Information System Security Officer (ISSO) SME

ASRC Federal is a leading government contractor furthering missions in space, public health and defense. As an Alaska Native owned corporation, our work helps secure an enduring future for our shareholders. Join our team and discover why we are a top veteran employer and Certified Great Place to Work™

ASRC Federal is seeking experienced Information System Security Officer (ISSO) SME with experience assessing Federal agency compliance with the DHS CISA Zero Trust Maturity Framework in support of a new government program. This program will support and augment ongoing efforts to achieve, maintain , continuously improve, and integrate ZT operational capabilities and solutions across ZT pillars. The purpose of this pro gram is to provide enhanced capabilities and integration of operational capabilities and services across ZT pillars to accelerate ZT maturity beyond its current rate, and achieve and maintain White House, OMB , and DHS ZT maturity goals over the next two years .

Summary: ISSO/ISSM SMEs will support the security activities associated with evaluating, assessing, implementing, and managing security practices and continued operations of new and existing technologies for assigned systems in a Zero Trust environment . ISSO SME s shall perform all duties and responsibilities in accordance with NIST SP 800-37, Risk Management Framework for Information Systems and Organizations, DHS 4300A , Zero Trust Framework, FISMA and other applicable guidance. This position is REMOTE.

Responsibilities:

• Prepare documentation to support the operations of FedRAMP requirements.
• Develop briefings and presentations for Government PM and Executive Management.
• Provide security recommendations.
• Support Security Authorization Processes, Security Control Assessments, and Ongoing Authorization activities as required and as directed by the customer.
• Provide technical security solutions and control implementation recommendations to the development teams based on industry best practice and Federal requirements.
• Perform comprehensive document reviews (DR) on risk management and security operations documentation, in alignment with DHS, USCIS, Zero Trust and FISMA requirements.
• Perform independent reviews of system self- assessments of Zero Trust maturity

Requirements:

• 10 + years of experience managing IT projects and programs or specialized experience in one of the below positions: Information System Security Officer, Information System Security Engineer, Information System Security Auditor , or Information System Security Manager .
• 5+ years of experience with analyzing, assessing , and implementing corrective actions based on vulnerability and configuration management tools .
• 5+ years of experience with technical writing, administrative tasks, and conducting briefings .
• Must be a US Citizen able to obtain an agency-specific suitability / public trust clearance prior to starting .
• Experience with Federal Zero Trust requirements and assessing agency Zero Trust maturity in accordance with DHS CISA Maturity Model
• Must have and maintain at least one active certification such as CASP, GSEC, GSLC, CISSP, CEH, CISM, and CISA ; or other comparable certification which must be approved in advance by the Government PM (on a case-by-case basis) .
• Excellent customer service, analytical, problem solving, and interpersonal skills .
• Ability to work independently and function as an integral part of the team .
• Excellent oral and written communication skills; technical and business focused, with the ability to document and describe security process information collected .
• Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints .
• Demonstrated proficiency in vast array of Cyber Security platforms , such as : Security Information and Event Management (SIEM), Intrusion Detection System (IDS)/Intrusion Protection System (IPS), Data Loss Prevention (DLP), Web Application Firewalls (WAF), Threat Intel, and Endpoint Security . Advanced Microsoft Excel skills to perform extensive data mining and correlation .
• Experience working with NIST SP 800-53, RMF, FISMA, and DHS policies .
• Strong analytical and problem-solving skills .

Desired Skills and Qualifications:

• Security experience with systems in the cloud; specifically, AWS, Google, or Azure.
• Experience with CI/CD - Deployment pipeline (e.g., Jenkins, Ansible).
• A bility to provide security recommendations during the change management process.
• K nowledge of Twistlock , Nessus, and Burp Suite vulnerability scanners.
• Ability to f unction as a technical and security expert across multiple project/task areas .
• Ability to w ork on high priority, ad hoc request s such as data calls, Senior Management (CIO, CISO, etc.) Initiatives, and customer mandates .
• D eep understanding of Zero Trust and Security Regulations, such as NIST Publications an d OMB Memoranda .

We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.

EEO Statement

ASRC Federal and its Subsidiaries are Equal Opportunity employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.