Principal Cyber Security Engineer

ASRC Federal•Washington, DC

3d•$142,078 - $241,558•Hybrid

About The Position

ASRC Federal Technology Solutions is looking for an experienced Information Systems Security Officer (ISSO) responsible for ensuring the confidentiality, integrity, and availability of information systems by implementing and maintaining security controls in compliance with organizational policies, federal regulations, and industry standards. The ISSO serves as a key member of a small cybersecurity team and must be independently motivated to ensure the protection of key system while working closely with the client to maintain expectations. Responsible for overseeing the security posture of assigned systems, conducting risk assessments, and ensuring compliance with frameworks such as NIST, FISMA, and FedRAMP.

Requirements

Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).
8 years of experience in cybersecurity, information assurance, or a related field.
Experience with security frameworks such as NIST 800-53, FISMA, and FedRAMP.
Prior experience as an ISSO supporting system security authorization processes.
Ability to obtain a DOE Q Clearance (TS Equivalent).

Nice To Haves

Preferred certifications include CISSP, CISA, CISM, CompTIA Security+, CAP, or other relevant cybersecurity certifications.
Strong knowledge of cybersecurity principles, risk management, and security controls.
Proficiency in security tools (e.g., Nessus, Splunk, or similar).
Excellent analytical, problem-solving, and communication skills.
Ability to work independently and collaboratively in a fast-paced environment.

Responsibilities

Developing, implementing and maintaining System Security Plans (SSPs) for assigned information system(s).
Monitor and evaluate system security controls, on a daily/weekly/monthly frequency, to ensure ongoing compliance with organizational and regulatory requirements.
Conduct regular security assessments, evaluate vulnerability scans, and monitor audits to identify and mitigate risks.
Applying the NIST SP 800-53, Security and Privacy Controls for Information Systems and Organizations document.
Work closely with technical staff to explain and interpret NIST security controls to address both obvious and interpreted control requirements.
Coordinate with system owners and stakeholders to address security vulnerabilities and implement corrective actions.
Briefing leadership on ongoing system risk posture.
Maintain Plan of Actions and Milestones (POA&M) to track and resolve security weaknesses.
Respond to compliance reporting requirements for system performance.
Ensure systems comply with federal regulations (e.g., FISMA, FedRAMP) and organizational policies.
Prepare and submit security documentation, including Authorization to Operate (ATO) and Authorization to Test (ATT) packages, to authorizing officials.
Provide ongoing reports on system security status, incidents, and compliance to leadership and auditors.
Escalating concerns before missing deadlines or significant change in risk posture.
Support incident response activities, including identification, containment, and remediation of security incidents.
Document and report security incidents in accordance with organizational incident response plans.
Participate in tabletop exercises and post-incident reviews to improve security processes.