Information System Security Manager (ISSM)

About

KBR is seeking an Information System Security Manager (ISSM) to join our team in Virginia, Maryland, or Washington, DC. This position is primarily remote, but the ISSM must reside in the area of the position and be able to go into the DoD installation space for meetings and work on an ad‑hoc and sometimes immediate basis.

Why Join Us

• Innovative Projects: KBR’s work is at the forefront of engineering, logistics, operations, science, program management, mission IT and cybersecurity solutions.
• Collaborative Environment: Be part of a dynamic team that thrives on collaboration and innovation, fostering a supportive and intellectually stimulating workplace.
• Impactful Work: Your contributions will be pivotal in designing and optimizing defense systems that ensure national security and shape the future of space defense.

The selected applicant will provide cybersecurity and Risk Management Framework (RMF) support to systems and applications for the Test Resource Management Center (TRMC). The role involves working with military, government, and contractor personnel to provide technical and policy direction grounded in Department of Defense (DoD) policy, acting as the Subject Matter Expert (SME) in the cybersecurity domain, and leading ISSOs. The ISSM will serve as a liaison between end users, application developers, and senior leadership within the DoD and across the Test and Evaluation community.

Responsibilities

• Deliver documentation including executive‑level briefings, assessments, self‑assessments, RMF packages, and supporting RMF documentation.
• Review cybersecurity tool reports (e.g., ACAS, HBSS) for reporting and compliance purposes.
• Develop software certification packages.
• Work directly with the TRMC SISO on all TRMC RMF packages and ATO status updates.
• Support security engineering projects and solution delivery.
• Lead security audit and compliance activities for each system under responsibility.
• Audit all artifacts in each RMF package to determine system readiness for ATO packet submissions.
• Provide recommendations to the SISO, PM, and AO regarding remediation and mitigation of identified vulnerabilities, test reports, and POA&Ms.
• Monitor system status updates and report to senior leadership, including monthly executive reports, vulnerability reports, JFHQ DODIN reporting, and briefings.
• Conduct monthly executive briefings to SISO and PM on security metrics.
• Interface with PMs and SISO on issues needing input/concurrence.
• Draft and present RMF deliverables to senior leadership.
• Attend Executive Program Reviews as the ISSM.
• Work with outside agencies on Memorandums of Understanding, Interconnection Service Agreements, and other senior‑level agreements.
• Collaborate with a distributed team to reduce travel.
• Travel up to 25 % of the time.

Basic Qualifications

• TS/SCI required
• Minimum 2 years of Information Technology Information Assurance or Cyber Security engineering experience.
• Minimum 2 years of experience conducting security assessments, reviewing security controls with the ISSO/ISSM, and guiding programs through the RMF process.
• Bachelor’s Degree in Engineering, Computer Science, or 8 years of IT field experience in lieu of degree; Master’s Degree preferred.
• Proven expertise assessing security controls in accordance with NIST Special Publications (e.g., NIST 800 series).
• In‑depth knowledge of cybersecurity principles, technologies, and processes.
• Experience with NIST 800‑53 and security development.
• Familiarity with performing assessments for unclassified and classified environments.
• Ability to adapt to process changes.
• Ability to interface with senior leadership.
• Ability to support high‑visibility or high‑priority projects.
• Excellent oral and written communication skills.

Compensation

• Maryland: $145,000 – $180,000
• Washington, DC: $150,000 – $190,000

The offered rate will be based on the selected candidate’s knowledge, skills, abilities, and experience, and in consideration of internal parity.