Information System Security Manager

Job Descriptions:

Readiness Delivered. At Kratos, we encourage an entrepreneurial spirit balanced with discipline. We work hard, and take care of our customers, employees, and families. Recognized as thought leaders in our industry, we are motivated by creating and delivering innovative solutions to our nation and global customers. Kratos is looking for an ISSM to lead and support other cybersecurity professionals in the execution of information assurance programs and will support other IT teams in implementing security measures. This is accomplished in compliance with CMMC and Risk Management Framework policies and procedures such as System Security Plans, Risk Assessment Reports, Plans of Actions and Milestones, Assessment & Authorization packages, and Security Control Traceability Matrices. The ISSM will maintain an operational security posture and ensure security policies, standards, and procedures are established and followed. The ISSM will perform vulnerability and risk assessment analyses to support Assessment & Authorization and will provide configuration management for security software, hardware, and firmware.

This position is based on multiple DoD Directives; including DoD 5205.07 volumes 1-4; DoDD 5205.02E; DoDI 5025.01, 5205.11, 5200.39, 5220.22, DoDM 3305.13; DoD 8140 series; Intelligence Community Directive Series 500/600/700; NIST 800 series special publications; Executive Orders 13556 and 13636, the Joint Special Access Program Implementation Guide Rev 4, and DISA Security Technical Implementation Guides.

Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. U.S. citizenship is required. Travel to customer sites and other program locations will be required.

Primary Responsibilities:

• In coordination with the government client, develop and maintain a cybersecurity program and associated policies, procedures, and documentation.

• Work with government sponsors and ISSMs to plan and conduct security authorization reviews and assurance case development for the initial installation of program systems and networks.

• Leverage guidance pertinent to all applicable directives and publications.

• Ensure adherence to security policies, procedures, and guidance.

• Develop, manage, and execute continuous monitoring plan.

• Conduct reviews of audit reports and report anomalies to leadership. Ensure audit tools and events captured are as outlined in applicable

• Ensure the cyber incident response plan is followed when security incidents occur.

• Work with government stakeholders to manage security incidents and vulnerability compliance.

• Maintain a working knowledge of system functions, security policies and procedures, technical security safeguards, and operational security measures.

• Play an active role in developing and updating security artifacts, reviewing changes to program systems, and assessing the security impact of those changes.

• Ensure data ownership responsibilities are established for each program system and system requirements are enforced.

• Oversee system security configuration, hardware, software, and firmware baselines.

• Assist system administrators in approved maintenance procedures.

• Direct information system security inspections, tests, and reviews. Ensure leadership understands inspection timelines, operational impacts, and results.

• Coordinate periodic testing to evaluate the security posture of program systems.

• Ensure all system security-related vulnerabilities are documented and serious or unresolved violations are reported to the appropriate office. Review results with Kratos program leadership for possible remedies.

• Oversee the operation, maintenance, and disposition of program components.

• Provide guidance before purging and releasing program data.

• Oversee system backup and recovery processes to ensure security features and procedures can be properly restored.

• Ensure they and any ISSOs under their purview are appointed in writing and assigned duties commensurate with their expertise.

• Ensure ISSOs under their purview receive the appropriate training to carry out their duties.

• Ensure the development and implementation of an effective information system security education, training, and awareness program. Ensure all security training is accomplished and documented.

• Ensure all users have the requisite security clearances, authorization, need-to-know, and awareness of their security responsibilities before granting access to program systems.

• Assume ISSO responsibilities in the absence of or if no ISSO is assigned to a system.

• Execute regular security self-inspections to maintain a good security posture.

• Oversee system security audits.

Required Experience:

• 5-7 years cybersecurity experience

• 3 years as an ISSM or equivalent duties in a supervisory capacity

• Experience in TS//SCI environments

• An in-depth knowledge of the DISA Risk Management Framework and the DAAPM

• CISSP, CISM, or equivalent cybersecurity certification

• Experience with eMASS, XACTA, or similar government systems of record

• Familiarity with performance metrics and the ability to monitor and optimize operational efficiency

• The ability to stay current on industry trends, emerging technologies, and regulatory changes to maintain the organization’s competitive edge

• Demonstrated ability to manage risks and implement effective mitigation strategies

• Able to clearly communicate technical concepts orally and in written forms to internal and external audiences

• Comfortability with briefing large audiences and project/government leads

• A strong familiarity with cloud technologies and compliance requirements for cloud

• Active TS security clearance with SCI eligibility

Preferred Skills and Experience

• Experience with business continuity and disaster recovery planning (BC/DR).

• Familiarity with ACAS, Greylog, Nessus, Splunk or similar security tools.

• Familiarity with zero trust framework.

• Familiarity with JSIG.

• Experience with CMMC.

• Experience with satellite ground systems.

• Experience with Linux.

• Experience with agile methodologies and tools like Jira or Confluence.

• Experience with AWS cloud computing environments, including FedRAMP compliance and cloud security best practices.

#LI-Onsite

The grade-based pay range for this job is listed below. Individual salaries within that range are determined through a wide variety of factors including but not limited to education, experience, knowledge, and skills.

Competitive salary based on experience and education Salary Range: $130,000-$170,000

Kratos is valued for our ability to design and deliver leading edge, resilient solutions for aerospace communication, control, awareness and mission success across a continuum of offerings—from commercial to tailored custom solutions and integrated programs. Customers trust us to stay relevant and know we are in it for the long-haul. We bring both the capability and confidence that our customers value and depend on. And we always deliver.

This posting will close within 90 days from the Posting Date.

Keyword: NIST SP 800-53, NIST RMF, NIST SP 800-37, ICD 503, JSIG, CNSSI 1253, CMMC, FedRAMP, Security Control Assessor, continuous monitoring, system hardening, STIGs, ACAS, vulnerability management, eMASS

Kratos Defense is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, pregnancy, genetic information, disability, status as a protected veteran, or any other protected category under applicable federal, state, and local laws.

Disability Accessibility Accommodation

If you require an accommodation to navigate or apply to our careers site, please send your request to View email address on click.appcast.io or call View phone number on click.appcast.io. Any inquires not related to requesting an accommodation will be discarded.

Pay Transparency

The company will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant.

Job Applicant Privacy Notice

For applicants in the EU and California residents, please review our privacy notice.

From: Kratos Defense