Be Challenged and Make a Difference In a world of technology, people make the difference. We believe if we invest in great people, then great things will happen. At AnaVation, we provide unmatched value to our customers and employees through innovative solutions and an engaging culture. AnaVation is looking for an Information Systems Security Officer (ISSO) to join a high performing team performing mission critical work for our customer in Quantico, VA. In this role, you will leverage your skills and expertise to apply current Information Assurance (IA) technologies to the architecture, design, development, evaluation, and integration of applications, systems, and networks to maintain the system security posture. Other duties include:• Ensure all annual FISMA deadlines are met.• Prepare documentation from templates such as, but not limited to, Configuration Management Plan (CMP), Incident Response Plan (IRP), Information System Contingency Plan (ISCP), and Plan of Action and Milestones (POA&M) to ensure compliance.• Identify IA vulnerabilities and coordinate to correct, mitigate or apply for an exception via the POA&M processes.• Review vulnerability (i.e., patches, updates, etc.) and compliance (i.e., Security Content Automation Protocol (SCAP) and/or Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG)) scans on the infrastructure and applications to ensure patch and configuration compliance (on-premises and in the cloud). • Prepare SAA package(s) to obtain and maintain an authority-to-operate (ATO), authority-to-test (ATT), or other SAA authority types for all systems and applications.• Attend Configuration Control Board (CCB) meetings and review all change requests for impact to the system/application security posture(s)/compliance requirements; and document decisions.• Coordinate security incident and high priority compliance responses. • Represent program security interests in various meetings within and outside of the program.
- Bachelor’s Degree in Computer Security or related field of study; (ISC)2 Information Security Certification(s) (e.g., CISSP, CAP, etc.); or in lieu of education, five (5) additional years of documented experience that addresses all requirements of the position.
- Three (3) years of experience or more assessing and documenting results for system(s), infrastructure(s) and applications (on-premises and cloud) against NIST SP 800-53 security controls and SP 800-171 Risk Management Framework (RMF) processes.
- Excellent verbal and written communication skills.
- Ability to accurately document requirements within the appropriate security document and/or within the RMF system and coordinate with program, other system(s), and security personnel.
- Ability to assess current and evolving security threats in an operational environment.
- Experience in a cyber risk and compliance management system (e.g., Xacta, RiskVision, etc.).
- One (1) year experience or more configuring, performing, scheduling, reviewing, and assessing vulnerability (i.e., patches, updates, etc.) and compliance (i.e., Security Content Automation Protocol (SCAP) and/or Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG)) scans on the infrastructure and applications to ensure patch and configuration compliance on-premises and in the cloud.
- Technical background that will assist in assessing the NIST SP 800-53 security controls and gather evidence to support conclusions.
- Knowledge of operating systems, network and application security to aid implementation of information security and assurance principles.
Benefits · Up to 95% company paid medical insurance for the employee and dependents · 100% company paid dental insurance for employees and dependents · 100% company paid long-term and short term disability insurance · 100% company paid vision insurance for employees and dependents · 401k plan with generous match and 100% immediate vesting · Competitive Pay · Generous paid leave and holiday package · Tuition and training reimbursement · Life and AD&D InsuranceAbout AnaVation AnaVation is the leader in solving the most complex technical challenges for collection and processing in the U.S. Federal Intelligence Community. We are a US owned company headquartered in Chantilly, Virginia. We deliver groundbreaking research with advanced software and systems engineering that provides an information advantage to contribute to the mission and operational success of our customers. We offer complex challenges, a top-notch work environment, and a world-class, collaborative team. If you want to grow your career and make a difference while doing it, AnaVation is the perfect fit for you!