Arctic Slope Regional Corporation
posted 27 days ago
Full-time - Mid Level
Remote
Support Activities for Mining
About the position
ASRC Federal is seeking an experienced Cyber Security Independent Assessor to evaluate and assess Federal agency compliance with the DHS CISA Zero Trust Maturity Framework. This role supports a government program aimed at enhancing Zero Trust operational capabilities and achieving maturity goals set by the White House, OMB, and DHS over the next two years. The position involves managing security practices and operations in a Zero Trust environment, ensuring compliance with various federal guidelines and frameworks.
Responsibilities
- Prepare documentation to support the operations of FedRAMP requirements.
- Develop briefings and presentations for Government PM and Executive Management.
- Provide security recommendations.
- Support Security Authorization Processes, Security Control Assessments, and Ongoing Authorization activities as required and as directed by the customer.
- Provide technical security solutions and control implementation recommendations to the development teams based on industry best practice and Federal requirements.
- Perform comprehensive document reviews (DR) on risk management and security operations documentation, in alignment with DHS, USCIS, Zero Trust and FISMA requirements.
- Perform independent reviews of system self-assessments of Zero Trust maturity.
Requirements
- Must be a US Citizen able to obtain an agency-specific suitability / public trust clearance prior to starting.
- Familiarity with Federal Zero Trust requirements and assessing agency Zero Trust maturity in accordance with DHS CISA Maturity Model.
- Will have or be able to attain at least one active certification such as CASP, GSEC, GSLC, CISSP, CEH, CISM, and CISA; or other comparable certification which must be approved in advance by the Government PM (on a case-by-case basis).
- 2 - 4 years of experience with analyzing, assessing, and implementing corrective actions based on vulnerability and configuration management tools.
- 2 - 4 years of experience with technical writing, administrative tasks, and conducting briefings.
- Bachelor's Degree.
- Familiarity with NIST SP 800-53, RMF, FISMA, and DHS policies. Strong analytical and problem-solving skills.
Nice-to-haves
- Security experience with systems in the cloud; specifically, AWS, Google, or Azure.
- Experience with CI/CD - Deployment pipeline (e.g., Jenkins, Ansible).
- Ability to provide security recommendations during the change management process.
- Knowledge of Twistlock, Nessus, and Burp Suite vulnerability scanners.
- Ability to function as a technical and security expert across multiple project/task areas.
- Ability to work on high priority, ad hoc requests such as data calls, Senior Management (CIO, CISO, etc.) Initiatives, and customer mandates.
- Deep understanding of Zero Trust and Security Regulations, such as NIST Publications and OMB Memoranda.
Benefits
- Health care
- Dental insurance
- Vision insurance
- Life insurance
- 401(k)
- Education assistance
- Paid time off including PTO, holidays, and any other paid leave required by law.
