ASRC Federal is a leading government contractor furthering missions in space, public health and defense. As an Alaska Native owned corporation, our work helps secure an enduring future for our shareholders. Join our team and discover why we are a top veteran employer and Certified Great Place to Work
ASRC Federal has an exciting opportunity for an Information System Security Engineer (ISSE) in Dayton, Ohio. This position offers a sign-on bonus.
Our desire is to build a team of highly qualified professionals that will provide expertise in Cybersecurity, Cloud, and Systems Engineering, who will support the development and sustainment of unique secure enclaves at the edge, that provide enterprise services and cyber network defense capabilities to customers across the DoD. This team will provide engineering expertise using technologies such as ePO, Splunk, ACAS, Azure Automation, STIG/SCAP, and other enterprise capabilities. The Information Systems Security Engineer (ISSE) shall perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations and recommend mitigation strategies.
Responsibilities:
Engineer unique solutions to support ongoing Cyber Threat and Cyber Defensive Operations.
Automate threat assessment and reporting activities.
Analyze and report system and organizational security posture trends to the ISSM/ISSO.
Provide cybersecurity recommendations to the ISSM based on significant threats and vulnerabilities.
Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.
Plan and recommend modifications or adjustments based on exercise results.
Mitigate or correct security deficiencies identified during security and certification testing and/or recommend risk acceptance to the ISSM
Audit support responsibilities
Analyze and report organizational security posture trends to the ISSM/ISSO
Analyze and report system security posture trends to the ISSM/ISSO
Apply security policies to meet security objectives of the system to the ISSM/ISSO
Assess adequate access controls based on principles of least privilege and need-to-know and reports findings to the ISSM/ISSO
Assess all the configuration management (change configuration/release management) processes and reports findings to the ISSM/ISSO
Assess the effectiveness of security controls and reports findings to the ISSM
Be able to develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements
Ensure all systems security operations and maintenance activities are properly documented and updated as necessary
Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level and reports findings to the ISSM
Implement security measures to resolve vulnerabilities, mitigate risks and recommend security changes to system or system components as needed
Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation
Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance to the ISSM
Plan and recommend modifications or adjustments based on exercise results or system environment
Properly document all systems security implementation, operations and maintenance activities and updates necessary
Provides cybersecurity recommendations to the ISSM based on significant threats and vulnerabilities
Verify and update security documentation reflecting the application/system security design features
Verify minimum security requirements are in place for all applications
Assists the ISSM/ISSO in identifying the security requirements for the system, including the confidentiality, integrity, and availability of data
Assists the ISSM/ISSO in describing and documenting the security controls that will be implemented to meet the security requirements
Assists the ISSM/ISSO in describing and documenting the procedures that will be used to manage security risks and incidents
Assists the ISSM/ISSO in describing and documenting how the security controls will be monitored and tested to ensure that they are effective
Assists the ISSM/ISSO in describing and documenting how changes to the system will be managed to minimize security risks
Assists the ISSM/ISSO in describing and documenting how the system will be recovered in the event of a security incident
Assists the ISSM/ISSO in the collection and organization of supporting documentation and diagrams needed for an Authority to Operate Package
Assists the ISSM/ISSO with conducting a security assessment of the system. This includes identifying the system's assets, threats, vulnerabilities, and risks.
Assists the ISSM/ISSO with developing a risk management plan. This plan identifies the security controls that will be implemented to mitigate the risks to the system.
Assists the ISSM/ISSO in writing the System Security Plan or updating a System Security Plan Addendum
Assists the ISSM/ISSO in reviewing and updating the System Security Plan or Addendum
Assists the ISSM/ISSO in ensuring that the SSP is compliant with applicable DoD security policies and procedures
Monitors and investigates security breaches
Educates employees or clients about security procedures and programs
Other duties as assigned
Requirements:
Must have a DoD Top Secret w/ SCI eligibility.
Advanced technical competency and experience in one or more of the following areas: Active Directory Domain Services, Active Directory Federated Services, Active Directory Certificate Services, Windows Server Update Services, ePO, Splunk, STIG/SCAP, YUM, ACAS Automation, and Azure Monitor / Log Analytics.
Security+ Certification
5+ years related experience in SCI/SAP environments.
Bachelor's degree in computer science, Engineering, Finance, Business, or related field AND 3+ years leadership experience in relevant area of business OR equivalent experience.
8-12 years demonstrated performance in related technology.
Additional or Preferred Qualifications
5+ years leadership experience in relevant area of business.
We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law. The salary offered will depend on several factors including, but not limited to, relevant experience, skills, education, geographic location, internal equity, business needs, and other factors permitted by law. Posted pay ranges are a general guideline only and are not a guarantee of compensation or salary.
EEO Statement
ASRC Federal and its Subsidiaries are Equal Opportunity employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.
Job Details
Job Family Information Technology
Job Function Information Security
Pay Type Salary
