Title:
Information Systems Security Engineer (ISSE)
Position Summary:
Support the secure deployment and operation of the GEMSTONE platform across classified and unclassified environments, including air-gapped on-premises systems, ensuring systems are hardened, compliant, and accredited while helping evolve GEMSTONE into a secure hybrid cloud/on-prem platform.
Key Responsibilities:
- Work closely with developers to integrate security into platform design and deployment workflows
- Ensure systems comply with DoD STIGs, RMF controls, and security accreditation requirements
- Support deployment of a modeling and simulation platform in cloud and on-premises Kubernetes environments with UDS Core
- Support and secure air-gapped deployments, including installation, updates, and sustainment in disconnected environments
- Collaborate with the platform team to design and evolve a hybrid architecture spanning cloud and on-prem systems
- Implement and validate security controls, patching, and vulnerability remediation processes
- Support Authority to Operate (ATO) activities, including documentation, validation, and audit readiness
- Partner with the ISSM to maintain continuous monitoring and compliance posture
- Assess and secure containerized workloads, APIs, and Kubernetes-based services
- Guide implementation of network security, access controls, and boundary protections in classified environments
- Participate in security reviews, risk assessments, and incident response activities
- Support accreditation and deployment of applications transitioning to higher classification levels
Work Environment:
- Location: Onsite
- Travel Requirements: ~10%
- Working Hours: Standard
Qualifications:
Required:
- 5+ years of experience in information system security engineering (ISSE) or cybersecurity engineering
- Strong experience applying DoD STIGs, RMF framework, and security compliance requirements
- Experience supporting ATO processes for classified or government systems
- Experience securing Linux-based systems and hardened environments
- Familiarity with Kubernetes platforms and container security practices
- Experience supporting air-gapped or disconnected system deployments
- Experience securing hybrid cloud and on-premises architectures
- Knowledge of network security principles, including segmentation and access control
- Experience implementing identity, authentication, and authorization mechanisms
- Ability to identify and mitigate system vulnerabilities and cyber risks
- Strong collaboration skills to work with developers, platform engineers, and ISSM stakeholders
- Active TS/SCI clearance required
- Must be located in Colorado Springs, CO and able to work on-site in a SCIF
Desired:
- Experience with Kubernetes distributions (e.g., UDS Core, OpenShift, Rancher)
- Familiarity with container security tools and vulnerability scanning platforms
- Experience with DevSecOps and securing CI/CD pipelines
- Knowledge of cross-domain or multi-classification system architectures
- Relevant certifications such as CISSP, CASP+, or Security+
Basic Compensation:
$130,000-$170,000
This range is for the Colorado area only
The offered rate will be based on the selected candidate’s work location, knowledge, skills, abilities and/or experience, clearance level, contract affordability and in consideration of internal parity.
Ready to Make a Difference?
If you’re excited about making a significant impact in the field of space defense and working on projects that matter, we encourage you to apply and join our team at KBR. Let's shape the future together.
KBR Benefits
KBR offers a selection of competitive lifestyle benefits which could include 401K plan with company match, medical, dental, vision, life insurance, AD&D, flexible spending account, disability, paid time off, or flexible work schedule. We support career advancement through professional training and development.