• Identify, investigate, and remediate threats – both internal and external. • Understand threats, attacks, and malware to develop enterprise detections and protections. • Perform security control maintenance in the form of detection tuning, control policy updates, and automations. • Reporting of metrics and summaries of weekly investigations/ ticket tracking is required. • Leverage by senior level analysts for more complex investigations and duties.

Title: Information System Security Officer (ISSO) Belong. Connect. Grow. with KBR! KBR’s National Security Solutions team provides high-end engineering and advanced technology solutions to our customers in the intelligence and national security communities. In this position, your work will have a profound impact on the country’s most critical role – protecting our national security. Why Join Us? - Innovative Projects: KBR’s work is at the forefront of engineering, logistics, operations, science, program management, mission IT and cybersecurity solutions. - Collaborative Environment: Be part of a dynamic team that thrives on collaboration and innovation, fostering a supportive and intellectually stimulating workplace. - Impactful Work: Your contributions will be pivotal in designing and optimizing defense systems that ensure national security and shape the future of space defense Job Summary The successful candidate will provide support to the Test Resource Management Center’s (TRMC) All Domain Test Range (ADTR) and INDOPACOM Pacific-Rim Multi-Domain Training and Experimentation Capability Team, Joint Mission Environment Test Capability (JMETC) Secret Network (JSN) Node, JMETC Multiple Independent Levels of Security Network (JMN) Node, Secret Defense Research and Engineering Network (SDREN), Defense Research and Engineering Network (DREN). In this role, you will be a critical part of our team responsible for evaluating customer requirements pertaining to complex technical challenges. The successful candidate will assist with providing solutions to complex problems in a manner which meets both functional and security requirements. You will be responsible for keeping the team’s computing environment operational and in compliance with all TRMC directives and applicable RMF requirements. To do this, you will frequently collaborate with other distributed team members to discuss current system status and plan desired future enhancements. The ideal candidate will have a blended skill set with a strong background in both systems administration and cybersecurity. This individual will possess experience in Windows and Linux server management, Active Directory, Security Technical Implementation Guides (STIGs), and virtualization technologies. This role is critical in ensuring the integrity, confidentiality, and availability of our information systems within a Department of Defense (DoD) environment. Key Responsibilities: - Security Management: - Develop, implement, and maintain security policies, procedures, and standards to safeguard organizational information systems. - Conduct regular security assessments, vulnerability scans, and penetration testing to identify and mitigate potential threats. - Monitor security alerts and logs to respond to incidents in a timely manner, ensuring compliance with DoD regulations. - Manage Privileged Access Management (PAM) solutions to ensure secure access control for sensitive systems and data. - Filter and generate reports from Security Information and Event Management (SIEM) tools to provide insights into security incidents and trends. - Respond to JFHQ-DODIN issued orders, such as Cyber Task Orders (CTO). - Participate in DoD mandated Zero Trust efforts (initiatives, planning, testing, and implementation). - Risk Management Framework (RMF) Compliance - Apply RMF principles to assess and manage risk associated with information systems, including categorization, selection of security controls, implementation, assessment, authorization, and continuous monitoring. - Collaborate with stakeholders to ensure all systems are RMF-compliant and maintain relevant documentation. - Training and Awareness - Develop and conduct security training programs for staff to enhance awareness of information security best practices and organizational policies. - Function as a security advisor to other departments, providing guidance on secure system design and implementation. - Documentation and Reporting - Maintain comprehensive documentation of security processes, incidents, and remediation efforts. - Prepare and present reports on security posture, vulnerabilities, and incident response efforts to senior management and other stakeholders. - Additional Tools and Technologies - Experience with McAfee ePolicy Orchestrator (ePO) for centralized security management. - Familiarity with Assured Compliance Assessment Solution (ACAS) for vulnerability scanning and compliance monitoring. - Jira and Confluence - ServiceNow - Helpdesk and CCB solutions input, monitoring status, approval workflows Work Environment: - Location: Remote - Travel Requirements: Minimal up to 20% - Working Hours: Standard Qualifications: Required: - Education: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field - Certifications: CISSP, CISM, CASP, Security+ - Security Clearance: Active TS/SCI - Experience: Minimum 10 years of system administration or cybersecurity-related experience, specifically within DoD environment. - Technical Skills: - Proficient in Windows server and Linux server management, including installation, security policies, configuration, and troubleshooting. Desired: - Education: Master’s degree in computer science, Information Technology, Cybersecurity, or related field. Advanced degrees or certifications (CISSP, CISM, CASP, Security+) - Virtual Desktop Infrastructure: Horizon, UAG, Provision and Maintain VM pools - Client Support: Solid understanding and experience supporting zero/thin clients - Risk Management System Support: Experience supporting systems within a DoD Risk Management Framework (RMF) accredited environment. - SIEM Solutions: Splunk, SolarWinds, etc. - Skills: Coordination, Communication and Presentation skills - Functionality: Layer 2/3 Networking experience - Firewall experience - DoD 8570 certifications: Security+, CISSP, Computing Environment - DoD Network experience: Experience working with DoD Wide Area Networks and familiarity with various network architectures and common protocols to include: - Experience working with Defense Research and Engineering Network (DREN) - Experience working with the Secret Defense Research and Engineering Network (SDREN) - EPO (Trelix) experience – policy, agent updates, compliance dashboards, ACAS experience – scanning, reporting, compliance dashboards Belong, Connect and Grow at KBR At KBR, we are passionate about our people and our Zero Harm culture. These inform all that we do and are at the heart of our commitment to, and ongoing journey toward being a People First company. That commitment is central to our team of team’s philosophy and fosters an environment where everyone can Belong, Connect and Grow. We Deliver – Together. KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.

