ACAS Engineer

ASRC Federal is a leading government contractor furthering missions in space, public health and defense. As an Alaska Native owned corporation, our work helps secure an enduring future for our shareholders. Join our team and discover why we are a top veteran employer and Certified Great Place to Work™

ASRC Federal is actively hiring an Assured Compliance Assessment Solution (ACAS) Engineer in support of our Defense Counterintelligence Security Agency (DCSA) program based out of Quantico VA.

Remote flexibility available! Telework offered with a requirement to be onsite up to two (2) days a week at Quantico Marine Corps Base VA.

Position Description:

The Assured Compliance Assessment Solution (ACAS) Engineer is a critical role responsible for the implementation, maintenance, and operational support of the ACAS suite of tools within the organization. This position focuses on ensuring continuous vulnerability scanning, configuration compliance assessments, and reporting capabilities to maintain a strong security posture and adherence to relevant security policies and regulations (e.g., NIST, DISA STIGs, CIS Benchmarks). The ACAS Engineer will collaborate with other cybersecurity professionals, system administrators, and IT staff to identify vulnerabilities, track remediation efforts, and improve overall security.

Minimum Requirements:

• Minimum of 5 - 7 years of experience in vulnerability management, security scanning, or cybersecurity operations.
• Hands-on experience with the Tenable ACAS suite (Nessus, SecurityCenter/Tenable.sc, NNM/Tenable.asm) is required.
• Active Secret Clearance REQUIRED, eligible to be upgraded to TS/SCI
• Bachelor's Degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Must meet 8570 certification requirements at the time of hire. IAM or IAT Level I (e.g., A+, CCNA Security, Network+ CE, SSCP, CAP, GSLC, Security+ or higher tiered 8570 certification

Responsibilities:

• ACAS Implementation and Configuration:
• Install, configure, and maintain ACAS components, including Nessus scanners, SecurityCenter/Tenable.sc, and Nessus Network Monitor (NNM)/Tenable.asm.
• Deploy and manage distributed scanning infrastructure across diverse network environments.
• Customize ACAS settings, policies, and scan templates to meet specific organizational requirements.
• Vulnerability Scanning and Analysis:
• Schedule and execute vulnerability scans using Nessus scanners.
• Analyze scan results to identify vulnerabilities, misconfigurations, and security gaps.
• Prioritize vulnerabilities based on severity, exploitability, and potential impact.
• Validate scan findings to minimize false positives.
• Compliance Assessment and Reporting:
• Configure ACAS to perform compliance assessments against industry standards and internal security policies.
• Generate comprehensive reports on vulnerability status, compliance posture, and remediation progress.
• Provide analysis and interpretation of assessment results to stakeholders.
• Develop custom reports and dashboards to visualize security metrics and trends.
• Remediation Support and Tracking:
• Collaborate with system administrators and IT staff to facilitate vulnerability remediation efforts.
• Provide guidance and technical assistance on vulnerability mitigation strategies.
• Track remediation progress and ensure timely resolution of identified issues.
• Re-scan systems to verify remediation effectiveness.
• System Administration and Maintenance:
• Perform system administration tasks for ACAS servers and databases.
• Monitor system performance and troubleshoot any issues.
• Apply security patches and software updates to ACAS components.
• Maintain accurate documentation of ACAS configuration and procedures.
• Threat Intelligence Integration:
• Integrate ACAS with threat intelligence feeds to enhance vulnerability detection capabilities.
• Correlate scan results with threat intelligence data to identify potential exploitation attempts.
• Customize ACAS policies to prioritize vulnerabilities based on threat landscape.
• Training and Documentation:
• Develop and maintain training materials for ACAS users.
• Provide training and support to IT staff on vulnerability management processes.
• Document ACAS procedures, policies, and best practices.
• Continuous Improvement:
• Stay up-to-date on the latest vulnerability trends and security threats.
• Research and evaluate new ACAS features and capabilities.
• Identify opportunities to improve ACAS effectiveness and efficiency.
• Contribute to the development of security policies and procedures.

Work Environment and Physical Demands:

• This is primarily a Telework position with a requirement to be onsite up to two (2) days a week
• If alternate worksite is other than DCSA facilities or corporate office space, must have the reliable ability to communicate over voice (cell phone preferred) and stable, capable internet connection
• Must be able to communicate complex technical ideas to a diverse customer base both verbally and in written form

We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.

EEO Statement

ASRC Federal and its Subsidiaries are Equal Opportunity employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.