• Serve as the primary security point of contact for external customers, owning the end-to-end customer security relationship. • Lead customer security programs for managed services, ensuring alignment with contractual obligations, regulatory requirements, and enterprise security standards. • Translate customer security requirements into actionable security objectives, coordinating delivery across internal Information Security, Engineering, Cloud Platform, and Application Security teams. • Provide oversight and governance of MSSP-delivered Security Operations, including monitoring, incident detection, response coordination, and SLA adherence. • Own and coordinate customer-specific governance, risk, and compliance (GRC) activities, including risk assessments, control mapping, and remediation tracking. • Lead customer security governance forums, periodic security reviews, and executive-level briefings. • Coordinate customer security questionnaires, audits, certifications, and assurance activities in partnership with internal GRC and compliance teams. • Ensure timely and effective communication of security posture, risks, incidents, and remediation plans to customers and executive stakeholders. • Oversee security incident coordination affecting customer environments, ensuring appropriate response, customer communication, and post-incident follow-up. • Track and manage customer security risks, exceptions, and remediation activities through formal governance processes. • Support the continuous improvement and scalability of the enterprise customer security program model. • Perform additional duties as assigned by the Director of Information Security.

Title: RMF Cybersecurity ISSO/SME 3 Program Summary: KBR’s Mission Engineering Division delivers complex technical solutions and expert support to the U.S. Department of War, specializing in modeling and simulation, cyber transformation, air vehicle mission integration, and lifecycle support. As a trusted partner with a proven history in mission technology, KBR collaborates closely with clients to develop innovative and effective solutions. With a strong ethical framework, KBR prioritizes data security, privacy, and responsible information management to ensure mission success. Job Summary: KBR is seeking a Cybersecurity Risk Management Framework (RMF) Information System Security Officer (ISSO) to support the DHA Solution Delivery Division (SDD). In this role, you will lead Assessment & Authorization (A&A) activities and guide systems through the RMF lifecycle to achieve and maintain Authorizations to Operate (ATOs) for mission-critical medical systems. You will work closely with engineers, developers, and government stakeholders to ensure compliance with NIST, DoD, and DHA cybersecurity requirements while supporting continuous monitoring and risk management efforts. This 100% remote position requires availability during standard Eastern Time (ET) day shift hours. Join KBR to contribute directly to protecting critical healthcare systems supporting warfighters and their families. Roles and Responsibilities: - Manage one or more information systems throughout the full six-step RMF lifecycle, including assessment, authorization, and continuous monitoring activities - Serve as an RMF Subject Matter Expert (SME), advising stakeholders on cybersecurity compliance, risk posture, and ATO readiness - Develop, review, and maintain RMF packages and associated documentation, including Security Plans, POA&Ms, Risk Assessment Reports, and security control policies - Assess system compliance against NIST SP 800-53 controls and DHA RMF requirements as part of self-assessment and annual reviews - Document and maintain evidence supporting control implementation and compliance - Lead and participate in A&A and stakeholder meetings to track system status, resolve issues, and drive RMF progress - Coordinate with engineers and system owners to develop architecture diagrams, system asset inventories, and security policies - Prepare and deliver status reports to DHA leadership on system authorization and compliance efforts Basic Qualifications: - Active DoD Secret security clearance - Bachelor’s degree in cybersecurity, information technology, or related field with 6+ years of experience; or 14+ years of relevant cybersecurity/IT experience in lieu of degree. - DoD Manual 8140.03 (formerly 8570.01)-compliant certification (e.g., Security+, CISSP, CASP+/SecurityX) - Demonstrated experience performing RMF activities as an ISSO/ISSM/SME, including ATO process support and RMF package development (Security Plans, POA&Ms, architecture diagrams, system security policies, etc.) - Demonstrated experience assessing and documenting NIST SP 800-53 controls - Experience using Microsoft Office applications: Word, PowerPoint, Excel, and SharePoint Preferred Qualifications: - Experience using eMASS or equivalent compliance-tracking application - Experience supporting RMF processes under DHA - Familiarity with ACAS and DISA STIGs/SRGs and tools such as STIG Viewer and SCAP Compliance Checker - Familiarity with Continuous Monitoring and Risk Scoring (CMRS) - Experience using Microsoft Project to build Integrated Master Schedules (IMS) Compensation: $107,600.00 - $161,400.00. The salary range posted is based on the national average. The offered rate will be based on the selected candidate’s location, knowledge, skills, abilities, and/or experience, contract affordability, and in consideration of internal parity. Benefits: KBR offers a selection of competitive lifestyle benefits which could include a 401K plan with company match, medical, dental, vision, life insurance, AD&D, flexible spending account, disability, paid time off, or flexible work schedule. We support career advancement through professional training and development. Belong, Connect and Grow at KBR At KBR, we are passionate about our people and our Zero Harm culture. These inform all that we do and are at the heart of our commitment to, and ongoing journey toward being a People First company. That commitment is central to our team of team’s philosophy and fosters an environment where everyone can Belong, Connect and Grow. We Deliver – Together. KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.

