Information System Security Manager

Ready for Whatis Next? At Kratos, we encourage an entrepreneurial spirit balanced with discipline. We work hard, and take care of our customers, employees, and families. Recognized as thought leaders in our industry, we are motivated by creating and delivering innovative solutions to our nation and global customers. Kratos has an exciting opportunity for an ISSM to lead and support other cybersecurity professionals in the execution of information assurance programs and will support other IT teams in implementing security measures. This is accomplished in compliance with CMMC and Risk Management Framework policies and procedures such as System Security Plans, Risk Assessment Reports, Plans of Actions and Milestones, Assessment & Authorization packages, and Security Control Traceability Matrices. The ISSM will maintain an operational security posture and ensure security policies, standards, and procedures are established and followed. The ISSM will perform vulnerability and risk assessment analyses to support Assessment & Authorization and will provide configuration management for security software, hardware, and firmware.

This position is based on multiple DoD Directives; including DoD 5205.07 volumes 1-4; DoDD 5205.02E; DoDI 5025.01, 5205.11, 5200.39, 5220.22, DoDM 3305.13; DoD 8140 series; Intelligence Community Directive Series 500/600/700; NIST 800 series special publications; Executive Orders 13556 and 13636, the Joint Special Access Program Implementation Guide Rev 4, and DISA Security Technical Implementation Guides.

Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. U.S. citizenship is required. Travel (~10%) to customer sites and other program locations may be required.

• In coordination with the government client, develop and maintain a cybersecurity program and associated policies, procedures, and documentation.
• Work with government sponsors and ISSMs to plan and conduct security authorization reviews and assurance case development for initial installation of program systems and networks.
• Leverage guidance pertinent to all applicable directives and publications.
• Develop and manage CMMC, RMF, ATO, and other security documentation.
• Ensure adherence to security policies, procedures, and guidance.
• Develop, manage, and execute a continuous monitoring plan.
• Conduct reviews of audit reports and report anomalies to leadership. Ensure audit tools are events captured are as outlined in applicable directives and publications.
• Ensure the cyber incident response plan is followed when security incidents occur.
• Work with government stakeholders to manage security incidents and vulnerability compliance.
• Maintain a working knowledge of system functions, security policies and procedures, technical security safeguards, and operational security measures.
• Play an active role in developing and updating security artifacts, reviewing changes to program systems, and assessing the security impact of those changes.
• Ensure data ownership responsibilities are established for each program system and system requirements are enforced.
• Oversee system security configuration, hardware, software, and firmware baselines.
• Assist system administrators in approved maintenance procedures.
• Direct information system security inspections, tests, and reviews. Ensure leadership understands inspection timelines, operational impacts, and results
• Coordinate periodic testing to evaluate the security posture of program systems.
• Ensure all system security-related vulnerabilities are documented and serious or unresolved violations are reported to the appropriate office. Review results with Kratos program leadership for possible remedies.
• Oversee the operation, maintenance, and disposition of program components.
• Provide guidance before purging and releasing program data.
• Oversee system backup and recovery processes to ensure security features and procedures can be properly restored.
• Ensure they and any ISSOs under their purview are appointed in writing and assigned duties commensurate with their expertise.
• Ensure ISSOs under their purview receive the appropriate training to carry out their duties.
• Ensure the development and implementation of an effective information system security education, training, and awareness program. Ensure all security training is accomplished and documented.
• Ensure all users have the requisite security clearances, authorization, need-to-know, and awareness of their security responsibilities before granting access to program systems.
• Assume ISSO responsibilities in the absence or if no ISSO is assigned to a system.
• Execute regular security self-inspections to maintain a good security posture.
• Manage system security audits.

• 5-7 years cybersecurity experience.
• 3 years as an ISSM or equivalent duties.
• Experience in TS/SCI and SAP environments.
• An in-depth knowledge of the DISA Risk Management Framework.
• CISSP, CISM, or equivalent cybersecurity certification.
• Experience with eMASS, XACTA, or other government systems of record.
• Experience in preparing detailed artifacts such as System Security Plans to meet Approval To Operate requirements.
• Knowledge of new and emerging IT and cybersecurity technologies.
• Capable of working in a fast-paced team environment.
• Excellent organizational skills.
• Able to clearly communicate technical concepts orally and in written forms to internal and external audiences.

Desired Skills and Experience

• Familiarity with ACAS or similar security tools.
• Familiarity with zero trust framework.
• Experience with CMMC.
• Experience with satellite ground systems.
• Experience with Linux.
• Experience with AWS.
• CCSP certification.

#LI-Onsite

Competitive salary based on experience and education
Salary Range: $132,000-$175,000

Kratos is valued for our ability to design and deliver leading edge, resilient solutions for aerospace communication, control, awareness and mission success across a continuum of offeringsifrom commercial to tailored custom solutions and integrated programs. Customers trust us to stay relevant and know we are in it for the long-haul. We bring both the capability and confidence that our customers value and depend on. And, we always deliver.