Information Systems Security Officer jobs at ASRC Federal - 21 jobs

ASRC Federal has an exciting opportunity for an Information System Security Officer (ISSO in) in Dayton, Ohio. This position offers a sign-on bonus. Our desire is to build a team of highly qualified professionals that will provide expertise in Cybersecurity, Cloud, and Systems Engineering, who will support the development and sustainment of unique secure enclaves at the edge, that provide enterprise services and cyber network defense capabilities to customers across the DoD. This team will provide engineering expertise using technologies such as ePO, Splunk, ACAS, Azure Automation, STIG/SCAP, and other enterprise capabilities. The ISSO will have an active role in monitoring a system and its environment of operation to include developing and updating a System Security Plan, managing and controlling changes to the system, and assessing the security impact. Responsibilities: Maintain the operational security posture of systems. Monitor systems and environments for security compliance. Develop and update System Security Plans (SSPs). Manage and control system changes and assess their security impact. Handle physical, personnel, and environmental security. Conduct incident response and security awareness training. Assist the ISSM and assume ISSM duties when necessary. Assist the ISSM in meeting their duties and responsibilities. The ISSO shall assume ISSM responsibilities in the absence of the ISSM; Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the security authorization package; Maintain equivalent IAM Level 2 certifications based off of DoD 8140 standard; Ensure all users have the requisite security clearances, authorization, need-to-know, and are aware of their security responsibilities before granting access to the IS; Report all security-related incidents to the ISSM Conduct periodic reviews of information systems to ensure compliance with the security authorization package; Serve as member of the CCB, if designated by the ISSM; Coordinate any changes or modifications to hardware, software, or firmware of a system with the ISSM and AO/DAO prior to the change; Formally notify the ISSM and AO/DAO when changes occur that might affect system authorization; Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly; Ensure all IS security-related documentation is current and accessible to properly authorized individuals; and Ensure audit records are collected, reviewed, and documented (to include any anomalies). Participate in joint agile backlog planning and provide feedback to the software development team and infrastructure teams around high to medium risk items that require information system owner approval. Responsibilities: Advanced technical competency and experience in one or more of the following areas: Active Directory Domain Services, Active Directory Federated Services, Active Directory Certificate Services, Windows Server Update Services, ePO, Splunk, STIG/SCAP, YUM, ACAS Automation, and Azure Monitor / Log Analytics. Maintain equivalent IAM Level 2 certifications based off of DoD 8140 standard 5+ years related experience in SCI/SAP environments. Bachelor's degree in computer science, Engineering, Finance, Business, or relatedfield 5-8 years demonstrated performance in related technology Top Secret w/ SCI eligibility Other duties as assigned

SAIC is seeking an **Information System Security Officer (ISSO)** for our team to support a government customer. This position is fully remote. **Must be local to the DC area (within 50 miles)** and may be expected to come in at least once every 2 weeks in the future. **Responsibilities:** + Provides objective advice and specialized skills in order to create value, maximize growth or improve performance, resiliency and protection against cybersecurity related threats, vulnerabilities, and other cybersecurity related remediation activities. + Participates in consulting projects that deliver customer focused results aligned with strategic goals of the Client. + Facilitates review and analysis of strategic issues and advises regarding implementation of strategy. + May assist in conducting education classes. May provide support in the following areas: guidance to resolving issues, analysis of trends and issues, development of procedures and processes, oversight of technical implementation and execution of strategic plans. + Applies specialized knowledge of sensitive system Cybersecurity requirements and Privacy Act requirements. + Applies specialized knowledge and experience with the implementation of the NIST Special Publication (SP) 800 family of publications, particularly those associated with NIST's Risk Management Framework and the Federal Risk and Authorization Management Program (FedRAMP). + Applies specialized knowledge and experience with evaluating system, network, or infrastructure security controls against requirements such as FISMA, Federal Information Processing Standards (FIPS, and NIST guidelines + Applies knowledge of DHS Information Security Policy Directives and Handbooks is preferred. + Applies knowledge and experience with standard IA concepts, practices, and procedures. Working independently to solve problems quickly and completely. + Applies specialized experience with three (3) of the four (4) following criteria is required: + Vulnerability scanning execution, assessment, and analysis. + Operating system and network knowledge (i.e., Local Area Networks [LAN] and Wide Area Networks [WAN].) + Information security and assurance principles (e.g., Defense-in-depth) and associated supporting technologies. + Application security, database security, and network security. + Possess ability to assess and weigh current and evolving security threats in an operational environment. + Possess good oral and written communication skills. + Team player who can collaborate with multiple stakeholders to arrive at the best solution. + Relies on extensive experience and judgment to plan and accomplish goals. Works independently to solve problems quickly and completely. **Qualifications** Requirements: **Certification:** Must possesses one of the following professional security certifications or can be obtained within six (6) months of hire: CISSP, CASP, CISA, CISM, CEH, SSCP, GISP, GSLC. **Education:** Must have a Bachelor's Degree and 5 years of experience. **Experience:** *For equivalency, 1 year of experience equals 1 year of education. *For equivalency, 1 year of education equals 1 year of experience. + Varies depending on years of experience. + Must have 5 years of Cybersecurity experience. + Must have 5 years of FISMA experience. + Must be a U.S. Citizen with the ability to obtain and maintain a DHS Public Trust. Target salary range: $80,001 - $120,000. The estimate displayed represents the typical salary range for this position based on experience and other factors. REQNUMBER: 2600762 SAIC is a premier technology integrator, solving our nation's most complex modernization and systems engineering challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training. We are a team of 23,000 strong driven by mission, united purpose, and inspired by opportunity. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see Working at SAIC. EOE AA M/F/Vet/Disability

