Role Description ASRC Federal Technology Solutions is seeking an Information System Security Officer (ISSO) to support cybersecurity governance, risk management, and compliance activities for systems within the Department of Justice – Office of Justice Programs (OJP). The ISSO will support the full RMF lifecycle for both on-premise and cloud-based systems and work closely with system owners, engineers, and the ISSM to maintain authorization and continuous monitoring posture. - Support execution of the NIST Risk Management Framework (RMF) across multiple DOJ-OJP systems, including on-premise and cloud-hosted environments - Maintain and update System Security Plans (SSPs), POA&Ms, BIAs, contingency plans, and supporting security documentation - Track, assess, and remediate vulnerability findings, including coordination with technical teams and validation of corrective actions - Support continuous monitoring activities, including review of security controls, account management, audit logs, and security impact assessments - Coordinate with system owners, engineers, and ISSMs to support ATO sustainment, audit response, and compliance reporting - Utilize GRC and security tools to document risk posture, including log analysis and vulnerability scanning outputs Qualifications - Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related field - 6+ years of experience supporting cybersecurity/IT-related functions - Hands-on experience with NIST SP 800-53, FISMA, and RMF documentation - Experience supporting DOJ or other federal civilian agencies strongly preferred - Ability to obtain and maintain a federal clearance suitable for DOJ systems Requirements - Certifications - such as CC/Sec+ - Graduate degree Benefits - Competitive pay and benefits packages - Health care, dental, vision, life insurance - 401(k) - Education assistance - Paid time off including PTO, holidays, and any other paid leave required by law EEO Statement ASRC Federal and its Subsidiaries are Equal Opportunity employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.

Summary / Objective Identity Digital Innovation Labs (IDIL) is building DNSid, the foundational identity layer for the agentic internet, enabling AI agents to establish verifiable, DNS-anchored identities. This principal-level software engineering role will build the platform, SDKs, and tooling that make DNSid real, while bringing deep, hands-on security expertise to every layer of the product and engineering organization. Security is not a feature of DNSid; it is the product, and this engineer will write and review production code, shape the cryptographic core, define the standards the team builds against, and own the security posture of the IDIL engineering org. This role reports to the VP, Engineering & Technical Architect. What You'll Do - Own the security architecture and threat model for the DNSid platform, SDKs, and supporting infrastructure (STRIDE analysis, attack surface review, trust boundaries) - Design and review the cryptographic core: signing, verification, key management, rotation, and revocation - Build and maintain the DNSid SDKs (TypeScript, Go, and Python) with security-first design and safe defaults - Define and enforce supply-chain security practices for the codebase and dependencies - Conduct security reviews of new features, integrations, and partner-facing implementations - Partner with the standards effort (IETF draft) so the security properties are sound and keep the implementation honest - Establish secure-by-default patterns for how third parties integrate DNSid (auth schemes, scope validation, token handling) - Own the security posture of the entire IDIL engineering org: secure deployment patterns, secrets management, audit readiness (SOC 2), and incident response - Actively models and promotes Identity Digital's core values through day-to-day interactions, behaviors, and decision-making - Other duties as assigned Who You Are / What You Bring Required Qualifications - 10+ years of hands-on software engineering, building and shipping production systems - Bachelor's degree in a relevant field or equivalent experience - Fluency in TypeScript and at least one of Go or Python; depth across the stack from SDK to infrastructure - Proven experience building and shipping production SDKs or security-critical libraries - Track record as a principal or lead engineer, setting technical direction while staying hands-on - Deep, non-negotiable security expertise: cryptographic primitives and protocols (Ed25519, JWT/JWKS, OAuth2/OIDC, PKI, TLS, signature schemes), threat modeling (STRIDE or equivalent), and translating threat models into concrete engineering work - Strong understanding of DNS and DNS security (DNSSEC, TXT records, resolution) and how DNS records can anchor cryptographic identity - Working familiarity with the agentic AI ecosystem (agent identity, MCP, A2A patterns) - Minimal travel expected; occasional on-sites as needed - Ability to work across time zones as part of a global organization as needed Preferred Qualifications - Experience contributing to or reviewing IETF/security standards drafts - Background in identity protocols (WebAuthn, DID, Verifiable Credentials) - Knowledge of supply-chain security risks and mitigations Physical Requirements - Prolonged periods of sitting at a desk and working on a computer - Must be able to lift up to 15 pounds at times Location: Remote This position is open to candidates residing in the following states only: AZ, CA, CO, DE, MD, MA, MO, NJ, NV, NY, NC, OR, OK, PA, SC, TX, UT, VA, and WA. Salary Range The U.S. base salary range for this full-time position is $210,000 - $275,000 (flexibility based on experience) plus benefits as described below. In addition, the successful candidate will be eligible to receive other compensation from time to time in the form of discretionary and/or nondiscretionary bonuses and long-term incentive plan. Actual compensation will be influenced by a candidate's qualifications, internal employee equity considerations, and location. We will not ask for information about a candidate's current or past compensation for purposes of developing an offer of employment. US team members (and their spouses, domestic partners, and/or dependent children) are covered by generously subsidized medical, dental, and vision insurance which includes company contributions to a Health Savings Accounts. Team members are also covered by company-paid life and disability insurance and have the option of participating in employee-paid supplemental life, accidental death and dismemberment, critical illness, and accident insurance. In addition, team members can enroll in the company's 401(k) plan with up to a 5% match. You receive 15 days of paid vacation yearly, increasing to 20 days after one year. Additionally, you get 5 days of paid sick leave, 13 paid holidays, and 20 weeks of paid parental leave for birthing parents, 12 weeks for others. Also, there's an opportunity for tuition reimbursement for qualifying expenses. Note: Benefits programs are subject to eligibility requirements and may vary in certain locations. A few things to know about us Identity Digital is an Equal Opportunity Employer and does not discriminate based on race, color, religion, sex, age, national origin, veteran status, marital status, sexual orientation, gender identity, disability or any other category prohibited by local, state or federal law. This policy applies to all aspects of employment, including recruitment, placement, promotion, transfer, demotion, compensation, benefits, social and recreational activities, and termination. Background Check Statement At the time of an offer, you will be required to complete a background check. Any offer is contingent upon a satisfactory background check. Sponsorship Statement Please note that work sponsorship for this position may not be available now or in the future. While we strive to support our candidates, not all roles will qualify. Eligibility will be reviewed on a case-by-case basis. Accommodation Statement We are committed to the full inclusion of all qualified individuals. As part of this commitment, Identity Digital will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, please contact our Recruiting Team at careers@identity.digital.

• Act as the primary technical point of contact for the client, driving discussions, defining strategies, and recommending M365 and Security solutions. • Design, implement, and manage complex hybrid Exchange environments (On-Premises + Exchange Online), handling coexistence techniques and appliance requirements during migrations. • Lead SharePoint 2019/SE and SharePoint Online initiatives, with a deep focus on information architecture, taxonomy, content types, and modern search configurations. • Manage hybrid identity environments using Entra ID and Active Directory, alongside endpoint management via Microsoft Intune and Microsoft Teams deployment. • Design and enforce security policies using the Microsoft Defender Suite (Defender for Endpoint, Identity, and Office 365), Microsoft Purview, and advanced Conditional Access policies.

• Support the company in structuring and evolving identity and access management in the cloud, establishing standards and best practices • Design, implement and maintain cloud access profiles applying the principle of least privilege for infrastructure, development, data, security teams and others • Define and manage IAM Roles and Policies specific to each function, ensuring segregation of duties • Define, deploy and support IAM Roles and STS services for both human and non-human access • Support audits and compliance requirements