Job DescriptionReadiness Delivered. At Kratos, we encourage an entrepreneurial spirit balanced with discipline. We work hard, and take care of our customers, employees, and families. Recognized as thought leaders in our industry, we are motivated by creating and delivering innovative solutions to our nation and global customers. As a
Sr. Security Consultant of
Commercial Cybersecurity Services for Kratos, you will be leading and supporting teams of professionals working to evaluate and secure innovative cloud computing solutions on the most advanced cloud and on-premises infrastructures, by providing security consulting services and performing security assessments. The ideal candidate will have a firm understanding of how to apply the principles of information security in a variety of circumstances and security requirements into common technical implementations. Candidates must have experience working in classified environments. Must have a strong understanding of Federal Risk and Authorization Management Program (
FedRAMP) assessments, Department of Defense (
DoD) Cloud Service Provider Security Requirements Guide, Committee on National Security Systems Instruction (CNSSI) requirements, and National Institute of Standards and Technology (NIST) Special Publications and Risk Management Framework (RMF).
Key Responsibilities:
Assessor Role
- Lead and support assessment teams conducting FedRAMP, DoD SRG, and NIST RMF security assessments.
- Review Security Packages (SSP, SAP, SAR, POA&M, Deviation Requests, Significant Change Requests, Continuous Monitoring artifacts) for completeness and compliance.
- Validate Cloud Service Provider (CSP) compliance with FedRAMP/DoD/NIST security control baselines through review of evidence, testing, interviews, and analysis of scans, etc.
- Develop Security Assessment Plans and Security Assessment Reports, including detailed test procedures and findings.
- Validate Cloud Service Provider compliance through evidence reviews, interviews, technical testing, and analysis of vulnerabilities.
- Conduct client interviews to assess the operational and technical effectiveness of security controls.
- Evaluate cloud security implementations across AWS, Azure, Google, or other IaaS environments.
- Brief internal and external stakeholders, including senior government representatives, on defensible assessment results.
Experience and Skills- Active DoD Secret clearance or higher.
- Experience working in classified environments; ability to work in or access a SCIF as required.
- Strong understanding of NIST 800?53 Rev5, FedRAMP, DoD Cloud SRG, CNSSI, and the NIST RMF.
- Technical experience implementing security configuration, solutions, and/or cloud services.
- Ability to validate cloud-native security implementations (E.g., IAM, logging, encryption, network segmentation, etc.)
- Demonstrated ability to determine control effectiveness through documentation review, interviews, and technical testing.
- Exceptional writing skills with the ability to translate technical information into clear assessment procedures and findings.
- Strong verbal communication skills and ability to brief technical and non technical audiences.
- Proficiency with MS Office and assessment documentation tools.
- Certification Requirements:
- Certified Information System Security Professional or Associate (CISSP)
Plus one of the following certification from the list below:
- Cisco Certified Network Associate Security (CCNA Security)
- Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops)
- Cybersecurity Analyst (CySA+)
- GIAC Certified Incident Handler (GCIH)
- GIAC Systems and Network Auditor (GSNA)
- GIAC Certified Intrusion Analyst (GCIA)
- Certified Information Systems Auditor (CISA)
- Certified Secure Software Lifecycle Professional (CSSLP)
- Certified Information Systems Security Officer (CISSO)
- CyberSec First Responder (CFR)
- CompTIA Advanced Security Practitioner Continuing Education (CASP+) Continuing Education (CE)
- CompTIA Cloud+ (Cloud+)
- Global Industrial Cyber Security Professional (GICSP)
- Securing Cisco Networks with Threat Detection Analysis (SCYBER)
- BCR Cyber Technical Proficiency Testing Activity
Preferred Skills/Experience :
- Prior 3PAO or DoD assessor experience.
- Experience leading assessment teams or serving as a technical SME.
- Experience with automation, IaC, or cloud-native security tooling.
- AI Familiarity
#LI-Hybrid Competitive salary based on experience and education
Kratos is valued for our ability to design and deliver leading edge, resilient solutions for aerospace communication, control, awareness and mission success across a continuum of offerings-from commercial to tailored custom solutions and integrated programs. Customers trust us to stay relevant and know we are in it for the long-haul. We bring both the capability and confidence that our customers value and depend on. And we always deliver.
This posting will close within 90 days from the Posting Date. Job Benefits- Medical, Dental & Vision Insurance Coverage
- Life/ADD & Short/Long Term Disability Insurance
- 401(k) Savings Plan
- Employee Stock Purchase Plan (ESPP)
- Paid Time-Off (PTO)
- Holidays
- Education Reimbursement
Never miss an opportunity! Create an alert based on the job you applied for.