The Opportunity: Cyber threats are everywhere, and the constantly evolving nature of these threats can make understanding them seem overwhelming to our clients. In all of this "cyber noise," how can these organizations understand their risks and how to mitigate them? The answer is you. We need your knowledge as an information security risk specialist to help break down complex threats into manageable plans of action. As an information security risk specialist on our team, you'll work with clients to discover their cyber risks, understand applicable policies, and develop a mitigation plan. You'll get technical and personnel details from colleagues to assess the entire threat landscape. Then, you'll help your team guide your client through a plan of action with presentations, whitepapers, and milestones. You'll work on translating security concepts for your client so they can make the best decisions to secure their mission-critical systems. This is your opportunity to take an active role in information security while growing your skills in cloud technologies. Be a part of our team as we protect our nation's critical information systems. Join us. The world can't wait. You Have: * 5+ years of experience as an ISSO or Information System Security Analyst (ISSA) * Experience conducting tools assessments and configuration analysis against best practices, vendor specifications, and government security guidelines and requirements * Experience with the implementation, oversight, and maintenance of the security configuration, practices, and procedures for systems * Experience implementing controls from NIST 800-53, FedRAMP, ICD 503, RMF, and DoD Information Levels, including applying them to the design and implementation of information technology solutions to achieve an authorization to operate (ATO) * Experience with eMASS or Xacta IA Manager * Ability to perform risk analysis * Active TS/SCI clearance; willingness to take a polygraph exam * HS diploma or GED * DoD 8570 IAM Level II Certification such as CCNA-Security, CySA+, GICSP, GSEC, Security+ CE, CND, or SSCP Certification Nice If You Have: * Experience with DoD security technical implementation guides (STIGs), checklists, and testing tools, including STIG Viewer, SCAP, and ACAS scanning tool * Experience assessing configuration changes such as new COTS tools or web application upgrades, to system security boundary * Experience with cyber-related tools such as Splunk or STIG Viewer * Experience with SAP * Knowledge of Zero Trust principles and concepts * Ability to work within a collaborative team and a fast-paced and dynamic environment * Possession of excellent written, organizational, presentation, and verbal communication skills * AWS, Azure, or GCP Certification Clearance: Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required. Compensation At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen's benefit programs. Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits. We encourage you to learn more about our total benefits by visiting the Resource page on our Careers site and reviewing Our Employee Benefits page. Salary at Booz Allen is determined by various factors, including but not limited to location, the individual's particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $61,900.00 to $141,000.00 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of Booz Allen's total compensation package for employees. This posting will close within 90 days from the Posting Date. Identity Statement As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud. Work Model Our people-first culture prioritizes the benefits of flexibility and collaboration, whether that happens in person or remotely. * If this position is listed as remote or hybrid, you'll periodically work from a Booz Allen or client site facility. * If this position is listed as onsite, you'll work with colleagues and clients in person, as needed for the specific role. Commitment to Non-Discrimination All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.

Evaluate risk assessments and provide recommendations for system, network, and application design, implementation, and operation of enterprise-wide systems Evaluate vulnerability assessments of enterprise-wide or complex systems and networks to identify deviations from acceptable configurations or policies Support certification and accreditation through the coordinating documentation Evaluate the establishment of program control processes to ensure risk mitigation Evaluate implementation of required policies, procedures, and configurations Apply project management principles and methods to the leadership of security tasks or projects Coordinate communications regarding policies, procedures, and best practices for vulnerability and risk assessments Senior: Bachelor's Degree or higher Or an equivalent combination of education and experience IAM level 2- CISSP, CASP CE+, CGRC, or CISM Active Top SECRET clearance with SCI Eligibility. U. S. Citizenship is required for this position. LI-MS1 Dragon Buckeye

Participate in acquisition meetings (PMR, PDR, CDR, etc. ), concept of operation (CONOP) working groups, change boards, technical exchange meetings and other similar activities. Work between architecture-level and implementation-level engineering meetings to maintain a system-wide view of security functions and apply risk mitigation strategies at the appropriate level. Advise customer on Risk Management Framework (RMF) assessment and authorization issues Develop and implement a security assessment plan Perform risk assessments and make recommendations to DoD agency customers Advise government program managers on security testing methodologies and processes Evaluate authorization documentation and provide written recommendations for authorization to government PM's Develop and maintain a formal Information Systems Security Program Ensure that all IAOs, network administrators, and other cyber security personnel receive the necessary technical and security training to carry out their duties Develop, review, endorse, and recommend action by the AO or DAO of system assessment documentation Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media Develop and execute security assessment plans that include verification that the features and assurances required for each protection level function Develop policies and procedures for responding to security incidents, to include investigating and reporting security violations and incidents Ensure proper protection or corrective measures have been taken when an incident or vulnerability has been discovered within a system Ensure that data ownership and responsibilities are established for each authorization boundary, to include accountability, access rights, and special handling requirements Ensure development and implementation of an information security education, training, and awareness program, to include attending, monitoring, and presenting local cyber security Evaluate threats and vulnerabilities to ascertain whether additional safeguards are needed Assess changes in the system, its environment, and operational needs that could affect the authorization Ensure that authorization is accomplished a valid Authorization determination has been given for all authorization boundaries under your purview 12+ years' technical experience in cybersecurity, information technology with focus on cybersecurity implementations. Firm understanding of the DoD 8500. 1-M, DoDM 5205. 07, Volume 1, Joint SAP Implementation Guide (JSIG), National Institute of Standards and Technology (NIST) Special Publication 800-53, Intelligence Community Directive (ICD) Number 503. Experience with EMASS, XACTA or equivalent RMF tools. Bachelor's degree in engineering, computer science, cybersecurity, networking, or programming. Must meet position and certification requirements outlined in DoD Directive 8140 for Information Assurance Manager Level II Certified Information Systems Security Professional (CISSP or (CISSP-ISSEP/CISSP-ISSAP) Active Top-Secret clearance with SCI and SAP eligibility LI-DB1

Create, implement, and maintain system-specific security policies, standards, and procedures, ensuring they align with organizational and regulatory requirements (e. g. , NIST, ISO, HIPAA, PCI DSS) and are effectively communicated and enforced. Conduct regular risk assessments and vulnerability scans to identify security vulnerabilities and potential threats to systems, developing and implementing effective mitigation strategies and tracking remediation efforts. Implement and maintain a comprehensive suite of security controls, including access controls, intrusion detection systems, firewalls, anti-malware software, and data loss prevention (DLP) solutions, ensuring optimal configuration and adherence to best practices. Participate actively in security incident response activities, including thorough investigation, containment, eradication, and recovery, documenting incidents meticulously and extracting valuable lessons learned to improve future responses. Develop and deliver engaging security awareness training programs for users and system administrators, fostering a culture of security awareness throughout the organization. Ensure continuous compliance with relevant security regulations and standards (e. g. , NIST, ISO, HIPAA, PCI DSS), preparing for and participating in security audits and assessments, and maintaining comprehensive documentation to support compliance efforts. Collaborate closely with system administrators, developers, network engineers, and other stakeholders to seamlessly integrate security into all phases of system design, development, and operation. Serve as a trusted security advisor to project teams and business units, proactively communicating security risks and providing well-informed recommendations to management. Stay abreast of the latest security threats, vulnerabilities, and cutting-edge technologies, recommending and implementing ongoing improvements to security policies, procedures, and controls, and participating in industry security forums. Maintain accurate and up-to-date documentation of security configurations, policies, procedures, and incident responses, developing and maintaining system security plans (SSPs) and other essential security-related documentation. 8+ years experience in information security, with at least 3 years of experience as an ISSM or in a similar role. Strong understanding of cybersecurity principles, risk management methodologies, and security controls. Experience with security assessment tools, such as vulnerability scanners and penetration testing tools. Experience with security technologies, such as firewalls, intrusion detection systems, anti-malware software, and data loss prevention (DLP) solutions. Knowledge of operating systems (Windows, Linux), networking protocols, and cloud computing environments. Master's degree in Computer Science, Information Systems, Cybersecurity, or a related field. 8 additional years of relevant experience may be substituted for master's degree. Relevant security certifications are highly desirable, such as: Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) CompTIA Security+ GIAC certifications (e. g. , GSEC, GCIH, GCIA) Ability to establish priorities, work independently, successfully execute multiple projects, and proceed with objectives with minimal supervision. Must possess an active DoD TS/SCI with in-scope SSBI and SAP eligibility. Please note: U. S. Citizenship is required.

