ISSO/ISSM SME

ASRC Federal is seeking experienced Information System Security Officer (ISSO) SME s with experience assessing Federal agency compliance with the DHS CISA Zero Trust Maturity Framework in support of a new government program. This program will support and augment ongoing efforts to achieve, maintain, continuously improve, and integrate ZT operational capabilities and solutions across ZT pillars. The purpose of this program is to provide enhanced capabilities and integration of operational capabilities and services across ZT pillars to accelerate ZT maturity beyond its current rate, and achieve and maintain White House, OMB, and DHS ZT maturity goals over the next two years.

ISSO/ISSM SMEs will support the security activities associated with evaluating, assessing, implementing, and managing security practices and continued operations of new and existing technologies for assigned systems in a Zero Trust environment. ISSO SMEs shall perform all duties and responsibilities in accordance with NIST SP 800-37, Risk Management Framework for Information Systems and Organizations, DHS 4300A, Zero Trust Framework, FISMA and other applicable guidance. This position is  REMOTE.

Responsibilities:

** **

• Prepare documentation to support the operations of FedRAMP requirements.

• Develop briefings and presentations for Government PM and Executive Management.

• Provide security recommendations.

• Support Security Authorization Processes, Security Control Assessments, and Ongoing Authorization activities as required and as directed by the customer.

• Provide technical security solutions and control implementation recommendations to the development teams based on industry best practice and Federal requirements.

• Perform comprehensive document reviews (DR) on risk management and security operations documentation, in alignment with DHS, USCIS, Zero Trust and FISMA requirements.

• Perform independent reviews of system self-assessments of Zero Trust maturity

ASRC Federal Advantages

• Learning and Development: After 90 days of employment, regular full-time employees are eligible to participate in our professional development program including funds annually to go towards Associate's, Bachelor's or Graduate Degrees; Industry standard professional certification; A professional certificate program; Continuing education classes; and Registration fees to attend professional conferences.

• Employee Resource Groups: That provide our employees the opportunity to collaborate and network with colleges with common interests, backgrounds, and experiences including Women's Impact Network (WIN), Multicultural ERG, Military Community (MILCOM), and Pride ERG for LGBTQ+ employees and allies.

• Purpose Driven Careers: Certified Great Place to Work; Certified Military Times' 'Best for Vets' and ~~~ 'Top 25 Veteran Employer.'

• Benefits: Comprehensive insurance packages including medical, dental, vision, life insurance, and short term/long term disability, as well as a 401K with generous company match and immediate vesting.

• Holidays: 11 paid holidays.

Requirements :

Requirements:

• Must be a US Citizen able to obtain an agency-specific suitability / public trust clearance prior to starting.

• Experience with Federal Zero Trust requirements and assessing agency Zero Trust maturity in accordance with DHS CISA Maturity Model

• Must have and maintain at least one active certification such as CASP, GSEC, GSLC, CISSP, CEH, CISM, and CISA; or other comparable certification which must be approved in advance by the Government PM (on a case-by-case basis).

• 10+ years of experience managing IT projects and programs or specialized experience in one of the below positions: Information System Security Officer, Information System Security Engineer, Information System Security Auditor, or Information System Security Manager.

• 5+ years of experience with analyzing, assessing, and implementing corrective actions based on vulnerability and configuration management tools.

• 5+ years of experience with technical writing, administrative tasks, and conducting briefings.

• Excellent customer service, analytical, problem solving, and interpersonal skills.

• Ability to work independently and function as an integral part of the team.

• Excellent oral and written communication skills; technical and business focused, with the ability to document and describe security process information collected.

• Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints.

• Demonstrated proficiency in vast array of Cyber Security platforms, such as: Security Information and Event Management (SIEM), Intrusion Detection System (IDS)/Intrusion Protection System (IPS), Data Loss Prevention (DLP), Web Application Firewalls (WAF), Threat Intel, and Endpoint Security.

• Advanced Microsoft Excel skills to perform extensive data mining and correlation.

• Experience working with NIST SP 800-53, RMF, FISMA, and DHSpolicies.

• Strong analytical and problem-solving skills.

Desired Skills and Qualifications:

• Security experience with systems in the cloud; specifically, AWS, Google, or Azure.

• Experience with CI/CD - Deployment pipeline (e.g., Jenkins, Ansible).

• Ability to provide security recommendations during the change management process.

• Knowledge of Twistlock, Nessus, and Burp Suite vulnerability scanners.

• Ability to function as a technical and security expert across multiple project/task areas.

• Ability to work on high priority, ad hoc requests such as data calls, Senior Management (CIO, CISO, etc.) Initiatives, and customer mandates.

• Deep understanding of Zero Trust and Security Regulations, such as NIST Publications and OMBMemoranda.

ASRC Federal and its Subsidiaries are Equal Opportunity / Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.