• Pentest applications across our stack, identifying vulnerabilities in APIs, mobile apps (Android/iOS), and infrastructure before attackers do. • Plan and execute realistic attack campaigns: phishing with custom domains, social engineering, lateral movement, privilege escalation. Measure real organizational resilience, not checkbox compliance. • Engineer security platforms, scanning pipelines, and automation that multiply the team's impact. • Design and build LLM-powered agents that detect, classify, triage and fix vulnerabilities in real time.

Location: Remote US Reports to: Director of Product Research Compensation Range: $210,000 to $230,000 plus bonus and equity What We Do: Huntress is a fully remote, global team of passionate experts and ethical badasses on a mission to break down the barriers to cybersecurity. Whether creating purpose-built security solutions, hunting down hackers, or impacting our community, our people go above and beyond to change the security game and make a real difference. Founded in 2015 by former NSA cyber operators, Huntress protects all businesses—not just the 1%—with enterprise-grade, fully owned, and managed cybersecurity products at the price of an affordable SaaS application. The Huntress difference is our One Team advantage: our technology is designed with our industry-defining Security Operations Center (SOC) in mind and is never separated from our service. We protect 4M+ endpoints and 7M+ identities worldwide, elevating underresourced IT teams with protection that works as hard as they do. As long as hackers keep hacking, Huntress keeps hunting. Responsibilities: - Lead the security Capabilities we bring to market, owning the layered defense strategy gained by combining multiple data sources - Convert application and endpoint vulnerability research + findings into actionable preventive and remediation actions by generating security software engineering requirements - Translate CVE & vendor hardware/software vulnerability research into security product development - Reverse engineer operating system (OS) components to identify + action OS control mechanism opportunities for security product development - Research vulnerability management automation opportunities to scale patching + security fixes for all operating systems and applications across millions of endpoints - Report on health and security posture for millions of endpoints across tens of thousands of varied environments - Iterate high-impact security posture baselines that align security posture to reduce & remediate risk - Measure endpoint protection software solution effectiveness at reducing risk, closing security gaps & decreasing attacks/access - Design, architect, and build vulnerability management scanning infrastructure and tools - Research technical escalations for endpoint protection Capabilities - Expert experience in configuration management across endpoint platforms - including firewalls, application control, attack surface reduction, & vulnerability management solutions - Balance security with productivity, building an intentional alert strategy that empowers risk owners with security posture improvement opportunities that don’t create friction to business delivery - Leverage AI for security value research - Document research findings through technical write-ups, advisories, internal reports, and blogs. - Identify opportunities to improve existing product features and explore new ones based on feedback from partners, prospects, peers, and industry publications. - Coordinate with Security, Product, and Engineering teams to integrate and operationalize solutions you develop. - Own & nurture the cross-department relationships critical to successful product delivery & launch. - Proven organizational and program management skills, with keen attention to detail and a sense of urgency to deliver an exceptional product under tight deadline pressures. - Eagerness to engage, report, and be accountable to executive stakeholders. - Passion to translate your expertise in nontechnical ways to deliver impactful security outcomes that protect the 99%. - Promote Huntress’ reputation through media appearances, public speaking engagements, and blog posts. - Educate the public on how to be security savvy in novel and fun ways. What You Bring To The Team: - Expert experience in configuration management across endpoint platforms - including firewalls, application control, attack surface reduction, & vulnerability management solutions - Experience reverse engineering - Experience leveraging AI to generate security outcomes - Experience building AI agents for security research & innovation - Expert-level security engineering & vulnerability management skills + experience - Expert skills in performing security assessments, vulnerability testing, and risk analysis on endpoint devices - Demonstrated experience producing proofs of concept - Programming Skills (C/C++/Go) - Passion for the MSP community - Security conference presenter - Security community educator & advocate What We Offer: - 100% remote work environment - since our founding in 2015 - Generous paid time off policy, including vacation, sick time, and paid holidays - 12 weeks of paid parental leave - Highly competitive and comprehensive medical, dental, and vision benefits plans - 401(k) with a 5% contribution regardless of employee contribution - Life and Disability insurance plans - Stock options for all full-time employees - One-time $500 reimbursement for building/upgrading home office - Annual allowance for education and professional development assistance - $75 USD/month digital reimbursement - Access to the BetterUp platform for coaching, personal, and professional growth Huntress is committed to creating a culture of inclusivity where every single member of our team is valued, has a voice, and is empowered to come to work every day just as they are. We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, disability, veteran status, genetic information, marital status, or any other legally protected status. We do discriminate against hackers who try to exploit businesses of all sizes. Accommodations: If you require reasonable accommodation to complete this application, interview, or pre-employment testing or participate in the employee selection process, please direct your inquiries to accommodations@huntresslabs.com. Please note that non-accommodation requests to this inbox will not receive a response. Huntress uses artificial intelligence tools to assist in reviewing and evaluating job applications, including resume screening, skills assessment, and candidate matching and comparisons. These AI tools support our human recruiters in the initial review process, but do not make final hiring decisions without human involvement. By submitting your application, you acknowledge this use of AI in our recruitment process. Please review our Candidate Privacy Notice for more details on our practices and your data privacy rights. #BI-Remote