The Opportunity: Cyber threats are everywhere, and the constantly evolving nature of these threats can make understanding them seem overwhelming to our clients. In all of this “cyber noise,” how can these organizations understand their risks and how to mitigate them? The answer is you. We need your knowledge as an information security risk specialist to help break down complex threats into manageable plans of action. As an information security risk specialist on our team, you'll work with clients to discover their cyber risks, understand applicable policies, and develop a mitigation plan. You'll get technical and personnel details from colleagues to assess the entire threat landscape. Then, you'll help your team guide your client through a plan of action with presentations, whitepapers, and milestones. You'll work on translating security concepts for your client so they can make the best decisions to secure their mission-critical systems. This is your opportunity to take an active role in information security while growing your skills in cloud technologies. Be a part of our team as we protect our nation's critical information systems. Join us. The world can't wait. You Have: 5+ years of experience as an ISSO or Information System Security Analyst (ISSA) Experience conducting tools assessments and configuration analysis against best practices, vendor specifications, and government security guidelines and requirements Experience with the implementation, oversight, and maintenance of the security configuration, practices, and procedures for systems Experience implementing controls from NIST 800-53, FedRAMP, ICD 503, RMF, and DoD Information Levels, including applying them to the design and implementation of information technology solutions to achieve an authorization to operate (ATO) Experience with eMASS or Xacta IA Manager Ability to perform risk analysis Active TS/SCI clearance; willingness to take a polygraph exam HS diploma or GED DoD 8570 IAM Level II Certification such as CCNA-Security, CySA+, GICSP, GSEC, Security+ CE, CND, or SSCP Certification Nice If You Have: Experience with DoD security technical implementation guides (STIGs), checklists, and testing tools, including STIG Viewer, SCAP, and ACAS scanning tool Experience assessing configuration changes such as new COTS tools or web application upgrades, to system security boundary Experience with cyber-related tools such as Splunk or STIG Viewer Experience with SAP Knowledge of Zero Trust principles and concepts Ability to work within a collaborative team and a fast-paced and dynamic environment Possession of excellent written, organizational, presentation, and verbal communication skills AWS, Azure, or GCP Certification Clearance: Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required. Compensation At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen's benefit programs. Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits. We encourage you to learn more about our total benefits by visiting the Resource page on our Careers site and reviewing Our Employee Benefits page. Salary at Booz Allen is determined by various factors, including but not limited to location, the individual's particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $61,900.00 to $141,000.00 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of Booz Allen's total compensation package for employees. This posting will close within 90 days from the Posting Date. Identity Statement As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud. Work Model Our people-first culture prioritizes the benefits of flexibility and collaboration, whether that happens in person or remotely. If this position is listed as remote or hybrid, you'll periodically work from a Booz Allen or client site facility. If this position is listed as onsite, you'll work with colleagues and clients in person, as needed for the specific role. Commitment to Non-Discrimination All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.

ASRC Federal is a leading government contractor furthering missions in space, public health and defense. As an Alaska Native owned corporation, our work helps secure an enduring future for our shareholders. Join our team and discover why we are a top veteran employer and Certified Great Place to Work ASRC Federal has an exciting opportunity for an Information System Security Officer (ISSO in) in Dayton, Ohio. **This position offers a sign-on bonus.** Our desire is to build a team of highly qualified professionals that will provide expertise in Cybersecurity, Cloud, and Systems Engineering, who will support the development and sustainment of unique secure enclaves at the edge, that provide enterprise services and cyber network defense capabilities to customers across the DoD. This team will provide engineering expertise using technologies such as ePO, Splunk, ACAS, Azure Automation, STIG/SCAP, and other enterprise capabilities. The ISSO will have an active role in monitoring a system and its environment of operation to include developing and updating a System Security Plan, managing and controlling changes to the system, and assessing the security impact. **Responsibilities:** + Maintain the operational security posture of systems. + Monitor systems and environments for security compliance. + Develop and update System Security Plans (SSPs). + Manage and control system changes and assess their security impact. + Handle physical, personnel, and environmental security. + Conduct incident response and security awareness training. + Assist the ISSM and assume ISSM duties when necessary. + Assist the ISSM in meeting their duties and responsibilities. The ISSO shall assume ISSM responsibilities in the absence of the ISSM; + Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the security authorization package; + Maintain equivalent IAM Level 2 certifications based off of DoD 8140 standard; + Ensure all users have the requisite security clearances, authorization, need-to-know, and are aware of their security responsibilities before granting access to the IS; + Report all security-related incidents to the ISSM + Conduct periodic reviews of information systems to ensure compliance with the security authorization package; + Serve as member of the CCB, if designated by the ISSM; + Coordinate any changes or modifications to hardware, software, or firmware of a system with the ISSM and AO/DAO prior to the change; + Formally notify the ISSM and AO/DAO when changes occur that might affect system authorization; + Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly; + Ensure all IS security-related documentation is current and accessible to properly authorized individuals; and + Ensure audit records are collected, reviewed, and documented (to include any anomalies). + Participate in joint agile backlog planning and provide feedback to the software development team and infrastructure teams around high to medium risk items that require information system owner approval. **Responsibilities:** + Advanced technical competency and experience in one or more of the following areas: Active Directory Domain Services, Active Directory Federated Services, Active Directory Certificate Services, Windows Server Update Services, ePO, Splunk, STIG/SCAP, YUM, ACAS Automation, and Azure Monitor / Log Analytics. + Maintain equivalent IAM Level 2 certifications based off of DoD 8140 standard + 5+ years related experience in SCI/SAP environments. + Bachelor's degree in computer science, Engineering, Finance, Business, or relatedfield + 5-8 years demonstrated performance in related technology + Top Secret w/ SCI eligibility + Other duties as assigned We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law. _The salary offered will depend on several factors including, but not limited to, relevant experience, skills, education, geographic location, internal equity, business needs, and other factors permitted by law. Posted pay ranges are a general guideline only and are not a guarantee of compensation or salary._ **_EEO Statement_** _ASRC Federal and its Subsidiaries are Equal Opportunity employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law._ **Job Details** **Job Family** **Information Technology** **Job Function** **Information Security** **Pay Type** **Salary**

