Senior Information Security Analyst (Hybrid)

Senior Information Security Analyst (Hybrid) page is loaded

Apply locations Washington, District of Columbia time type Full time posted on Posted 19 Days Ago job requisition id R2105279

Title:

Senior Information Security Analyst (Hybrid)

Belong. Connect. Grow. with KBR!

Around here, we define the future.

We are a company of innovators, thinkers, creators, explorers, volunteers, and dreamers. But we all share one goal: to improve the world responsibly and safely.

THIS POSITION IS CONTINGENT UPON CONTRACT AWARD

KBR is hiring a full-time Senior Information Security Analyst supporting the Administrative Office of the US Courts and is contingent upon successful contract award.

This onsite position is located at the Thurgood Marshall Federal Judiciary Building in Washington DC and has the option of an approved telework/hybrid work schedule.

The core work hours dedicated to KBR and our direct customer are 8 am Est to 5 pm Est. No travel is expected with this position.

The Administrative Office of the US Courts Chief Operating Officer (COO) Information Security & Validation Staff (ISVS) is responsible for governing, overseeing, developing, strengthening, and maintaining the information security posture within COO Offices to meet and exceed enterprise security standards. Their mission is to proactively ensure the integrity, confidentiality, and availability of critical judiciary information assets through a comprehensive, rigorous security approach via our governance, risk management, and compliance (GRC) program.

The Senior Information Security Analyst will be responsible for enhancing cybersecurity for its customers including cybersecurity systems support, cybersecurity compliance, and cybersecurity risk management for the COO comprehensive IT system portfolio.

Primary Responsibilities:

• Prepare Information Systems: Carry out activities at various levels to help manage security and privacy risks using the JISF and NIST RMF.
• Categorize Information Systems: Determine the adverse impact to Judiciary operations and assets, individuals, other organizations, and the Nation.
• Select Security Controls: Select, tailor, and document the controls necessary to protect the information system and organization.
• Implement Security Controls: Implement the government-approved security controls specified in the Security Plan.
• Assess Security Controls: Determine if the controls selected for implementation are operating as intended and producing the desired outcome.
• Authorize Information System: Provide accountability by requiring a government senior management official to determine if the security and privacy risk is acceptable.
• Monitor Security Controls: Maintain ongoing situational awareness about the security and privacy posture of the information system in compliance with NIST SP 800-53 Rev. 5, NIST SP 800-37 Rev. 2, and CSF 2.0.
• Leveraging the existing GRC tool to track and reconcile findings from assessments, audits, and vulnerability scans.
• Common Control Identification: Identify, document, and publish Judiciary-wide common controls available for inheritance by Judicial systems.
• Mission or Business Focus: Identify and document the missions, business functions, and mission/business processes that the system is intended to support.
• System Stakeholders: Identify stakeholders who have an interest in the design, development, implementation, assessment, operation, maintenance, or disposal of the system.
• Asset Identification: Identify assets that require protection.
• Authorization Boundary: Determine the authorization boundary of the system.
• Information Types: Identify the types of information to be processed, stored, and transmitted by the system.
• Information Life Cycle: Identify and understand all stages of the information life cycle for each information type processed, stored, or transmitted by the system.
• Risk Assessment—System: Conduct a system-level risk assessment and update the risk assessment results as needed
• Produce and perform quality review of InfoSec Governance, Risk and Compliance (GRC) product deliverables.

Required Qualifications

• Ability to obtain a Public Trust Suitability Determination: Medium Risk Level 2
• Seven (7) to ten (10) years of IT system security experience including five years of specialized InfoSec Governance, Risk and Compliance (GRC) experience of which two years were direct supervisory experience.
• Possess in-depth knowledge of applying, selecting and testing the NIST 800-53 Rev 4 or 5 security controls.
• Possess in-depth knowledge of NIST 800-37 Risk Management Framework.
• Excellent customer-handling and verbal/written communication with teamwork emphasis
• Strong analytical skills and attention to detail
• Ability to handle and prioritize multiple tasks and deadlines
• Ability to explain technical details and issues clearly to non-technical individuals and be able to explain problems clearly and concisely
• Experience with the full Software Development Life Cycle (SDLC)

Education: Bachelor's degree in information technology or related field

Desired Skills:

• Experience using Cybersecurity Assessment and Management (CSAM) Global Risk Compliance tool
• Experience using Splunk and Nessus VSS vulnerability scan software
• Information security certifications (CISSP, etc.)

The candidate must be able to obtain and maintain a national agency check and background investigation after hire to obtain a badge for facility access and user accounts.

Basic Compensation:

$102,700 - $154,000

This pay range is applicable to the DC area only.

The offered rate will be based on contract affordability and the selected candidate’s working location, knowledge, skills, abilities and/or experience, and in consideration of internal parity.

Additional Compensation:

KBR may offer bonuses, commissions, or other forms of compensation to certain job titles or levels, per internal policy or contractual designation. Additional compensation may be in the form of sign on bonus, relocation benefits, short term incentives, long term incentives, or discretionary payments for exceptional performance.

KBR Benefits

KBR offers a selection of competitive lifestyle benefits which could include 401K plan with company match, medical, dental, vision, life insurance, AD&D, flexible spending account, disability, paid time off, or flexible work schedule. We support career advancement through professional training and development.

Click here to learn more: KBR Benefits | KBR

Belong, Connect and Grow at KBR

At KBR, we are passionate about our people and our Zero Harm culture. These inform all that we do and are at the heart of our commitment to, and ongoing journey toward being a People First company. That commitment is central to our team of team’s philosophy and fosters an environment where everyone can Belong, Connect and Grow. We Deliver – Together.

KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.

locations Washington, District of Columbia time type Full time posted on Posted 19 Days Ago

KBR — Delivering Solutions, Changing the World.

KBR brings together the best and brightest to deliver science, technology and engineering solutions that help governments and companies around the world accomplish their most critical missions and objectives.

In everything we do, we are guided by our ONE KBR Values:

We Value Our People – We create diverse, inclusive environments in which each person can feel safe, respected and valued, and where everyone has opportunities to grow and reach their full potential.

We Deliver – We are uncompromising in our commitment to deliver innovative, high-quality, technology-led solutions for our customers and exceptional, sustainable value for all our stakeholders.

We Are People of Integrity – We value honesty, trust, courage, fairness, prudence and tenacity. We believe doing what’s right for the planet, the communities where we work, and our people is good for business.

We Empower – We empower our people with a shared purpose, the right tools and the supportive culture they need to be proactive decision-makers, to be adaptive to change, and to succeed.

We Are a Team of Teams – We have a will to succeed, but we value the achievements of our team of teams over individual accomplishments. Our collective focus makes us a better, stronger, more effective company.

We have also embedded environmental, social and governance (ESG) principles in every business operation and corporate function. Not only are we committed to operating safely, sustainably and equitably, but we are also committed to using our capabilities and expertise to help our customers accomplish their sustainability goals.

Worldwide, KBR employs a diverse workforce approximately 29,000 people strong, with customers in more than 80 countries and operations in 40 countries.

At KBR, We Deliver.

Fraud has infiltrated the job placement market via the internet, email and direct phone contact. Attempts have included unauthorized use of KBR’s name and logo to solicit potential job seekers or to extend false job offers. Bad actors may mix in fake job advertisements with legitimate postings. These ads can include contact instructions and require job seekers to send sensitive personal information or money to pay for visa applications, processing fees, etc., in exchange for consideration for a high-paying position.

KBR will never ask for any sort of advance payment as part of the recruiting/hiring process. Candidate profiles are carefully managed to protect personal information.