Job Information
ASRC Federal Holding Company Remote Cyber Security Engineer - Software Supply Chain Risk Management in Alexandria, Virginia
Remote Cyber Security Engineer - Software Supply Chain Risk Management
Alexandria, VA, USA Req #213
Friday, December 6, 2024
ASRC Federal NetCentric Technology is seeking a remote Cybersecurity Supply Chain Risk Management to join our team at DMDC. In this critical role, you will oversee the development and maintenance of a Software Bill of Materials (SBoM) to ensure the organization’s software supply chain complies with cybersecurity standards. You will lead the implementation and management of the Sonatype SBoM tool, perform regular software security scans, and collaborate with key stakeholders to mitigate risks associated with software dependencies and supply chain vulnerabilities. This position will require collaboration across multiple teams to ensure the security and compliance of the software supply chain and the ongoing management of supply chain risks. The ideal candidate will have strong expertise in supply chain cybersecurity, vendor management, and risk mitigation strategies.
Key Responsibilities:
• Develop and maintain a comprehensive Software Bill of Materials (SBoM) for the organization.
• Implement and manage the Sonatype SBoM tool, ensuring accurate tracking of software components.
• Perform regular analysis of SBoM scans, ensuring secure integration of software libraries and dependencies.
• Collaborate with legal and compliance teams to ensure open-source software adheres to licensing requirements.
• Lead supply chain risk management efforts, ensuring unauthorized or risky software components are not integrated into systems.
• Work with program owners to guide decisions on software integration and migration, such as transitioning frameworks (e.g., Angular to Spring).
• Develop and maintain a risk register for supply chain risks, identifying critical suppliers and high-risk areas.
• Establish and enforce security controls, policies, and procedures to mitigate supply chain risks.
• Lead efforts to implement risk mitigation strategies, including vendor audits and continuous monitoring.
• Conduct due diligence of suppliers, ensuring adherence to cybersecurity standards and best practices.
• Manage relationships with vendors, focusing on improving supply chain resilience and resolving cybersecurity issues.
• Support audits and maintain documentation related to supply chain cybersecurity compliance.
• Stay informed on the latest regulations and best practices in supply chain cybersecurity and integrate them into organizational processes.
Required Qualifications:
• Active secret clearance is required
• Bachelor’s degree in computer science, Cybersecurity, Information Technology, or a related field. Equivalent work experience may be considered.
• Demonstrate and maintain knowledge to meet DOD 8140 requirements through education, training, or personnel certification such as but not limited to an active DoD 8570 IA baseline security certification
• 8+ years of experience in information technology/cybersecurity operations
• Experience with supply chain risk management in the context of software development and cybersecurity.
• Familiarity with Sonatype tools and SBoM concepts.
• Strong understanding of open-source software licensing models and compliance
• Familiarity with supply chain technologies and their potential cybersecurity risks.
• Knowledge of cybersecurity practices, especially in a DoD context
Advantages of Working at ASRC Federal:
Learning and Development: After 90 days of employment, regular full-time employees are eligible for our professional development program. This includes annual funding for:
Pursuing Associate’s, Bachelor’s, or Graduate Degrees.
Obtaining industry-standard professional certifications.
Participating in professional certificate programs.
Covering registration fees for professional conferences.
Employee Resource Groups (ERGs): Engage with colleagues through our ERGs, which foster networking and collaboration among individuals with shared interests, backgrounds, and experiences. Our ERGs include:
Women’s Impact Network (WIN).
Multicultural ERG.
Military Community (MILCOM).
Pride ERG for LGBTQ+ employees and allies.
Purpose-Driven Careers: Join a company recognized as a:
Certified Great Place to Work .
Military Times’ Best for Vets Employer.
Military.com’s Top 25 Veteran Employer .
Comprehensive Benefits:
Insurance Coverage : Comprehensive plans for medical, dental, vision, life insurance, and short-term/long-term disability.
Paid Leave : Inclusive policies for bereavement, military obligations, and parental needs, along with 11 paid holidays annually.
Retirement Savings : A 401(k) plan with a generous company match and immediate vesting to help secure your financial future.
Incentives : Employee referral bonuses to reward you for helping grow the ASRC Federal Family
Embark on a career with ASRC Federal, where your growth, purpose, and well-being are at the forefront of what we do.
We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.
EEO Statement
ASRC Federal and its Subsidiaries are Equal Opportunity /Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.
Other details
Job FamilyInformation Technology
Job Sub-FamilyCyber Security
Pay TypeSalary
Travel RequiredNo
Alexandria, VA, USA
<