Overview The Associate Vice President (AVP) Security Engineering & Operations is responsible for building and scaling a high-performance security engineering and operations function that protects Hyland’s business, enables engineering, compliance, and adjacent securityteams while reducing operational friction. This role will embed security into asset management, software engineering, cloud operations, and automate workflows while driving continuous improvements in security posture resilience and incident readiness. Reporting to the CISO, the AVP leads the Security Operations Center (SOC), Enterprise and Application Security initiatives, and offensive/defensive security operations to align with enterprise growth, customer commitments, and innovation goals. Responsibilities Responsibilities: - Build and lead a highly efficient, AI-enabled Security Operations Center (SOC), delivering threat detection, exposure management, posture management, incident response, and digital forensics capabilities. - Define and own KPIs for SOC performance (MTTD, MTTR, SLA adherence), engineering delivery, and coverage gap closure. - Manage a team to monitor for and respond to security events 24x7x365, and plan and execute regular incident response and postmortem exercises with measurable benchmarks. - Oversee and continuously improve DevSecOps/AppSec integration, embedding security into CI/CD pipelines, SCA/SAST/DAST tooling, secure code review, non-human identity/API security programs, and threat modeling. - Build and maintain strong relationships with stakeholders, sharing threat intelligence and best practices; lead engagement with engineering teams to implement new systems and processes. - Deep familiarity with cloud-native security architecture to act as a deeply embedded partner to architecture and development teams. - Direct and approve the design of security systems including zero trust architecture, network segmentation, and identity security. - Drive offensive and defensive security operations including red teaming and blue team resilience. - End-to-end ownership of multi-faceted and distributed Vulnerability management programs, including prioritization frameworks and release gates tied to business risk. - Set vision and collaborate with senior management to define and ensure success of departmental strategy, including budget management.   - Provide managerial direction and oversee all aspects of performance management for direct reports and teams. - Drive continuous improvement through after-action reviews, tooling optimization, and process automation. - Develop future leaders within the team that aligns with the people strategy. Build a management team bench capable of meeting the demands of rapid growth.  - Serve as an escalation point for complex and high-level issues; provide direction and guidance to assist with resolution of issues and removing obstacles for security and stakeholder teams. - Work with the leadership to plan the strategic vision, organizational structure, operating policies, and procedures and management practices to ensure the department delivers operational excellence. - Act as a strategic partner to product, engineering, and other technical teams to embed security into the acquisition, management, and software development lifecycle. Basic Qualifications Qualifications: - Bachelor’s degree in computer science, information security, engineering, or related field  - 15+ years of progressive experience in cybersecurity or engineering leadership with at least 5 years in SaaS cloud-native environments. - Proven track record of leading incident response, application security, or DevSecOps functions at enterprise scale. - Deep expertise in DevSecOps, cloud-native security, software engineering, and automation. - Demonstrated fiscal responsibility/accountability in managing budgets with a track record for consolidating tooling expenses. - Certifications such as CISSP, CISM, SANS/GIAC, CSSLP, OSCP  - Exceptional ability to design, implement, and prove security effectiveness through evidence-based testing and measurable outcomes. - Exceptional knowledge of automation CI/CD, SRE, and multi-cloud operating environments - Up to 10% of travel time required.

• Technical responsibility for all deployed IT security tools • Focus on the operation and further development of DDoS protection (Myra), certificate management (DigiCert & Sectigo), and secret management (HashiCorp) • Ensuring 24/7 operations as part of an on-call rota • Management and coordination of external IT service providers for security tools