What are the responsibilities and job description for the Remote Cyber Security Engineer - Software Supply Chain Risk Management - Security Clearance Required position at ASRC Federal?
ASRC Federal NetCentric Technology is seeking a remote Cybersecurity Supply Chain Risk Management to join our team at DMDC. In this critical role, you will oversee the development and maintenance of a Software Bill of Materials (SBoM) to ensure the organization’s software supply chain complies with cybersecurity standards. You will lead the implementation and management of the Sonatype SBoM tool, perform regular software security scans, and collaborate with key stakeholders to mitigate risks associated with software dependencies and supply chain vulnerabilities. This position will require collaboration across multiple teams to ensure the security and compliance of the software supply chain and the ongoing management of supply chain risks. The ideal candidate will have strong expertise in supply chain cybersecurity, vendor management, and risk mitigation strategies.
Key Responsibilities :
- Develop and maintain a comprehensive Software Bill of Materials (SBoM) for the organization.
- Implement and manage the Sonatype SBoM tool, ensuring accurate tracking of software components.
- Perform regular analysis of SBoM scans, ensuring secure integration of software libraries and dependencies.
- Collaborate with legal and compliance teams to ensure open-source software adheres to licensing requirements.
- Lead supply chain risk management efforts, ensuring unauthorized or risky software components are not integrated into systems.
- Work with program owners to guide decisions on software integration and migration, such as transitioning frameworks (e.g., Angular to Spring).
- Develop and maintain a risk register for supply chain risks, identifying critical suppliers and high-risk areas.
- Establish and enforce security controls, policies, and procedures to mitigate supply chain risks.
- Lead efforts to implement risk mitigation strategies, including vendor audits and continuous monitoring.
- Conduct due diligence of suppliers, ensuring adherence to cybersecurity standards and best practices.
- Manage relationships with vendors, focusing on improving supply chain resilience and resolving cybersecurity issues.
- Support audits and maintain documentation related to supply chain cybersecurity compliance.
- Stay informed on the latest regulations and best practices in supply chain cybersecurity and integrate them into organizational processes.
Required Qualifications :
Advantages of Working at ASRC Federal :
Learning and Development :
After 90 days of employment, regular full-time employees are eligible for our professional development program. This includes annual funding for :
Pursuing Associate’s, Bachelor’s, or Graduate Degrees.
Employee Resource Groups (ERGs) :
Engage with colleagues through our ERGs, which foster networking and collaboration among individuals with shared interests, backgrounds, and experiences. Our ERGs include :
Women’s Impact Network (WIN).
Purpose-Driven Careers :
Join a company recognized as a :
Certified Great Place to Work .
Comprehensive Benefits :
Embark on a career with ASRC Federal, where your growth, purpose, and well-being are at the forefront of what we do.
We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.
EEO Statement
ASRC Federal and its Subsidiaries are Equal Opportunity / Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.
Apply Now
