Senior Security Consultant

Readiness Delivered. Kratos Defense & Security Solutions develops and fields transformative, affordable technology, platforms, and systems for United States National Security related customers, allies, and commercial enterprises. We proactively build trusted relationships with our peers, partners and customers, and take ownership for our actionsalways striving to do the right thing. Kratos is looking for a Senior Security Consultant to join our team in a hybrid work environment.As a Sr. Security Consultant of Commercial Cybersecurity Services for Kratos, you will be leading and supporting teams of professionals working to evaluate and secure innovative cloud computing solutions on the most advanced cloud and on-premises infrastructures, by providing security consulting services and performing security assessments.

The ideal candidate will have a firm understanding of how to apply the principles of information security in a variety of circumstances and security requirements into common technical implementations. Candidates must have experience working in classified environments. Must have a strong understanding of Federal Risk and Authorization Management Program (FedRAMP) assessments, Department of Defense (DoD) Cloud Service Provider Security Requirements Guide, Committee on National Security Systems Instruction (CNSSI) requirements, and National Institute of Standards and Technology (NIST) Special Publications and Risk Management Framework (RMF).

Key Responsibilities:

Assessor Role

• Lead and support assessment teams conducting FedRAMP, DoD SRG, and NIST RMF security assessments.
• Review Security Packages (SSP, SAP, SAR, POA&M, Deviation Requests, Significant Change Requests, Continuous Monitoring artifacts) for completeness and compliance.
• Validate Cloud Service Provider (CSP) compliance with FedRAMP/DoD/NIST security control baselines through review of evidence, testing, interviews, and analysis of scans, etc.
• Develop Security Assessment Plans and Security Assessment Reports, including detailed test procedures and findings.
• Validate Cloud Service Provider compliance through evidence review, interviews, technical testing, and analysis of vulnerabilities.
• Conduct client interviews to assess the operational and technical effectiveness of security controls.
• Evaluate cloud security implementations across AWS, Azure, Google, or other IaaS environments.
• Brief internal and external stakeholders, including senior government representatives, on defensible assessment results.

• Active DoD Secret clearance or higher.
• Experience working in classified environments; ability to work in or access a SCIF as required.
• Strong understanding of NIST 800?53 Rev5, FedRAMP, DoD Cloud SRG, CNSSI, and the NIST RMF.
• Technical experience implementing security configuration, solutions, and/or cloud services.
• Ability to validate cloud-native security implementations (E.g., IAM, logging, encryption, network segmentation, etc.)
• Demonstrated ability to determine control effectiveness through documentation review, interviews, and technical testing.
• Exceptional writing skills with the ability to translate technical information into clear assessment procedures and findings.
• Strong verbal communication skills and ability to brief technical and non technical audiences.
• Proficiency with MS Office and assessment documentation tools.
• Certification Requirements: Certified Information System Security Professional or Associate (CISSP)

Plus one of the following certification from the list below:

• • Cisco Certified Network Associate Security (CCNA Security)
  • Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops)
  • Cybersecurity Analyst (CySA+)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Systems and Network Auditor (GSNA)
  • GIAC Certified Intrusion Analyst (GCIA)
  • Certified Information Systems Auditor (CISA)
  • Certified Secure Software Lifecycle Professional (CSSLP)
  • Certified Information Systems Security Officer (CISSO)
  • CyberSec First Responder (CFR)
  • CompTIA Advanced Security Practitioner Continuing Education (CASP+) Continuing Education (CE)
  • CompTIA Cloud+ (Cloud+)
  • Global Industrial Cyber Security Professional (GICSP)
  • Securing Cisco Networks with Threat Detection Analysis (SCYBER)
  • BCR Cyber Technical Proficiency Testing Activity

Preferred Skills/Experience

• Prior 3PAO or DoD assessor experience.
• Experience leading assessment teams or serving as a technical SME.
• Experience with automation, IaC, or cloud-native security tooling.
• AI Familiarity