Ashburn Consulting, LLC, based in the Washington, DC metropolitan area, specializes in providing network and network security solutions in complex environments to a select set of government and business clients. The company, an established leader in it's field, is composed of an elite team of engineers and business consultants, each of whom is recognized —and highly regarded—within the network and security communities.
Ashburn’s professionals have many years of field experience in large-scale environments, as well as backgrounds that encompass the full technology life cycle: analysis, design, planning, development, implementation, and ongoing support. This, combined with ongoing training and certification in the latest technologies, allows us to engineer optimized, comprehensive client solutions. At Ashburn Consulting, we pride ourselves on bringing our clients an exceptional depth of knowledge and breadth of service.

Since 2020, Ashburn Consulting has been in a growth mode and continuing to expand in both government and private markets. We continue to add individuals who possess high level networking expertise for our long-standing list of federal government, state and local government, and private sector clients. 

Why should you consider Ashburn Consulting for your next career move?

·      Long term clientele offering long-standing career paths
·      Highly competitive compensation
·      Comprehensive benefits (Vacation, Holiday, 401K, Dental, Vision)
·      Company culture built on Integrity, honesty and teamwork.
·      Leadership's commitment to professional career development

The position is a Hybrid 2 days onsite supporting our Client’s Risk Management Program to achieve the requirements stated above for Continuous Monitoring and Agile Security Services.

This opportunity is a consulting with potential to fulltime. We are looking for someone to initially be a SME as a consultant assisting our Leadership team developing and presenting for RFP.
Should we get the award, the said consultant would move into the fulltime role as the Information Security Engineer. 

The key responsibilities to the role is to establish an innovative, proactive cybersecurity solutions and dynamic agile capabilities to support the Risk Management Program and optimize each functional area.

To enhance the Risk Management Program, modernize and enhance the Client’s authorization and continuous monitoring capabilities through the automation and oversight of monitoring solutions.

Continuous support of the following Risk Management Program areas:

·       Risk Management Program Services

·       Agile Security Services

Duties supporting Risk Management Program Services:

·       Successful execution of the CLIENT Risk Management Program and identification and implementation of process improvements and efficiencies.

·       Risk Management Program Support and including direct subject matter expert expertise provided to the Risk Management Branch Chief.

·       Maintenance, support, development, and evolution of automated tools to support compliance and risk monitoring.

·       Development and maintenance of a comprehensive ISSO Training Program.

·       Evaluate and optimize existing services/functions consistent with the NIST Risk Management and Cyber Security Frameworks as well as FISCAM controls.

·       Automate reporting mechanisms by creating new (or leveraging existing) CLIENT tools and processes, as well as industry best practice techniques.

·       Develop and implement innovative technology, streamlined capabilities and processes that strengthen, enhance, and improve the functional areas identified in this SOW.

·       Perform oversight and management of onboarding, terminations, work products, and management of resources, performance, and cost.

·       Serve as the Government’s single point of contact for all contract actions, questions, and recommendations.

·       Identify and resolve issues and risks that could adversely impact performance, costs and/or delivery schedule.

·       Prepare status reports and briefings for management review.

·       Maintain, support, develop, and evolve the automation toolset to support the Risk Management Program including, but not limited to, Splunk Dashboards, Robotic Process Automation (RPA) using UI Path, and Swimlane.

·       Develop Splunk alerts and email notifications supporting continuous monitoring events.

·       Provide support as necessary to develop and evolve workflows in support of Continuous Monitoring and Internal Control Testing processes.

·       Provide subject matter expertise to a variety of high priority, time‐sensitive tasks including, but not limited to: FedRAMP and emerging technology risk analyses, document reviews (internal and external), and enterprise‐level remediation efforts.

·       Analyze changes to the FISMA metrics with the annual Information Security Performance Plan (ISPP) and identify the potential effects on the CLIENT FISMA Scorecard.

·       Establish and implement internal processes for managing data associated with reoccurring data calls.

·       Conduct analysis of NIST, CLIENT, to maintain associated monitoring requirements in the CLIENT Risk Management Program.

·       Provide support to the Weakness Remediation / Plan of Actions and Milestones (POA&M) Program, including but not limited to, assisting system teams with identifying/investigating root causes and remediation plans, drafting weakness descriptions for POA&Ms, reviewing waiver documentation, maintaining accurate reporting for the program, and other duties as documented in the POA&M Standard Operating Procedure (SOP).

Duties supporting Agile Security Services:

·       Develop, update, and promote Standard Operating Procedures (SOPs) to facilitate effective knowledge management across the organization.

·       Continuously maintain and evolve Playbooks for events and actions required in support of the Risk Management Program.

·       Establish and communicate a process for standardizing security authorization documentation, including but not limited to:

o   Alignment with FISMA inventory

o   Incorporating requirements mandated by authorizations to use/connect/test, and Technical Advisory Board (TAB) approvals

o   Validation of thoroughness related to the documentation template and system environment

·       Assist with the development of strategic planning efforts and implementation of objectives

·       Assist with the planning and implementation of the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems Executive Order, including the zero‐trust model initiative, as well as any additional related Executive Orders

·       Perform proactive and reactive risk analysis to identify trends, and threats across the CLIENT enterprise in support of the Risk Management Program and continuous monitoring activities.

Identify, quantify, and evaluate the costs/benefits of security functions and considerations to inform analysis of alternatives, engineering trade‐offs, and risk treatment decisions 

• BA/BS and five (5) continuous years of Project

·       Management experience in Security Operations or equivalent area*

·       At least one active certification from the following list: Active CASP, GSEC, GSLC, CISSP, CEH, CISM, CISA, or comparable certification*

·       Fluent knowledge of Agile development and management methodologies

·       Contractor certification and experience must be approved in advance by the Government PM

Work Location: Hybrid- 3 days remote 2 days onsite
 

Equal Opportunity Employer/Veterans/Disabled. An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status

Ashburn Consulting is an Equal Opportunity Affirmative Action Employer.
In compliance with the American with Disabilities Act Amendments Act (ADAAA), if you have a disability and would like to request and accommodation in order to apply for a position with Ashburn Consulting, please e-mail [email protected].”