Security Consultant *Remote Position*

Ready for Whatis Next? Kratos Defense & Security Solutions develops and fields transformative, affordable technology, platforms, and systems for United States National Security related customers, allies, and commercial enterprises. iWe proactively build trusted relationships with our peers, partners and customers, and take ownership for our actionsialways striving to do the right thing.

As a Security Consultant of Cybersecurity Services for Kratos, you will be supporting teams of professionals working to evaluate and secure commercial cloud computing solutions on the most advanced, innovative cloud infrastructures in the world.

The ideal candidate will have a knowledge of how to apply the principles of information security in a variety of circumstances and the ability to translate security requirements into common technical implementations. Candidates will serve as a member of a team to conduct FedRAMP security assessments of SaaS, PaaS, and IaaS cloud offerings. Candidates will also provide a variety of consulting services to cloud service providers seeking to implement FedRAMP security control requirements. Experience working across multiple compliance frameworks (FedRAMP, DOD SRG, CMMC, NIST, PCI, ISO, HIPAA, SOC, CJIS, etc.) is highly desirable.

Security Consultants may serve in both consulting and assessor roles for different cloud service providers, with responsibilities to include:

• Support small teams in the review and analysis of security packages for completeness and compliance with FedRAMP or other cybersecurity frameworks (e.g., DoD, NIST, CMMC, or similar) requirements.


• Assist in the development of Security Assessment Plans, Security Assessment Reports, and security briefings.


• Conduct and participate in client interviews and working sessions to assess the technical and operational effectiveness of security control implementations within cloud environments.


• Collaborate effectively within dynamic teams and across multiple customer organizations with diverse personalities and expertise to drive to agreement on complex issues.


• Effectively document successful and unsuccessful security control implementations that appropriately reflect testing methodologies and evidence used to determine security implementation effectiveness.i


• Lead or support the review and analysis of vulnerability scan results from tools such as Nessus, Qualys, AppDetective, WebInspect, IBM AppScan, Burp Suite, etc.


• Consult on cloud security architecture and security control implementations that meet FedRAMP requirements.


• Work with multiple stakeholders (internal and external) to identify security compliance gaps and propose technical and operational remediation solutions.


• Develop security documentation that translates complex concepts and solutions into compliant documentation that is required for FedRAMP compliance.

Keyword: FedRAMP, 3PAO, Security Assessment, Security Audit, Cloud Security, Cloud Computing, Security Requirements Guide, DoD SRG
Required Experience:

• Strong desire to develop deep technical knowledge of cloud based architectures, infrastructures, microservices, container orchestration and other cloud-native technologies


• Ability to support multiple projects while applying appropriate time management


• Proficiency with communicating technical and non-technical information in both written and verbal forms to internal and external individuals


• Demonstrated ability to communicate progress on projects/tasks, scheduling, quality control for timely completion of deliverables


• Minimum of 32-hours of industry relevant security training


• Willingness to obtain required customer clearance requirements


• Candidates must have at least one industry certification from the following list:




• Cisco Certified Network Associate Security (CCNA Security)


• Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops)


• Cybersecurity Analyst (CySA+)


• GIAC Certified Incident Handler (GCIH)


• GIAC Systems and Network Auditor (GSNA)


• GIAC Certified Intrusion Analyst (GCIA)


• Certified Information Systems Auditor (CISA)


• Certified Information System Security Professional or Associate (CISSP or Associate)


• Certified Secure Software Lifecycle Professional (CSSLP)


• Certified Information Systems Security Officer (CISSO)


• CyberSec First Responder (CFR)


• CompTIA Advanced Security Practitioner Continuing Education (CASP+) Continuing Education (CE)


• CompTIA Cloud+ (Cloud+)


• Global Industrial Cyber Security Professional (GICSP)


• Securing Cisco Networks with Threat Detection Analysis (SCYBER)

Desired Skills and Experience

• Experience working in a services organization supporting external commercial customers


• FedRAMP assessment experience


• Baltimore Cyber Range (BCR) certification


• Strong understanding of common cloud infrastructures (AWS, Microsoft, Google, etc.) and their associated services


• Prior experience serving in a technical operations role or similar hands-on role


• Active Clearance (Secret, Top Secret, etc.)

#LI-Remote

Competitive salary based on experience and education

From: Kratos Defense