Cybersecurity Project Manager

429 L'Enfant Plaza SW, Washington, DC 20024, USA Req #1047

Friday, February 14, 2025

ASRC Federal is a leading government contractor furthering missions in space, public health and defense. As an Alaska Native owned corporation, our work helps secure an enduring future for our shareholders. Join our team and discover why we are atop veteran employer (https://www.asrcfederal.com/asrc-federal-earns-military-times-best-for-vets-and-military-com-top-25-veteran-employer-honors/) andCertified Great Place to Work™ (https://www.asrcfederal.com/asrc-federal-receives-great-place-to-work-certification-for-2024/)

ASRC Federal is a seeking a Cybersecurity Project Manager supporting the Department of Energy.The Cybersecurity Project Manager will beresponsible formanaging the cybersecurity task, overseeing contracted personnel, and supporting the design and enhancement of the customer's cybersecurity program. The role involves managing governance, risk, and compliance activities, developing cybersecurity policies, conducting risk assessments, and providing technical support for IT systems at headquarters and field sites. The Project Manager will also perform security monitoring, support information assurance, and conduct penetration testing. The ideal candidatepossessesextensive experience in cybersecurity, technicalexpertise, and the ability to lead major technology assignments. The candidate must have at least 10 years of relevant experience and a bachelor's degree in a related field.

Key Responsibilities:

1. Project Management:

• Provide project management for the cybersecurity task, including information systems continuous monitoring, penetration testing, an enterprise oversight network, and compliance.

• Manage, oversee, and supervise the activities of all contracted and/or subcontracted personnel assigned to the cybersecurity task serving on this contract.

• Support the design, implementation, maturity, and continual enhancement of the customer's cybersecurity program.

• Manage governance, risk, and compliance planning and reporting activities.

• Develop risk, compliance, and information system continuous monitoring strategies.

• Recommend, develop, and implement independent cybersecurity assessment processes for information systems.

• Oversee independent cybersecurity assessments.

• Develop cybersecurity implementation policies and guidelines.

• Establish andmaintainstakeholder communication channels.

• Identifyopportunities for new and improved business process solutions.

1. Cyber Operations – Headquarters Security System (HQSS):

• Support the customer in managing all aspects of its Cybersecurity program, including IT systems at headquarters and field sites, stand-alone and network National Security Systems (NSS),general supportsystems, industrial controlsystems (ICS), supervisory control and data acquisition (SCADA) systems, industrial monitoring systems, wireless systems, and networks.

1. Security Architecture:

• Support design and development activities, provide technical and cybersecurity guidance and feedback.

• Perform risk assessments of proposed changes to network software and hardware, as well asnew technology.

• Provide guidance and technicalexpertisefor the development and updating of System Security Plans (SSP) for ICS andgeneral supportsystems.

• Update the MIPP Architecture, perform strategic planning, and document a Defense in Depth model.

• Provide recommendations on new cyber policies.

• Perform cybersecurity oversight,manageand track cybersecurity system documentation, and perform oversight and peer review of risk advisories, DHS Binding Operational Directives, and Emergency Directives.

• Draft technical white papers and provide documented suggestions and best practices for boundary network and application topologies.

1. Information System Security Officer (ISSO) Support:

• Perform the duties of an ISSO for all current and future boundaries that support the customer's work scope.

• Prepare and present cybersecurity briefings, develop, test, and review disaster recovery and Continuity of Operations Plans (COOPs), provide analysis of vulnerability,patchand configuration data, perform log review,establishand update ISSO SOPs, and formally register FISMA Systems.

• Draft,maintain, and update all FISMA artifacts and shepherd all Assessment and Authorization (A&A) documents through routing and signature processes.

1. Field Site Support:

• Provide technical support, detailed cyber analysis, and IT system cyber monitoring to customer Field Site IT systems usingstate-of-the-artmonitoring technologies.

• Perform security monitoring, provide analysis of audit logs, IDS/IPS logs,firewalllogs, and full packet capture data for malicious activity.

• Leverage SIEM workflow to review and clear events,maintaina master schedule of cybersecurity oversight assessments and siteassistancevisits, evaluate system controls, and document site assessment findings.

1. Information Assurance:

• Support Office of the Chief Information Officer (OCIO) and Office of Management and Budget (OMB)-required reporting, data calls, and other input.

• Develop cybersecurity reports, support the customer's Privacy Program, and provide support for ad-hoc data calls.

• Provide security support for image management activities for desktops and servers.

• Prepare quarterly and annual Federal Information Security Management Act (FISMA) reports.

• Develop andmaintainCybersecurity/Privacy Dashboards.

1. Penetration Testing/Purple Team:

• Conduct White Hat and Grey Hat penetration testing/Purple Teaming of customer site mission system IT systems, perform research on current threats,establishRules of Engagement,maintaina master schedule, test systems for vulnerabilities, draft reports, and perform out briefings.

Qualifications:

• Possesses and appliesexpertiseacross key tasks and high-impact assignments.

• Plans and leads major technology assignments.

• Evaluates performance results and recommends major changes affecting short-term project growth and success.

• Functions as a technical expert across multiple project assignments.

• May supervise others.

• Mustpossessat least 10 years of relevant work experience and a bachelor's degree from an accredited university in a related field.

• A postgraduate degree from an accredited university may substitute for 6 years of experience.

• One year of relevant experience may be substituted for one year of required education.

Successful candidate is subject to a background investigation by the government and must be able to meet the requirements to hold a Q clearance.

We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.

EEO Statement

ASRC Federal and its Subsidiaries are Equal Opportunity employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.

Other details

• Job FamilyInformation Technology

• Job Sub-FamilyCyber Security

• Pay TypeSalary

• 429 L'Enfant Plaza SW, Washington, DC 20024, USA

<