This job is closed
We regret to inform you that the job you were interested in has been closed. Although this specific position is no longer available, we encourage you to continue exploring other opportunities on our job board.
Arctic Slope Regional Corporation - Alexandria, VA
posted 2 months ago
Full-time
Remote - Alexandria, VA
Support Activities for Mining
About the position
ASRC Federal is seeking a Cybersecurity Supply Chain Risk Management Engineer to oversee the development and maintenance of a Software Bill of Materials (SBoM) to ensure compliance with cybersecurity standards. This role involves leading the implementation of the Sonatype SBoM tool, performing software security scans, and collaborating with stakeholders to mitigate risks associated with software dependencies and supply chain vulnerabilities.
Responsibilities
- Develop and maintain a comprehensive Software Bill of Materials (SBoM) for the organization.
- Implement and manage the Sonatype SBoM tool, ensuring accurate tracking of software components.
- Perform regular analysis of SBoM scans, ensuring secure integration of software libraries and dependencies.
- Collaborate with legal and compliance teams to ensure open-source software adheres to licensing requirements.
- Lead supply chain risk management efforts, ensuring unauthorized or risky software components are not integrated into systems.
- Work with program owners to guide decisions on software integration and migration, such as transitioning frameworks (e.g., Angular to Spring).
- Develop and maintain a risk register for supply chain risks, identifying critical suppliers and high-risk areas.
- Establish and enforce security controls, policies, and procedures to mitigate supply chain risks.
- Lead efforts to implement risk mitigation strategies, including vendor audits and continuous monitoring.
- Conduct due diligence of suppliers, ensuring adherence to cybersecurity standards and best practices.
- Manage relationships with vendors, focusing on improving supply chain resilience and resolving cybersecurity issues.
- Support audits and maintain documentation related to supply chain cybersecurity compliance.
- Stay informed on the latest regulations and best practices in supply chain cybersecurity and integrate them into organizational processes.
Requirements
- Active secret clearance is required
- Bachelor's degree in computer science, Cybersecurity, Information Technology, or a related field. Equivalent work experience may be considered.
- Demonstrate and maintain knowledge to meet DOD 8140 requirements through education, training, or personnel certification such as but not limited to an active DoD 8570 IA baseline security certification
- 8+ years of experience in information technology/cybersecurity operations
- Experience with supply chain risk management in the context of software development and cybersecurity.
- Familiarity with Sonatype tools and SBoM concepts.
- Strong understanding of open-source software licensing models and compliance
- Familiarity with supply chain technologies and their potential cybersecurity risks.
- Knowledge of cybersecurity practices, especially in a DoD context.
