Senior Cyber Security Engineer (Supporting NASA at Johnson Space Center)

As a Senior Cyber Security Engineer at KBR, your primary responsibilities include managing IT System Security Plans, training and mentoring junior security engineers, and assessing various risks and vulnerabilities. You will work to improve the overall security posture of KBR by developing strategies to mitigate potential risks, managing the Plan of Actions and Milestones (POAMs), and providing critical security recommendations to senior leadership.

To be considered for the Senior Cyber Security Engineer position at KBR, you'll typically need an undergraduate degree, relevant certifications, or equivalent work experience. Additionally, candidates should possess around 15 years of experience in the field. Desired qualifications include expertise in managing NIST SP 800-53 Security Controls and a strong understanding of advanced threats and vulnerabilities.

At KBR, career advancement is a significant aspect of working here. As a Senior Cyber Security Engineer, you will have access to professional training and development opportunities that pave the way for your growth within the company. KBR fosters an environment that emphasizes belonging, connection, and the chance to grow your skillset further in the ever-changing landscape of cybersecurity.

KBR is dedicated to supporting its employees' work-life balance through flexible work schedules and various lifestyle benefits. These benefits, which include a 401K plan with company match and generous paid time off, help ensure that our employees can thrive both personally and professionally while being a part of the KBR team.

As a Senior Cyber Security Engineer at KBR, you will work on various exciting projects that support NASA's initiatives. This includes managing security projects and new security initiatives, performing security assessments, and working on strategies to ensure compliance with government security regulations. Your role will involve collaborating with peers and leadership to strengthen IT security measures.

When preparing for this question, focus on specific examples from your past work experience that illustrate your proficiency with NIST SP 800-53, and highlight how you've implemented these controls in past projects.

In your response, provide concrete examples of security risks you've identified in previous positions, the methods you used to assess these risks, and the strategies you implemented to mitigate them. Be sure to detail the outcomes and any lessons learned.

Demonstrate your commitment to continuous learning by mentioning specific resources, such as industry publications, online courses, or cybersecurity conferences that you keep an eye on, and how this knowledge influences your work.

When answering this question, share your philosophy on mentorship. Discuss specific techniques you've used to train and empower junior engineers, and include examples of success stories that emphasize your impact on their development.

Talk about the specific tools you’ve utilized in the past for managing IT System Security Plans, why you prefer them, and how they have improved your efficiency and effectiveness in managing security protocols.

Share your specific experiences with incident management, detailing how you have managed incidents, communicated with stakeholders, and implemented lessons learned to prevent future occurrences.

Discuss the importance of clear and effective communication in cybersecurity, citing examples of how you have successfully conveyed complex security concepts to non-technical stakeholders and why it's critical for security posture.

Select a specific project that posed significant challenges. Discuss the objectives, obstacles you faced, how you overcame them, and the impact of the project on the organization.

Demonstrate your knowledge of the MITRE ATT&CK Framework, explaining its significance in identifying and mitigating advanced persistent threats. Share how you've applied this knowledge in previous roles to enhance security measures.

Illustrate your time management and prioritization strategies by discussing how you evaluate project urgency and importance, and share examples of how you have successfully managed competing priorities in the past.