IT Security Analyst

Title:

KBR — Delivering Solutions, Changing the World.

KBR brings together the best and brightest to deliver science, technology and engineering solutions that help governments and companies around the world accomplish their most critical missions and objectives.

In everything we do, we are guided by our ONE KBR Values:

• We Value Our People – We create diverse, inclusive environments in which each person can feel safe, respected and valued, and where everyone has opportunities to grow and reach their full potential.

• We Deliver – We are uncompromising in our commitment to deliver innovative, high-quality, technology-led solutions for our customers and exceptional, sustainable value for all our stakeholders.

• We Are People of Integrity – We value honesty, trust, courage, fairness, prudence and tenacity. We believe doing what’s right for the planet, the communities where we work, and our people is good for business.

• We Empower – We empower our people with a shared purpose, the right tools and the supportive culture they need to be proactive decision-makers, to be adaptive to change, and to succeed.

• We Are a Team of Teams – We have a will to succeed, but we value the achievements of our team of teams over individual accomplishments. Our collective focus makes us a better, stronger, more effective company.

We have also embedded environmental, social and governance (ESG) principles in every business operation and corporate function. Not only are we committed to operating safely, sustainably and equitably, but we are also committed to using our capabilities and expertise to help our customers accomplish their sustainability goals. Worldwide, KBR employs a diverse workforce approximately 29,000 people strong, with customers in more than 80 countries and operations in 40 countries. At KBR, We Deliver.

IT Security Analyst
Position Description/Job Responsibilities:
The IT Security Analyst will work collaboratively with key stakeholders across the IT organization, including external auditors, IT process owners, IT management, and business stakeholders. This role involves developing a deep understanding of the IT organization’s processes, goals, and strategies. The ideal candidate will demonstrate knowledge of information security standards and frameworks such as ISO 27001, NIST 800-171, NIST 800-53, other NIST publications, and the Defense Federal Acquisition Regulation Supplement (e.g., DFARS clause 252.204-7012).

Key Responsibilities:
•    Assist in performing IT risk assessments and IT compliance audits to support requirements of various security frameworks.
•    Ensure IT security design, controls, processes, and procedures are aligned with information security standards and are adequate to mitigate risk of exposure.
•    Identify opportunities to improve existing processes and controls, recommend constructive corrective actions to address control deficiencies identified through compliance audits, and strengthen IT security posture.
•    Manage agreed corrective actions by collaborating and communicating with IT action owners.
•    Prepare compliance audit reports, key communications, and support the development of presentations and periodic status updates for IT Leadership.
•    Develop reports to analyze data from various security tools such as anti-virus, active directory, advanced endpoint threat detection, patching systems, and create meaningful and actionable insights for IT compliance reporting.

Additional Responsibilities:
•    Act as a liaison between IT development groups and business units for the development and implementation of new systems and enhancement of current systems.
•    Evaluate new applications, system requirements, developments in the field of expertise, and evolving business needs to recommend appropriate solutions and alternatives.
•    Perform assessments of systems and networks within the networking environment or enclave and identify deviations from acceptable configurations, enclave policy, or local policy through passive evaluations (compliance audits) and/or active evaluations (vulnerability assessments).
•    Establish strict program control processes to ensure mitigation of risks and support obtaining certification and accreditation of systems. This may include process support, analysis support, coordination support, security certification test support, security documentation support, investigations, software research, hardware introduction and release, emerging technology research inspections, and periodic audits.
•    Implement required government policies (i.e., NISPOM, DCID 6/3) and make recommendations on process tailoring.
•    Perform analyses to validate established security requirements and recommend additional security requirements and safeguards.
•    Support the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports.
•    Conduct periodic reviews of each system's audits and monitor corrective actions until all actions are closed.

Qualifications:
•    Requires in-depth knowledge and experience in IT security.
•    Uses best practices and knowledge of internal or external business issues to improve Group’s products or services.
•    Solves complex problems and takes a new perspective using existing solutions.
•    Works independently with minimal guidance and acts as a resource for colleagues with less experience.
•    Requires conceptual and practical expertise in own discipline and basic knowledge of related disciplines.
•    Has knowledge of best practices and how own area integrates with others; is aware of the competition and the factors that differentiate them in the market.
•    Has in-depth knowledge of DOD, Agency, and/or industry standards and IT requirements.
•    Acts as a mentor or advisory resource for colleagues with less experience; may run small projects with manageable risks and resource requirements.
•    Solves complex problems and exercises judgment based on the analysis of multiple sources of information.
•    Impacts a range of customer, operational, project, or service activities within own team and other related teams; works within broad Program/Department/Section guidelines and policies.
•    Explains difficult or sensitive information and works to build consensus.
•    May have formal, but limited, supervision of team members at a department or project level, including verification of timecards, oversight of daily tasks/schedules, and input into performance appraisals.
•    May be the primary customer contact for assigned area of responsibility.
•    Requires a college or university degree in Information Technology, Computer Science, or the equivalent combination of education and experience.
•    Typically requires 4 to 7 years of relevant experience.

KBR Benefits​

KBR offers a selection of competitive lifestyle benefits which could include 401K plan with company match, medical, dental, vision, life insurance, AD&D, flexible spending account, disability, paid time off, or flexible work schedule.  We support career advancement through professional training and development.​

Click here to learn more:  KBR Benefits

Belong, Connect and Grow at KBR

At KBR, we are passionate about our people and our Zero Harm culture.  These inform all that we do and are at the heart of our commitment to, and ongoing journey toward being a People First company.  That commitment is central to our team of team’s philosophy and fosters an environment where everyone can Belong, Connect and Grow. We Deliver – Together. 

KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.