Serve as the Information Systems Security Officer (ISSE) providing technical input, recommendations, and assistance with the implementation of both higher and granular-level cyber security approaches, methods and solutions that incorporate and maintain compliance to requirements resulting from laws, regulations, and other pertinent guidance. Participate in acquisition meetings (PMR, PDR, CDR, etc. ), concept of operation (CONOP) working groups, change boards, technical exchange meetings and other similar activities. Design and develop security requirements that drive down risk while maintaining operational capability. Work between architecture-level and implementation-level engineering meetings to maintain a system-wide view of security functions and apply risk mitigation strategies at the appropriate level. Guide and verify defense contractors' work against program requirements and goals. This includes participating in technical discussions, trade studies and working groups, and conducting research on industry best practices for potential implementation. Interface with program managers to explain security requirements, risks and mitigations relative to their priorities of cost and schedule to ensure an acceptable risk tolerance. Evaluate newly identified threats and vulnerabilities to customer information systems to ascertain the need for additional safeguards and develop timely implementation strategies to reduce risk. Enforce the design and implementation of trusted relationships among external systems and architectures. Assess proposed changes to customer information systems, their operation environment, and mission needs for impacts to cybersecurity architectures and continued compliance with cybersecurity requirements. Provide inputs to development teams responsible for designing and developing organizational information systems and upgrading legacy systems. Employ best practices when implementing security requirements for information systems including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques. Keep abreast of current and new security technologies and threats to better support the customer in maintaining cybersecurity resilience. Identify integration issues related to the implementation of new systems within the existing infrastructure; recommend mitigation and/or resolution options as appropriate. Assist in the design of systems and networks that encompass multiple enclaves to include those with differing data protection/classification requirements. 18+ years' technical experience in cybersecurity, information technology with focus on cybersecurity implementations. Demonstrated ability to understand cybersecurity needs of systems at varied stages of the SDLC. Firm understanding of the DoD 8500. 1-M, DoDM 5205. 07, Volume 1, Joint SAP Implementation Guide (JSIG), National Institute of Standards and Technology (NIST) Special Publication 800-53, Intelligence Community Directive (ICD) Number 503. Excellent oral and written communication skills and ability to clearly translate client technical needs into technical specifications. Demonstrated ability to complete tasks, drive projects to closure, assimilate and correlate project information in a fast-paced environment. Demonstrated ability to assess and articulate risk, including to non-technical audiences. Experience working on DISA Security Technical Implementation Guide (STIG) implementation. Experience working on-site in a government client environment. Familiarity with security procedures while working in a SCIF/SAPF environment. Familiarity and experience with NSA requirements for COMSEC. Experience with DoD Acquisition Lifecycle experience and/or Rapid Acquisition / Rapid Delivery experience Capable of applying system security engineering expertise to various client programs/processes (e. g. , system security design process, engineering life cycle, information domain and cross domain solutions, identification/authentication/authorization of commercial off-the-shelf and government off-the-shelf software employment, system integration, risk management, intrusion detection, contingency planning, incident handling, configuration control, change management, continuous monitoring, auditing, assessment and authorization, confidentiality, integrity, and availability. Bachelor's degree in engineering, computer science, cybersecurity, networking, or programming. Master's degree in engineering, computer science, cybersecurity, networking, or programming, (Highly Desired). Certified Information Systems Security Professional (CISSP or (CISSP-ISSEP/CISSP-ISSAP) Certified Cloud Security Professional (CCSP). AWS Architect or other similar cloud technology security certification Security Clearance Level Required: Must possess an active Top Secret security clearance, current within five (5) years, based upon a T5 or T5R investigation (formerly known as Single Scope Background Investigation (SSBI) or SSBI Periodic Review (SBPR). Please Note: U. S. Citizenship is required. LI-DB1

Serve as technical expert to the Cybersecurity Assessment Program providing technical direction, interpretation and alternatives to complex problems. Develop procedures for implementation and validation to integrate effective security designs into system architectures. Perform information system security engineering tasks, ensuring that information security requirements are properly implemented throughout the processes of security architecture, design, development, configuration, and implementation. Develop, implement, and enforce information systems security policies ensuring system security requirements are addressed during all phases of the acquisition and Information System lifecycle Review, analyze and validate system security designs within embedded avionics systems to validate security control and architecture implementations Conduct certification and testing in accordance with the Risk Management Framework (RMF) and National Institute of Standards and Technology (NIST) policy; identify deficiencies and provide recommendations of risk mitigation to customer. Employ best practices when implementing security controls, including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques Integrate/Develop new techniques to improve Confidentiality, Integrity, and Availability for networks/systems operating at various classification levels Assist program managers, system engineers and cyber test engineers in conducting Mission Based Cyber Risk Assessments Participate in program protection analyses for program and system information, CPI, and critical components. Coordinate with the Anti- Tamper Executive Agent and test team to define AT requirements are implemented into system designs* Identify points of vulnerability, non- compliance with established cybersecurity standards and regulations, and recommend mitigation strategies Identify points of vulnerability, non-compliance with established cybersecurity standards and regulations, and recommend mitigation strategies Apply knowledge of cybersecurity policy, procedures, and workforce structure to implement secure networking, computing, and enclave environments Perform system or network designs that encompass multiple enclaves to include those with differing data protection/classification requirements Work closely with customers and vendors to provide expert level consultation and technical services on all aspects of System Security Engineering. Respond to technical issues in a professional and timely manner. Minimum of Eight (8) years of experience working in a cybersecurity related field Prior performance in roles such as ISSO, ISSM, ISSE/SSE or SCA Experience conducting security control assessments and/or implementation using NIST SP 800-53, NIST 800-171, ICD 503 and JSIG Must have the ability to work in a dynamic environment and effectively interact with numerous DOD, military/civilian personnel and industry partners Demonstrated experience in Systems Engineering writing systems level requirements, architectures, and designs Knowledge and experience working in the Systems Engineering "V" Lifecycle framework Familiar with the Digital Engineering Environment including using Model Based Systems Engineering and Model Based Cyber Risk Assessment tools Strong analytical and problem-solving skills Ability to take the initiative to complete tasks with minimal supervision Experience in Secure Software Development Lifecycle Experience working on DISA Security Technical Implementation Guide (STIG) implementation across multiple operating systems and applications Must be a team player and be able to work within all levels of a project team Excellent time management, scheduling, and organizational skills Ability to work well independently as well as follow detailed instructions for completing tasks Demonstrated ability to complete tasks, drive projects to closure, assimilate and correlate project information in a fast-paced environment Demonstrated ability to shift from one project to another in a dynamic, agile work environment Excellent oral and written communication skills and ability to clearly translate client technical needs into technical specifications Ability to communicate technical approaches and details within small project teams, including team interactions and presentations Familiarity with security procedures while working in a SCIF/SAPF environment Experience with aircraft avionics, system engineering or aircraft maintenance Prior work and experience working with aircraft, weapons or command & control systems Experience with various Security Content Automation Protocol (SCAP) tools such as Assured Compliance Assessment Solution (ACAS) (Nessus) and SCAP Compliance Checker (SCC) Experience using Security Incident and Event Management (SIEM) programs Experience with performing Mission Based Cyber Risk Assessments including the MRAP-C, Cyber Table Top or Blue Book BS degree from an accredited university including classes in Computer Science, Computer/Electronics/Electronics Engineering, Cybersecurity or related fields Must meet position and certification requirements outlined in the DoDD 8570. 01-M for Information Assurance Security Engineer (IASE) level 2 Possess an active Top Secret security clearance, based upon a Single Scope Background (SSBI/SBPR). Must be eligible for Sensitive Compartmented Information (SCI) and Special Access Programs (SAP) access.

