ISSM Deputy

Who We Are

Kessel Run is an Air Force software development organization that continuously delivers war-winning software that our Airmen love. We are striving to be a "software company" within the Air Force that can sense and respond to conflict in any domain, anytime, anywhere.

We value continuous learning, continuous user feedback, continuous integration, continuous delivery, continuous security & continuous testing. We combine lean principles, user-centered design and eXtreme Programming (XP) using a flat management, balanced team approach to ensure we are always building the most valuable thing possible, the simplest way possible, and as fast as possible.

We are offering the opportunity to work in a modern work environment, to use cutting-edge technologies and modern processes, all while making a meaningful impact every single day. Come help us solve our nation's toughest, most complex challenges while enjoying yourself at work every day.

Day In The Life

A typical day as a Kessel Run Information System Security Manager (ISSM) starts with a morning stand-up to align on goals for the day within the Security branch. As the ISSM you'll coordinate with the Chief Security Officer (CSO), Cyber Surety directorate lead, incident response team, policy team, software assessors team, Security branch and the rest of KR. You'll make risk-based decisions to the operations of the Kessel Run Software Factory, AWS GovCloud Infrastructure, and Cloud and Operations. You will manage the incident response processes and lead the response to cyber security incidents and data spills. You will draft, review and approve security policies for the organization carefully balancing operations and security.

You will facilitate meetings with your team and across Kessel Run including working groups and decision briefs based on the risk and benefit of specific actions/changes. You will define and track security metrics and keep your stakeholders informed about relevant trends. Limited travel will be required to assess security at various KR facilities and to meet with infrastructure and security teams.

Who You Are

• You have at least 10 years of cyber security experience in the DoD and are familiar with the RMF ATO process, DoD 8570, and NIST Cyber Security Framework.
• You have a DoD 8570 IAM Level III certification such as CISSP or CISM or will be able to attain one within 6 months of being hired. (see more information here)
• You have a background in ethical hacking and can organize a penetration test or adversarial assessment.
• You have worked in an agile environment and are familiar with DevSecOps.
• You have a strong background in networking and infrastructure.
• You have experience partnering with engineers, security, and developers to analyze risk and make decisions impacting the security & operations of the unit.
• You understand the AWS GovCloud environment and cloud security.
• You have experience with writing security/policy documents and enforcing them.
• You have experience briefing senior leadership such as the Authorization Official (AO), Commander, Chief Technology Officer, and Chief Security Officer on relevant threats to the unit and mitigations taken.
• You excel at facilitating meetings, communicating with internal and external stakeholders, and adapting your communication style to your audience.
• You have a growth mindset and love working in a fast-paced agile environment.
• You are a U.S. citizen and are eligible to obtain a U.S. Top Secret/SCI Security Clearance (see eligibility requirements here).
• You are able to work or travel to our downtown Boston and Hanscom AFB office.

Qualifications

Minimum Education - Bachelor's degree with concentration in Cybersecurity, Computer Science, Computer Engineering or Information Technology preferred.

Preferred Education - Master's Degree in Computer Science, Cybersecurity or other related field.

Certifications - One or more of the following or the ability to obtain within 12 months of hire:

• Certified Reverse Engineering Analyst (CREA)
• Certified Penetration Tester (CPT)
• Certified Computer Forensics Examiner (CCFE)
• Certified Computer Examiner (CCE)
• Cisco Certified Network Associate (CCNA)
• Certified Ethical Hacker (CEH)
• Certified Information Systems Security Professional (CISSP)
• Certified Computer Security Incident Handler (CERT CSIH)
• Certified Incident Handler (E/CIH)
• Certified Reid Investigator
• Certified Protection Professional (CPP)

You are a U.S. citizen and are eligible to obtain a U.S. Security Clearance (see eligibility requirements here)

This is a Federal civilian service position within the United States Air Force. We are hiring at the equivalent of a GS-14 up to GS-15 level for this position. This means you can expect a base salary of $99,908 to $152,771 multiplied by your locality rate, based on your experience. You can find your locality definition here and see the pay tables for the GS scale here. Our headquarters is located in Boston, MA; for a Boston-based employee, this would translate to a range from $130,929 to $183,500.

We also provide paid time off, health, and retirement benefits. There are advancement opportunities to promote to more senior levels after hiring.

We understand that there is no such thing as the ideal candidate for any job and we believe in empowering people to learn and grow throughout their careers. We encourage any applicant who is interested in making an impact in the Department of Defense to apply to this position regardless of background and qualifications.