FedRAMP Security Consultant

Ready for What's Next? Kratos is a leader in assured aerospace communication solutions and services. We are cutting-edge innovators and creative problem solvers working collaboratively to solve our customers toughest challenges. Our culture is fast-paced and innovative. We are a trusted partneridriven by doing the right thing and achieving maximum success for our customers, our partners and ourselves. As a Security Consultant of Cybersecurity Services for Kratos, you will be supporting teams of professionals working to evaluate and secure commercial cloud computing solutions on the most advanced, innovative cloud infrastructures in the world.

The ideal candidate will have a firm understanding of how to apply the principles of information security in a variety of circumstances and expertise in translating security requirements into common technical implementations. Candidates will serve as a critical member of a team to conduct FedRAMP security assessments of SaaS, PaaS, and IaaS cloud offerings. Candidates will also provide strategic, operational, and tactical consulting services to cloud service providers seeking to implement FedRAMP security control requirements. Experience working across multiple compliance frameworks (FedRAMP, DOD SRG, CMMC, NIST, HITRUST, etc.) is highly desirable.

Security Consultants may serve in both consulting and assessor roles for different cloud service providers, with responsibilities to include:

• Support small project teams in the review and analysis of security packages for completeness and compliance with FedRAMP or other cybersecurity frameworks (e.g., DoD, NIST, CMMC, or similar) requirements.


• Facilitate and participate in client interviews and working sessions to assess the technical and operational effectiveness of security control implementations within cloud environments.


• Lead or assist in the development of Security Assessment Plans, Security Assessment Reports, and security briefings.


• Collaborate effectively within dynamic teams and across multiple customer organizations with diverse personalities and expertise to drive to agreement on complex issues.


• Effectively document successful and unsuccessful security control implementations that appropriately reflect testing methodologies and evidence used to determine security implementation effectiveness.i


• Consult on cloud security architecture and security control implementations that meet FedRAMP requirements.


• Work with multiple stakeholders (internal and external) to identify security compliance gaps and propose technical and operational remediation solutions.


• Develop security documentation that translates complex concepts and solutions into compliant documentation that is required for FedRAMP compliance.

Keyword: 3PAO, Security Assessment, Security Audit, Cloud Security, Cloud Computing, Security Requirements Guide, DoD SRG
Required Experience:

• Desire to eventually serve as a team lead or primary technical point of contact for customers during the execution of assessment and consulting engagements


• Strong desire to hone deep technical knowledge of cloud based architectures, infrastructures, microservices, container orchestration and other cloud-native technologies


• Support multiple projects with the ability to adapt to various approaches


• Expert ability to communicate technical and non-technical information in both written and verbal forms to internal and external individuals


• Ability to adhere to projects/tasks, scheduling, quality control, and timely deliverable completion


• Minimum of 32-hours of industry relevant security training


• Willingness to obtain required customer clearance requirements


• Candidates must have one or more of the followign industry certifications:


• 
  
  
  
  • Certified Information System Security Professional or Associate (CISSP or Associate)
  
  
  • Certified Secure Software Lifecycle Professional (CSSLP)
  
  
  • Certified Information Systems Auditor (CISA)
  
  
  • Certified Information Systems Security Officer (CISSO)
  
  
  • Cisco Certified Network Associate Security (CCNA Security)
  
  
  • Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops)
  
  
  • CompTIA Advanced Security Practitioner Continuing Education (CASP+)
  
  
  • CompTIA Cloud+ (Cloud+)
  
  
  • Cybersecurity Analyst (CySA+)
  
  
  • CyberSec First Responder (CFR)
  
  
  • GIAC Certified Incident Handler (GCIH)
  
  
  • GIAC Certified Intrusion Analyst (GCIA)
  
  
  • GIAC Systems and Network Auditor (GSNA)
  
  
  • Global Industrial Cyber Security Professional (GICSP)
  
  
  • Securing Cisco Networks with Threat Detection Analysis (SCYBER
  
  
  
  

Desired Skills and Experience

• Experience working in a services organization supporting external commercial customers


• FedRAMP assessment experience


• Baltimore Cyber Range (BCR) certification


• Strong understanding of common cloud infrastructures (AWS, Microsoft, Google, etc.) and their associated services


• Prior experience serving in a technical operations role or similar hands-on role


• Active Clearance (Secret, Top Secret, etc.)


• Proximity to the DC/MD/VA area.

#LI-Remote

The grade-based pay range for this job is listed below. Individual salaries within that range are determined through a wide variety of factors including but not limited to education, experience, knowledge, and skills.

This posting will close within 90 days from the Posting Date.

Competitive salary based on experience and education
Salary Range: $80,000-$135,000

Kratos is valued for our ability to design and deliver leading edge, resilient solutions for aerospace communication, control, awareness and mission success across a continuum of offeringsifrom commercial to tailored custom solutions and integrated programs. Customers trust us to stay relevant and know we are in it for the long-haul. We bring both the capability and confidence that our customers value and depend on. And, we always deliver.

From: Kratos Defense