Provide engineering support in requirements identification, evaluation, testing and integration, specifically with Program Protection planning and anti-tamper methodologies. Provide engineering support for technology and product acquisitions to include long-term planning, request for proposal (RFP) development, and technical oversight of ongoing projects. Develop plans to assess security features of Government Off-The-Shelf (GOTS) and Commercial Off-The Shelf (COTS) components for CPI susceptibility/vulnerability to exploitation and reverse engineering. Work with DoD Anti-Tamper Evaluation Teams to understand current designs and identify vulnerabilities to foreign and adversary exploitation. Assist efforts to improve US weapons system anti-tamper/anti-exploitation design, development, manufacturing, training, and sustainment. Provide support to Anti-Tamper courses by teaching modules to industry and Government participants, and assist with curriculum development and updates, as required. Requires a thorough understanding of the DoD systems engineering process, policy and procedures in the acquisition, manufacturing, fielding, and sustainment, modernization and disposal of new, existing and future weapons systems and capabilities, with specific experience in weapons system Program Protection planning. Experienced and motivated engineering professionals with the necessary skills to support the ATEA FPO by accomplishing highly technical tasks in a classified work environment. Apply knowledge of and expertise in DoD, AF and common engineering and scientific principles, criteria, and procedures to improve planned and existing weapon system manufacture, operations, re-manufacture and de-militarization operations and oversight. Highly desired that personnel in this position have expertise in understanding integrated circuitry, industry standard processors, and memory chips and have familiarity with methodologies for reverse engineering electronic systems and integrated circuitry. Assist in translating user requirements into system requirements, which will be used to design, develop, fabricate, test and evaluate systems, subsystems and equipment for deployment. Apply engineering principles and technical understanding of subject matter material into initial development, modification/updates/revisions, and maintenance of technical Anti-Tamper Security Classification Guides (SCG) using technical writing skills. Assist with the development of requirements and technology needs into action plans and policies necessary to improve and retain world class manufacturing, operations, re-manufacturing and de-militarization of weapon system capabilities. Perform technical/mission analyses of existing and potential operational requirements, assist in developing system concepts, and perform technological/trade-off study assessments of proposed designs. Support and conduct engineering performance, effectiveness, cost effectiveness, cost performance, lifecycle cost, producibility, maintainability, supportability, reliability, technical and schedule risk assessment and scheduling trade-off studies. Support and conduct systems analyses to include, but not limited to, system design/design feasibility and state-of-the-art assessment. Provide systems/subsystems integration support for the acquisition, development and verification of systems and equipment. Minimum of 10 years of relevant DoD work experience (years of experience may be waiverable with customer approval). No less than three (3) years' experience in an SAP and/or SCI environment within the last five (5) years (SAP/SCI experience may be waiverable with customer approval). BS and MS degree in Electrical, Radar, Software, Microelectronics, or Computer Engineering (Master's degree may be waiverable with customer approval). Experience with Program Protection planning and implementation in weapon system programs. Evaluating current fielded weapons systems to determine anti-tamper and reverse engineering susceptibility based on vendor design. Identifying susceptibility of critical protected information from exploitation and reverse engineering. Identifying methodologies to improve resistance of current and future electronic circuits to reverse engineering and exploitation. Supporting development of industry and DoD standards for future weapons systems to improve resistance to reverse engineering exploitation. Working with industry to assess tamper resistance of current weapons systems within the acquisition development cycle. Working within the electronic exploitation lab environment, utilizing or having familiarity with state-of-the-art exploitation equipment and instrumentation to evaluate current and new processors, memory units, and electronic circuits to exploit weaknesses, identify improvements to design, and develop new standards to deter technological exploitation. Possess an active Top Secret security clearance, based upon a Single Scope Background (SSBI/SBPR). Must be eligible for Sensitive Compartmented Information (SCI) and Special Access Programs (SAP) access.

Direct and recent experience coding in C, C++, Python. Solid understanding of computer architecture, operating systems, and software development principles. Comfort working with assembly language, machine code, hexadecimal, and binary representations. Experience with reverse engineering tools such as IDA Pro, Ghidra, or GDB. Knowledge of network protocols (TCP/UDP) and basic cryptography functions. Hacker mindset with a demonstrated interest in analyzing software/firmware for weaknesses. 1-4 years of demonstrated experience in reverse engineering or related security disciplines. Experience developing user-mode applications for traditional platforms (Windows, Linux, mac OS, Android, iOS) or user/kernel-mode capabilities for non-traditional platforms (embedded/proprietary/custom firmware or operating systems). Experience analyzing and manipulating network protocols. Interest in the architecture and internals of proprietary operating systems. Participation or interest in Capture the Flag (CTF)/hacking competitions Experience with hardware reverse engineering tools and techniques. Knowledge of embedded systems and firmware analysis. Demonstrated ability to learn new technologies quickly and adapt to a fast-paced environment. Relevant certifications such as Offensive Security Certified Professional (OSCP), eLearnSecurity Junior Penetration Tester (eJPT), GIAC Reverse Engineering Malware (GREM), GIAC Certified Reverse Engineer (GCRE), or other reverse engineering, malware analysis, or security-related certifications. Bachelor's degree in Computer Science, Cyber Security, Computer Engineering, Electrical Engineering, or a related field strongly preferred. Ability to obtain and maintain a U. S. Security Clearance is required. Ability to obtain TS/SCI. Reverse Engineers use decompiling, disassembling, and de-obfuscating to gain a deeper understanding of how and what a malicious software operates. They identify, examine, and understand various forms of malicious software, such as adware, bots, rootkits, spyware, ransomware, Trojan horses, viruses, and worms. LI-BG1

Apply an understanding of DoD, Air Force and common engineering/scientific principles, processes and procedures to improve performance and sustainability of existing and future weapon systems. Translate user requirements into weapon system requirements which will be used to design, develop, fabricate, test and evaluate weapon systems, subsystems and equipment for eventual fielding and deployment. Perform technical/mission analyses of existing and future operational requirements, assist in developing systems concepts and perform technical trade-off assessments of designs/modifications. Develop and maintain Risk Management Framework documentation necessary to obtain Authorizations including but not limited to the System Security Plan (SSP), Architecture Analysis Report (AAR), Continuous Monitoring Plan, Security Control Traceability Matrix (SCTM), Security Assessment Report (SAR) and Risk Assessment Report (RAR). Provide support to produce or review technical documentation for acquisition programs including Cybersecurity Strategy, Test and Evaluation Master Plan (TEMP), Clinger-Cohen Act Compliance, Capabilities Development Document, Concept of Operations and more. Support system engineering and program management in conducting and reviewing milestone documentation including System Requirements Review (SRR), Preliminary Design Reviews (PDR), Critical Design Reviews (CDR) and Program Management Reviews (PMR). Perform information system security engineering tasks, ensuring that information security requirements are properly implemented throughout the processes of security architecture, design, development, configuration, and implementation. Develop, implement, and enforce information systems security policies ensuring system security requirements are addressed during all phases of the acquisition and Information System lifecycle. Review, analyze and validate system security designs within embedded avionics systems to validate security control and architecture implementations Conduct Assessment & Authorization (A&A) tasks in accordance with the Risk Management Framework (RMF) and National Institute of Standards and Technology (NIST) policy; identify deficiencies and provide recommendations of risk mitigation to program management. Employ best practices when implementing security controls, including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques Integrate/Develop new techniques to improve Confidentiality, Integrity, and Availability for networks/systems operating at various classification levels Assist program managers, system engineers and cyber test engineers in conducting Mission Based Cyber Risk Assessments Identify points of vulnerability, non-compliance with established cybersecurity standards and regulations, and recommend mitigation strategies Apply knowledge of cybersecurity policy, procedures, and workforce structure to implement secure networking, computing, and enclave environments Identify system and/or network designs that encompass multiple enclaves to include those with differing data protection/classification requirements REQUIRED: Education: BS degree from an accredited university including classes in Computer Science, Cybersecurity, Electrical/Electronics/Systems/Computer Engineering, or related field. Experience: 5+ years of experience in systems security architecture or engineering, ideally within a government or DoD environment. Certifications: Relevant certifications related to a Security Architect in accordance with DoD 8140 (CISSP, CISM, CCSP). Knowledge: Deep understanding of cybersecurity frameworks (NIST) and standards, RMF, DISA STIGs, and system accreditation processes. Technical Skills: Expertise with security concerns in avionics, embedded systems, Operational Technology and Supervisory Control and Data Acquisition systems. Familiarity with network security, firewalls, intrusion detection/prevention systems, secure coding practices, and vulnerability scanning tools. Must possess an active Top Secret clearance with eligibility for SCI. Experience with government contracting and DoD security program management.

