T3021 - Senior Information Security Engineer

ASRC Federal is a leading government contractor furthering missions in space, public health and defense. As an Alaska Native owned corporation, our work helps secure an enduring future for our shareholders. Join our team and discover why we are a top veteran employer and Certified Great Place to Work

ASRC Federal Cyber is seeking an Information System Security Officer at Fort Greely, Alaska.

We are looking for a qualified Information Systems Security Officer (ISSO) to join our organization. As an ISSO, you will be responsible for developing and implementing security measures to protect our computer systems, networks, and digital information. You will work closely with the IT team and management to identify potential security vulnerabilities, analyze security risks, and ensure compliance with industry regulations. The ideal candidate should have a solid understanding of information security principles, excellent problem-solving skills, and the ability to communicate effectively with both technical and non-technical personnel.

The current job duties and responsibilities include:

• Collaborate with internal and external stakeholders to address security concerns, implement security standards, and ensure compliance with regulatory requirements.
• Educate and train employees on best practices for information security, data privacy, and incident response.
• Manages major national/international infosec programs.
• Provide Risk Management Framework (RMF) support and expertise to System Owners ensuring they maintain an appropriate operational cybersecurity posture.
• Analyze and ensure the security posture of systems hosted in cloud and on premises environments.
• Maintain documentation for Risk Management Framework Assessment and Authorization (A&A) in accordance with DOJ policies.
• Assess the impacts on system modifications and technological advances.
• Conduct regular risk assessments to identify potential security vulnerabilities and recommend appropriate countermeasures to amend vulnerabilities, implement changes, and document upgrades.
• Monitor and analyze security logs and reports to identify and respond to potential security incidents.
• Ensure appropriate security controls and measures are in place to safeguard systems, applications, networks, and data.
• Anticipate cybersecurity risks to the organization and provide recommendations to reduce and/or mitigate risk to the organization.
• Advise functional expert management staff on cybersecurity issues pertaining to specific operating systems, hardware, technology, and methodology.
• Develop policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks and data; designs and implements monitoring, tracking, and reporting procedures and develops and manages short- and long-range plans for addressing cybersecurity needs
• Determine information security requirements by evaluating organization business strategies and requirements, researching information security standards; conducting system security and vulnerability analysis and risk assessments, assessing industry architectures/platforms and relative security benefits, and identifying architecture/platform integration issues that prevent the strongest possible security posture.
• Provide proactive advisement to the customer on the security of systems and cybersecurity practices, thought leadership, and successfully complete new system ATOs.

Requirements and Qualifications

• Must be able to obtain and maintain a Secret Clearance.
• Ability to pass pre-employment drug screen.
• Bachelors degree in Computer Science, Information Technology, or a related field
• CompTIA Security+ certificate required. Relevant certifications (e.g., CISSP, CISM, etc.) a plus.
• 2-4 years of proven work experience as an Information Systems Security Officer or a similar role, preferably in a complex organizational setting.
• In-depth knowledge of information security principles, methodologies, and best practices.
• 2+ years of experience in conducting risk assessments and implementing security controls. This includes applying the NIST Risk Management Framework to ensure the security of information systems.
• Proficiency in using security tools and technologies such as GRC tools: eMass, Xacta, CSAM, or similar (CSAM preferred)
• Experience managing the POA&M lifecycle and achieving new ATOs (Understand documents related to ATOs)
• Strong analytical and problem-solving skills to identify security gaps and develop effective mitigation strategies.
• Experience analyzing and ensuring the security posture of systems hosted in a cloud environment.
• Knowledge of incident response procedures and familiarity with forensic tools
• Excellent written and verbal communication skills to effectively communicate complex security matters to technical and non-technical audiences.
• Ability to work independently and collaborate with cross-functional teams to achieve common security goals.
• Prior experience leading a team

We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law. The salary offered will depend on several factors including, but not limited to, relevant experience, skills, education, geographic location, internal equity, business needs, and other factors permitted by law. Posted pay ranges are a general guideline only and are not a guarantee of compensation or salary.

EEO Statement

ASRC Federal and its Subsidiaries are Equal Opportunity employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.