification Test and Evaluation (CT&E), Security Test and Evaluation (ST&E) and Independent Verification and Validation (IV&V) testing of new and existing systems at multiple locations across the United States

  • Generate DIACAP artifacts to include; DIACAP Implementation Plan (DIP), System Identification Profile (SIP), DIACAP Scorecard, Draft DIACAP POA&M, Test Plan, Test Report, Vulnerability Report, Residual Risk Assessment, Contingency Plan, COOP, and other documents as required


  • 5 years of experience, including 4 years of related IA and INFOSEC technical experience.

  • Minimum of 4 years’ experience in IA/C&A analysis support in IA controls analysis, conducting risk assessments, risk mitigation analysis, developing contingency plans.

  • Certifications: CASP, CISSP, CISM or GSLC is required

  • Clearance: Must possess an active Secret clearance

Demonstrated experience in the following areas:

  • Demonstrated knowledge of IA/INFOSEC concepts and requirements

  • Knowledge of the DOD C&A process and standards

  • System/network vulnerability analysis

  • Risk assessment and risk mitigation analysis

  • Security Test and Evaluation (ST&E)

  • Contingency planning

  • Firewall Policy

  • Ports & Protocols

KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.

Job: Information Technology

Job Number: 1048978