Develop and implement system security plans, policies, and controls in accordance with DoD and NIST standards (e. g. , RMF, NIST SP 800-53). Conduct cybersecurity risk and vulnerability assessments and develop mitigation strategies. Support architecture and design reviews from a security perspective. Coordinate with cross-functional teams to ensure cybersecurity is integrated early in the systems engineering process. Assist with security test and evaluation (ST&E), including validation, verification, and accreditation efforts (e. g. , ATO/ATC). Contribute to Program Protection Plans (PPPs), Security Classification Guides (SCGs), and related security documentation. Required Bachelor's degree in Systems Engineering, Cybersecurity, Computer Science, or a related field (or equivalent experience). 5+ years of experience in cybersecurity or systems security engineering within a DoD environment. Familiarity with RMF, NIST SP 800 series, and DoDI 8510. 01. Experience supporting system accreditation packages and security documentation. Active Top Secret clearance with SCI eligability required. DoD 8570 IAT Level II or III certification (e. g. , Security+, CISSP, CASP+) required. Experience supporting classified DoD systems, weapon systems, or multi-domain platforms. Experience working closely with ISSMs/ISSEs and government security stakeholders.

Implement system security requirements throughout the Systems Engineering processes during weapon system lifecycle. Security Architecture Design: Design and implement security solutions to ensure the confidentiality, integrity, and availability of systems in compliance with government regulations and standards (e. g. , NIST 800-53, Risk Management Framework (RMF), DISA STIGs, and NSA Security configuration guides). Risk Assessment: Identify threats and vulnerabilities related to systems, networks, and applications, and provide recommendations to mitigate risks. Compliance Management: Ensure systems and processes align with DoD policies, federal regulations, and agency-specific security requirements. System Hardening: Perform system hardening activities, including configuring devices, removing unnecessary services, and applying patches according to DISA STIG guidelines. Incident Response: Lead efforts to respond to cybersecurity incidents by investigating, analyzing, and documenting security breaches. Monitoring and Reporting: Oversee real-time monitoring processes, analyze alerts, and prepare security reports to share with senior management or government agencies. Collaboration: Work closely with engineering, IT, and program management teams to integrate security into project lifecycles and provide guidance on best practices for safeguarding classified and sensitive information. Documentation: Develop and maintain comprehensive documentation, including system security plans (SSPs), risk matrixes, and assessment/evaluation reports. Education: Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering, Information Technology, Cybersecurity, or related field (Master's degree preferred). Experience: 5+ years of experience in systems security architecture or engineering, ideally within a government or DoD environment. Certifications: Relevant certifications such as CISSP, CEH, CISM, CompTIA Security+, or CAP. Knowledge: Deep understanding of accreditation processes, aircraft systems, embedded systems, systems engineering processes and COMSEC encryption. Technical Skills: Expertise in security, vulnerability scanning tools and avionics architectures. Must possess an active Top Secret clearance with eligibility for SCI. Experience with government contracting and DoD security program management. Familiarity with scripting, automation tools, and secure system integration techniques. Understanding of cloud security in classified environments. NSA engagement and crypto development experience. Strong analytical skills to identify cybersecurity risks and solutions. Excellent verbal and written communication skills for interfacing with internal teams and external government agencies. Ability to work in high-pressure environments and handle sensitive information securely.

Develop and implement security architectures and designs for both new and existing systems, ensuring alignment with industry best practices, adherence to relevant regulatory requirements, and compliance with established organizational security policies. Conduct security risk assessments and vulnerability analyses to proactively identify potential weaknesses and vulnerabilities within systems, and develop and recommend effective mitigation strategies to address these identified risks. Evaluate and carefully select appropriate security technologies and solutions to effectively address specific and evolving security needs; create and maintain comprehensive security documentation, including detailed system security plans (SSPs), thorough security control assessments (SCAs), and comprehensive security test and evaluation (ST&E) reports. Configure and maintain a wide range of critical security tools and technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), security information and event management (SIEM) systems, advanced endpoint detection and response (EDR) solutions, and vulnerability scanners, ensuring optimal performance and effectiveness. Implement and rigorously enforce security policies and procedures across all systems and networks to ensure consistent security posture; collaborate closely with IT teams to seamlessly integrate security controls into capability development systems, experiments, and prototypes, encompassing requirements gathering, design, testing, and deployment; and automate security tasks and processes to improve overall efficiency and significantly reduce the risk of human error. Continuously monitor security logs and alerts to proactively identify potential security incidents and breaches, enabling swift and effective response actions. Thoroughly investigate security incidents and breaches to determine root causes and scope of impact, and develop and implement comprehensive and effective remediation plans to address the identified issues. Actively participate in incident response activities, including containment, eradication, and recovery efforts, to minimize the impact of security incidents; and develop and maintain robust incident response plans and procedures to ensure coordinated and effective responses. Ensure that all systems and applications strictly comply with relevant security standards and regulations, such as NIST, ISO 27001, HIPAA, PCI DSS, and GDPR, maintaining a strong security posture and mitigating compliance risks. Develop and maintain engaging security awareness training programs for employees to promote a security-conscious culture; collaborate closely with IT teams, developers, and other stakeholders to seamlessly integrate security into all aspects of the organization's operations; effectively communicate security risks and issues to management and other stakeholders in a clear and concise manner; provide expert security guidance and support to other IT staff; actively participate in security meetings and relevant industry conferences; and mentor junior security staff to foster their professional development. 8+ years experience in information security engineering or a related role Strong understanding of security principles, technologies, and best practices. Experience with security tools and technologies, such as firewalls, IDS/IPS, SIEM, EDR, and vulnerability scanners. Knowledge of network security protocols and technologies, such as TCP/IP, DNS, and VPNs. Experience with cloud security concepts and technologies (e. g. , AWS, Azure, GCP). Familiarity with scripting languages (e. g. , Python, PowerShell) for automation. Experience with operating systems (e. g. , Windows, Linux) and virtualization technologies. Master's degree in Computer Science, Information Systems, Cybersecurity, or a related field. 8 additional years of relevant experience may be substituted for master's degree. Preferred Certifications Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Ethical Hacker (CEH) Security+ Global Information Assurance Certification (GIAC) Experience with penetration testing and vulnerability assessment. Experience with DevSecOps practices. Experience with security automation and orchestration tools. Ability to establish priorities, work independently, successfully execute multiple projects, and proceed with objectives with minimal supervision. Must possess an active DoD TS/SCI with in-scope SSBI and SAP eligibility. Please note: U. S. Citizenship is required. LI-MM1

