Disa Acas Jobs (NOW HIRING)

ASRC Federal is seeking a highly skilled and experienced Senior ACAS (Assured Compliance Assessment Solution) Engineer to join our dynamic team. The successful candidate will be responsible for the implementation, maintenance, and optimization of our ACAS infrastructure. This role is critical for ensuring the security and compliance of our information systems with DoD and other federal regulations. The ideal candidate will have a strong background in cybersecurity, vulnerability management, and network security. This position will support our Defense Counterintelligence Security Agency (DCSA) program based out of Quantico VA.

Remote flexibility available! Telework offered with a requirement to be onsite up to three (3) days a week at Quantico Marine Corps Base VA.

Position Description:

The Assured Compliance Assessment Solution (ACAS) Engineer is a critical role responsible for the implementation, maintenance, and operational support of the ACAS suite of tools within the organization. This position focuses on ensuring continuous vulnerability scanning, configuration compliance assessments, and reporting capabilities to maintain a strong security posture and adherence to relevant security policies and regulations (e.g., NIST, DISA STIGs, CIS Benchmarks). The ACAS Engineer will collaborate with other cybersecurity professionals, system administrators, and IT staff to identify vulnerabilities, track remediation efforts, and improve overall security.

Minimum Requirements: 

• Minimum of 8+ years of experience in vulnerability management, security scanning, or cybersecurity operations.
• Hands-on experience with the Tenable ACAS suite (Nessus, SecurityCenter/Tenable.sc, NNM/Tenable.asm) is required.
• Active Secret Clearance REQUIRED, eligible to be upgraded to TS/SCI
• Must meet 8570 certification requirements at the time of hire.  IAM or IAT Level I (e.g., A+, CCNA Security, Network+ CE, SSCP, CAP, GSLC, Security+ or higher tiered 8570 certification
• Highly desired: Bachelor’s Degree, in Cybersecurity, and/or Information Systems Management or equivalent.

Responsibilities:

• ACAS Implementation and Configuration:
• Install, configure, and maintain ACAS components, including Nessus scanners, SecurityCenter/Tenable.sc, and Nessus Network Monitor (NNM)/Tenable.asm.
• Deploy and manage distributed scanning infrastructure across diverse network environments.
• Customize ACAS settings, policies, and scan templates to meet specific organizational requirements.
• Vulnerability Scanning and Analysis:
• Schedule and execute vulnerability scans using Nessus scanners.
• Analyze scan results to identify vulnerabilities, misconfigurations, and security gaps.
• Prioritize vulnerabilities based on severity, exploitability, and potential impact.
• Validate scan findings to minimize false positives.
• Compliance Assessment and Reporting:
• Configure ACAS to perform compliance assessments against industry standards and internal security policies.
• Generate comprehensive reports on vulnerability status, compliance posture, and remediation progress.
• Provide analysis and interpretation of assessment results to stakeholders.
• Develop custom reports and dashboards to visualize security metrics and trends.
• Remediation Support and Tracking:
• Collaborate with system administrators and IT staff to facilitate vulnerability remediation efforts.
• Provide guidance and technical assistance on vulnerability mitigation strategies.
• Track remediation progress and ensure timely resolution of identified issues.
• Re-scan systems to verify remediation effectiveness.
• System Administration and Maintenance:
• Perform system administration tasks for ACAS servers and databases.
• Monitor system performance and troubleshoot any issues.
• Apply security patches and software updates to ACAS components.
• Maintain accurate documentation of ACAS configuration and procedures.
• Threat Intelligence Integration:
• Integrate ACAS with threat intelligence feeds to enhance vulnerability detection capabilities.
• Correlate scan results with threat intelligence data to identify potential exploitation attempts.
• Customize ACAS policies to prioritize vulnerabilities based on threat landscape.
• Training and Documentation:
• Develop and maintain training materials for ACAS users.
• Provide training and support to IT staff on vulnerability management processes.
• Document ACAS procedures, policies, and best practices.
• Continuous Improvement:
• Stay up-to-date on the latest vulnerability trends and security threats.
• Research and evaluate new ACAS features and capabilities.
• Identify opportunities to improve ACAS effectiveness and efficiency.
• Contribute to the development of security policies and procedures.

Work Environment and Physical Demands: 

• This is primarily a Telework position with a requirement to be onsite up to three (3) days a week
• If alternate worksite is other than DCSA facilities or corporate office space, must have the reliable ability to communicate over voice (cell phone preferred) and stable, capable internet connection
• Must be able to communicate complex technical ideas to a diverse customer base both verbally and in written form