Cyber Assessment & Authorization (A&A) Engineer/Analyst 3, with Security Clearance to work for KBR in North Charleston, SC (salary not disclosed)

February 22, 2021

PIPELINE - Ongoing KBR is seeking candidates with Assessment & Authorization experience to join a team supporting the Defense Health Agency (DHA) Security Solutions Division (SDD). **Note: This position is remote, but candidate must be available for EST conference calls and able to travel (up to 35%) as required by the customer and project leads. ABOUT THIS POSITION Primary responsibility is to perform tasks related to Assessment & Authorization (A&A) within the Defense Health Agency to ensure assigned DoD systems/Enclaves/Networks can obtain and maintain Authorization to Operate (ATO) and Authorization to Connect (ATC) certifications. Conduct risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs. This position will be a part of a team developing recommended courses of action needed to transition current policies and procedures to the Risk Management Framework (RMF) approved processes. Provide solutions to complex problems that require the regular use of expertise and creativity. Problems are broadly defined and solutions require the continuation of specialized theories and knowledge. Serve as Subject Matter Expert (SME) on one or more technologies. Qualifications: * BS degree and six (6) years of experience with Information Technology/Information Assurance or twelve (12) years of hands-on experience with Information Technology/Information Assurance.
* Travel: 30-35%
* Must possess a CompTIA Security + to start work * OS Certification/Approved Training completed within 180 days of hire * Clearance: Active Secret clearance Additional Qualifications: * Experience with DIACAP and RMF in DHA a plus * Experience with Accreditation package management in eMASS a plus * Excellent customer service and organization skills * Excellent oral and written communication skills Familiarity with Guidance: * Risk Management Framework * NIST 800 series policies & Guidance * NIST Federal Information Processing Standards (FIPS) * Department of Defense Instructions (DoDI) * Security Technical Implementation Guides (STIGs) Familiarity with Toolsets/Technlogies: * STIGViewer, etc.

For more info. go to: