Information System Security Manager

At Kratos, we encourage an entrepreneurial spirit balanced with discipline. We work hard and take care of our customers, employees, and families. Recognized as thought leaders in our industry, we are motivated by creating and delivering innovative solutions to our nation and global customers.

Kratos has an exciting opportunity for an ISSM to lead and support other cybersecurity professionals in executing information assurance programs. The ISSM will support IT teams in implementing security measures in compliance with CMMC and Risk Management Framework policies, including System Security Plans, Risk Assessment Reports, Plans of Actions and Milestones, Assessment & Authorization packages, and Security Control Traceability Matrices. The role involves maintaining an operational security posture and ensuring security policies, standards, and procedures are established and followed. The ISSM will perform vulnerability and risk assessments to support Assessment & Authorization and provide configuration management for security software, hardware, and firmware.

This position is based on multiple DoD directives, including DoD 5205.07 volumes 1-4, DoDD 5205.02E, DoDI 5025.01, 5205.11, 5200.39, 5220.22, DoDM 3305.13, DoD 8140 series, Intelligence Community Directive Series 500/600/700, NIST 800 series, Executive Orders 13556 and 13636, the Joint SP Implementation Guide Rev 4, and DISA Security Technical Implementation Guides.

Applicants will be subject to a government security investigation and must meet eligibility requirements for access to classified information. U.S. citizenship is required. Travel (~10%) to customer sites and other program locations may be necessary.

1. Develop and maintain a cybersecurity program with policies, procedures, and documentation in coordination with the government client.
2. Plan and conduct security authorization reviews and develop assurance cases for initial system and network installation.
3. Leverage guidance from applicable directives and publications.
4. Manage security documentation such as CMMC, RMF, ATO, and others.
5. Ensure adherence to security policies, procedures, and guidance.
6. Develop and execute a continuous monitoring plan.
7. Review audit reports, report anomalies, and ensure audit tools capture events as required.
8. Follow cyber incident response plans during security incidents.
9. Manage security incidents and vulnerability compliance with stakeholders.
10. Maintain knowledge of system functions, security policies, safeguards, and operational measures.
11. Update security artifacts, review system changes, and assess security impacts.
12. Establish data ownership responsibilities and enforce system requirements.
13. Oversee system security configuration, hardware, software, and firmware baselines.
14. Assist with system maintenance procedures.
15. Conduct security inspections, tests, and reviews, informing leadership of results.
16. Coordinate security testing to evaluate system posture.
17. Document vulnerabilities and report violations, reviewing remedies with leadership.
18. Oversee system operation, maintenance, and disposition.
19. Guide data purging and releasing processes.
20. Manage backup and recovery processes to ensure security.
21. Ensure ISSOs are appointed, trained, and receive security education and training.
22. Verify users have appropriate security clearances and awareness before access.
23. Act as ISSO when necessary.
24. Perform security self-inspections and manage audits.

• 5-7 years of cybersecurity experience.
• 3 years as an ISSM or in similar roles.
• Experience in TS/SCI and SAP environments.
• Deep knowledge of the DISA Risk Management Framework.
• Certifications such as CISSP, CISM, or equivalent.
• Experience with eMASS, XACTA, or similar systems.
• Proficiency in preparing System Security Plans for ATO compliance.
• Knowledge of emerging IT and cybersecurity technologies.
• Ability to work in a fast-paced team environment.
• Excellent organizational and communication skills.

• Familiarity with ACAS or similar tools.
• Knowledge of zero trust frameworks.
• Experience with CMMC and satellite ground systems.
• Experience with Linux and AWS.
• CCSP certification is a plus.

#LI-Onsite

The pay range for this position is $132,000-$175,000, based on experience and education. Kratos values our ability to deliver innovative solutions for aerospace communication, control, awareness, and mission success. We are committed to our customers' trust and dependability. This posting will close within 90 days from the posting date.