Security Consultant (CMMC)

Ready for Whatis Next? At Kratos, we encourage an entrepreneurial spirit balanced with discipline. We work hard, and take care of our customers, employees, and families. Recognized as thought leaders in our industry, we are motivated by creating and delivering innovative solutions to our nation and global customers.

Do you want to be on the front lines of securing the nationis defense supply chain from cyber crime, theft, espionage and other threats? Helping small to large leading-edge organizations in the defense industrial base (DIB) secure their environments is at the core of what we do. As a Security Consultant for Kratos Commercial Cybersecurity Services division, you will be supporting teams of professionals working to evaluate and secure a wide-range of environments within some of the most advanced, leading-edge organizations in the world.

The ideal candidate will have a firm understanding of how to apply the principles of information security in a variety of circumstances and expertise translating security requirements into common technical implementations. Experience working across multiple compliance frameworks (CMMC, FedRAMP, DoD SRG, NIST, PCI, ISO, HIPAA, SOC, CJIS, etc.) is highly desirable.

Responsibilities:

General

• Expert-level knowledge of the CMMC framework, including practice requirements and the assessment methodology.
• Regularly obtains continuing education necessary to maintain certifications and/or meet qualifications requirements.
• Proactively maintains up-to-date knowledge of industry trends to enhance skills and abilities and contribute to the development of new or enhanced service offerings.
• Actively demonstrates an ability to handle changing or ambiguous work situations by applying appropriate approaches, metholodogies, and tools.
• Bears responsibility for successful project completion.
• Applies quality control practices to work product in advance of submission for quality assurance review.
• Actively contributes to improving current service offerings.

Assessor

• Support a small team in the review and analysis of security documentation packages for completeness and compliance with CMMC requirements.
• Provide critical input into the development of assessment artifacts including the Assessment Plan, Daily Checkpoint Logs, Risk Traceability Matrix, and Security Assessment Report and briefing.
• Conduct client interviews and participate in working sessions to assess the technical and operational adequacy and sufficiency of security practice implementations.
• Collaborate effectively within dynamic teams and across multiple customer organizations with diverse personalities and expertise to drive agreement on complex issues.
• Effectively document successful and unsuccessful security practice implementations that appropriately reflect testing methodologies and evidence used to determine security practice implementation effectiveness.
• Effectively cross-walk multiple sources of evidence (artifacts, demonstrations, interviews, and tests) to assess the maturity of practice implementation throughout an organization.

Advisor Role

• Conduct diagnostic/discovery sessions to gain an understanding of security architecture and practice implementations.
• Leverage understanding of security architecture and practice implementations to identify gaps and develop supporting documentation.
• Work with multiple internal and external stakeholders to assess and identify security compliance gaps and propose technical and operational remediation solutions.
• Support the development security documentation that translates complex concepts, solutions, and organizational structure into compliant documentation that satifies the CMMC compliance framework requirements. Security documentation includes but is not limited to: System Security Plan, Configuration Management Plan, Incident Response Plan, Contingency Plan, Risk Mitigation Plan, Vulnerability Management Plan, and general policy and procedures, as needed.
• Provide consultative reviews of security documentation with accompanying remediation or enhancement recommendations.
• Collaborative effectively within dynamic teams and across multiple customer organizations with diverse personalities and expertise to drive agreement on complex issues.

• Ability and willingness to learn and support other security compliance frameworks.
• Ability to successfully pass security framework certification requirements.
• Broad based IT background with a technical understanding of networks, protocols, security configuration, cryptography and identity and access management.
• Excellent communication skills, both written and verbal, including an ability to translate technical concepts and issues into non-technical or layman's terms.
• Ability to successfully manage and lead multiple tasks.

• CMMC Certified Professional
• CMMC Certified Assessor

Preferred Skills and Experience

One or more of the following certifications are preferred:

• ISC2 Certified in Governance, Risk, and Compliance (CGRC)/ Certified Authorization Professional (CAP)
• CompTIA Advanced Security Practitioner (CASP+)
• CompTIA Cloud+
• CompTIA PenTest+
• CompTIA Security+
• GIAC Security Essentials (GSEC)
• Secret Suitability

#LI-Remote

Competitive salary based on experience and education
Salary Range: $114,000-$140,000/yearly

Kratos is valued for our ability to design and deliver leading edge, resilient solutions for aerospace communication, control, awareness and mission success across a continuum of offeringsifrom commercial to tailored custom solutions and integrated programs. Customers trust us to stay relevant and know we are in it for the long-haul. We bring both the capability and confidence that our customers value and depend on. And, we always deliver.