ASRC Federal has an exciting opportunity for an Information System Security Engineer (ISSE) in Dayton, Ohio. This position offers a sign-on bonus. Our desire is to build a team of highly qualified professionals that will provide expertise in Cybersecurity, Cloud, and Systems Engineering, who will support the development and sustainment of unique secure enclaves at the edge, that provide enterprise services and cyber network defense capabilities to customers across the DoD. This team will provide engineering expertise using technologies such as ePO, Splunk, ACAS, Azure Automation, STIG/SCAP, and other enterprise capabilities. The Information Systems Security Engineer (ISSE) shall perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations and recommend mitigation strategies. Responsibilities: Engineer unique solutions to support ongoing Cyber Threat and Cyber Defensive Operations. Automate threat assessment and reporting activities. Analyze and report system and organizational security posture trends to the ISSM/ISSO. Provide cybersecurity recommendations to the ISSM based on significant threats and vulnerabilities. Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation. Plan and recommend modifications or adjustments based on exercise results. Mitigate or correct security deficiencies identified during security and certification testing and/or recommend risk acceptance to the ISSM Audit support responsibilities Analyze and report organizational security posture trends to the ISSM/ISSO Analyze and report system security posture trends to the ISSM/ISSO Apply security policies to meet security objectives of the system to the ISSM/ISSO Assess adequate access controls based on principles of least privilege and need-to-know and reports findings to the ISSM/ISSO Assess all the configuration management (change configuration/release management) processes and reports findings to the ISSM/ISSO Assess the effectiveness of security controls and reports findings to the ISSM Be able to develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements Ensure all systems security operations and maintenance activities are properly documented and updated as necessary Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level and reports findings to the ISSM Implement security measures to resolve vulnerabilities, mitigate risks and recommend security changes to system or system components as needed Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance to the ISSM Plan and recommend modifications or adjustments based on exercise results or system environment Properly document all systems security implementation, operations and maintenance activities and updates necessary Provides cybersecurity recommendations to the ISSM based on significant threats and vulnerabilities Verify and update security documentation reflecting the application/system security design features Verify minimum security requirements are in place for all applications Assists the ISSM/ISSO in identifying the security requirements for the system, including the confidentiality, integrity, and availability of data Assists the ISSM/ISSO in describing and documenting the security controls that will be implemented to meet the security requirements Assists the ISSM/ISSO in describing and documenting the procedures that will be used to manage security risks and incidents Assists the ISSM/ISSO in describing and documenting how the security controls will be monitored and tested to ensure that they are effective Assists the ISSM/ISSO in describing and documenting how changes to the system will be managed to minimize security risks Assists the ISSM/ISSO in describing and documenting how the system will be recovered in the event of a security incident Assists the ISSM/ISSO in the collection and organization of supporting documentation and diagrams needed for an Authority to Operate Package Assists the ISSM/ISSO with conducting a security assessment of the system. This includes identifying the system's assets, threats, vulnerabilities, and risks. Assists the ISSM/ISSO with developing a risk management plan. This plan identifies the security controls that will be implemented to mitigate the risks to the system. Assists the ISSM/ISSO in writing the System Security Plan or updating a System Security Plan Addendum Assists the ISSM/ISSO in reviewing and updating the System Security Plan or Addendum Assists the ISSM/ISSO in ensuring that the SSP is compliant with applicable DoD security policies and procedures Monitors and investigates security breaches Educates employees or clients about security procedures and programs Other duties as assigned Requirements: Must have a DoD Top Secret w/ SCI eligibility. Advanced technical competency and experience in one or more of the following areas: Active Directory Domain Services, Active Directory Federated Services, Active Directory Certificate Services, Windows Server Update Services, ePO, Splunk, STIG/SCAP, YUM, ACAS Automation, and Azure Monitor / Log Analytics. Security+ Certification 5+ years related experience in SCI/SAP environments. Bachelor's degree in computer science, Engineering, Finance, Business, or related field AND 3+ years leadership experience in relevant area of business OR equivalent experience. 8-12 years demonstrated performance in related technology. Additional or Preferred Qualifications 5+ years leadership experience in relevant area of business.

ASRC Federal has an exciting opportunity for an Information System Security Engineer (ISSE) in Dayton, Ohio. This position offers a sign-on bonus. Our desire is to build a team of highly qualified professionals that will provide expertise in Cybersecurity, Cloud, and Systems Engineering, who will support the development and sustainment of unique secure enclaves at the edge, that provide enterprise services and cyber network defense capabilities to customers across the DoD. This team will provide engineering expertise using technologies such as ePO, Splunk, ACAS, Azure Automation, STIG/SCAP, and other enterprise capabilities. The Information Systems Security Engineer (ISSE) shall perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations and recommend mitigation strategies. Responsibilities: Engineer unique solutions to support ongoing Cyber Threat and Cyber Defensive Operations. Automate threat assessment and reporting activities. Analyze and report system and organizational security posture trends to the ISSM/ISSO. Provide cybersecurity recommendations to the ISSM based on significant threats and vulnerabilities. Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation. Plan and recommend modifications or adjustments based on exercise results. Mitigate or correct security deficiencies identified during security and certification testing and/or recommend risk acceptance to the ISSM Audit support responsibilities Analyze and report organizational security posture trends to the ISSM/ISSO Analyze and report system security posture trends to the ISSM/ISSO Apply security policies to meet security objectives of the system to the ISSM/ISSO Assess adequate access controls based on principles of least privilege and need-to-know and reports findings to the ISSM/ISSO Assess all the configuration management (change configuration/release management) processes and reports findings to the ISSM/ISSO Assess the effectiveness of security controls and reports findings to the ISSM Be able to develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements Ensure all systems security operations and maintenance activities are properly documented and updated as necessary Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level and reports findings to the ISSM Implement security measures to resolve vulnerabilities, mitigate risks and recommend security changes to system or system components as needed Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance to the ISSM Plan and recommend modifications or adjustments based on exercise results or system environment Properly document all systems security implementation, operations and maintenance activities and updates necessary Provides cybersecurity recommendations to the ISSM based on significant threats and vulnerabilities Verify and update security documentation reflecting the application/system security design features Verify minimum security requirements are in place for all applications Assists the ISSM/ISSO in identifying the security requirements for the system, including the confidentiality, integrity, and availability of data Assists the ISSM/ISSO in describing and documenting the security controls that will be implemented to meet the security requirements Assists the ISSM/ISSO in describing and documenting the procedures that will be used to manage security risks and incidents Assists the ISSM/ISSO in describing and documenting how the security controls will be monitored and tested to ensure that they are effective Assists the ISSM/ISSO in describing and documenting how changes to the system will be managed to minimize security risks Assists the ISSM/ISSO in describing and documenting how the system will be recovered in the event of a security incident Assists the ISSM/ISSO in the collection and organization of supporting documentation and diagrams needed for an Authority to Operate Package Assists the ISSM/ISSO with conducting a security assessment of the system. This includes identifying the system's assets, threats, vulnerabilities, and risks. Assists the ISSM/ISSO with developing a risk management plan. This plan identifies the security controls that will be implemented to mitigate the risks to the system. Assists the ISSM/ISSO in writing the System Security Plan or updating a System Security Plan Addendum Assists the ISSM/ISSO in reviewing and updating the System Security Plan or Addendum Assists the ISSM/ISSO in ensuring that the SSP is compliant with applicable DoD security policies and procedures Monitors and investigates security breaches Educates employees or clients about security procedures and programs Other duties as assigned Requirements: Must have a DoD Top Secret w/ SCI eligibility. Advanced technical competency and experience in one or more of the following areas: Active Directory Domain Services, Active Directory Federated Services, Active Directory Certificate Services, Windows Server Update Services, ePO, Splunk, STIG/SCAP, YUM, ACAS Automation, and Azure Monitor / Log Analytics. Security+ Certification 5+ years related experience in SCI/SAP environments. Bachelor's degree in computer science, Engineering, Finance, Business, or related field AND 3+ years leadership experience in relevant area of business OR equivalent experience. 8-12 years demonstrated performance in related technology. Additional or Preferred Qualifications 5+ years leadership experience in relevant area of business.

ASRC Federal is a leading government contractor furthering missions in space, public health and defense. As an Alaska Native owned corporation, our work helps secure an enduring future for our shareholders. Join our team and discover why we are a top veteran employer and Certified Great Place to Work ASRC Federal has an exciting opportunity for an Information System Security Engineer (ISSE) in Dayton, Ohio. This position offers a sign-on bonus. Our desire is to build a team of highly qualified professionals that will provide expertise in Cybersecurity, Cloud, and Systems Engineering, who will support the development and sustainment of unique secure enclaves at the edge, that provide enterprise services and cyber network defense capabilities to customers across the DoD. This team will provide engineering expertise using technologies such as ePO, Splunk, ACAS, Azure Automation, STIG/SCAP, and other enterprise capabilities. The Information Systems Security Engineer (ISSE) shall perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations and recommend mitigation strategies. **Responsibilities:** + Engineer unique solutions to support ongoing Cyber Threat and Cyber Defensive Operations. + Automate threat assessment and reporting activities. + Analyze and report system and organizational security posture trends to the ISSM/ISSO. + Provide cybersecurity recommendations to the ISSM based on significant threats and vulnerabilities. + Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation. + Plan and recommend modifications or adjustments based on exercise results. + Mitigate or correct security deficiencies identified during security and certification testing and/or recommend risk acceptance to the ISSM + Audit support responsibilities + Analyze and report organizational security posture trends to the ISSM/ISSO + Analyze and report system security posture trends to the ISSM/ISSO + Apply security policies to meet security objectives of the system to the ISSM/ISSO + Assess adequate access controls based on principles of least privilege and need-to-know and reports findings to the ISSM/ISSO + Assess all the configuration management (change configuration/release management) processes and reports findings to the ISSM/ISSO + Assess the effectiveness of security controls and reports findings to the ISSM + Be able to develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements + Ensure all systems security operations and maintenance activities are properly documented and updated as necessary + Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level and reports findings to the ISSM + Implement security measures to resolve vulnerabilities, mitigate risks and recommend security changes to system or system components as needed + Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation + Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance to the ISSM + Plan and recommend modifications or adjustments based on exercise results or system environment + Properly document all systems security implementation, operations and maintenance activities and updates necessary + Provides cybersecurity recommendations to the ISSM based on significant threats and vulnerabilities + Verify and update security documentation reflecting the application/system security design features + Verify minimum security requirements are in place for all applications + Assists the ISSM/ISSO in identifying the security requirements for the system, including the confidentiality, integrity, and availability of data + Assists the ISSM/ISSO in describing and documenting the security controls that will be implemented to meet the security requirements + Assists the ISSM/ISSO in describing and documenting the procedures that will be used to manage security risks and incidents + Assists the ISSM/ISSO in describing and documenting how the security controls will be monitored and tested to ensure that they are effective + Assists the ISSM/ISSO in describing and documenting how changes to the system will be managed to minimize security risks + Assists the ISSM/ISSO in describing and documenting how the system will be recovered in the event of a security incident + Assists the ISSM/ISSO in the collection and organization of supporting documentation and diagrams needed for an Authority to Operate Package + Assists the ISSM/ISSO with conducting a security assessment of the system. This includes identifying the system's assets, threats, vulnerabilities, and risks. + Assists the ISSM/ISSO with developing a risk management plan. This plan identifies the security controls that will be implemented to mitigate the risks to the system. + Assists the ISSM/ISSO in writing the System Security Plan or updating a System Security Plan Addendum + Assists the ISSM/ISSO in reviewing and updating the System Security Plan or Addendum + Assists the ISSM/ISSO in ensuring that the SSP is compliant with applicable DoD security policies and procedures + Monitors and investigates security breaches + Educates employees or clients about security procedures and programs + Other duties as assigned **Requirements:** + Must have a DoD Top Secret w/ SCI eligibility. + Advanced technical competency and experience in one or more of the following areas: Active Directory Domain Services, Active Directory Federated Services, Active Directory Certificate Services, Windows Server Update Services, ePO, Splunk, STIG/SCAP, YUM, ACAS Automation, and Azure Monitor / Log Analytics. + Security+ Certification + 5+ years related experience in SCI/SAP environments. + Bachelor's degree in computer science, Engineering, Finance, Business, or related field AND 3+ years leadership experience in relevant area of business OR equivalent experience. + 8-12 years demonstrated performance in related technology. Additional or Preferred Qualifications + 5+ years leadership experience in relevant area of business. We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law. _The salary offered will depend on several factors including, but not limited to, relevant experience, skills, education, geographic location, internal equity, business needs, and other factors permitted by law. Posted pay ranges are a general guideline only and are not a guarantee of compensation or salary._ **_EEO Statement_** _ASRC Federal and its Subsidiaries are Equal Opportunity employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law._ **Job Details** **Job Family** **Information Technology** **Job Function** **Information Security** **Pay Type** **Salary**