AnaVation is currently seeking talented and motivated Information Systems Security Officers (ISSO) to support our mission critical customer in Chantilly, VA.
Responsibilities include, but are not limited to:
• Work in close coordination with all system stakeholders;
• Create and maintain existing information system security documentation, including System Security Plan (SSP), Security Controls Matrix and/or Assessment, and Security Configuration Guide (controlled changes to the system)
• Develop or modify implementation and design documents describing how security features are implemented
• Prepare system documentation for assessment in accordance with the Risk Management Framework (RMF) and NIST Special Publications (800-37, 800-53 and others); identify deficiencies and provide recommendations for solutions
• Track findings with Plan of Action and Milestones (POA&M) through mitigation and/or risk acceptance
• Responsible for elements of physical and environmental protection, personnel security, incident handling, and security training and awareness and ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures
• Ensure all users have the requisite security clearance, authorization, need-to-know, and are aware of their security responsibilities before being granted access to the system, and periodically thereafter
• Create security policies and maintain existing information system security documentation
• Conduct periodic and continuous reviews of the system to ensure compliance with the authorization package
• Work with the Information Assurance (IA) team to perform basic system administration and maintain various IA tools, including audit collection and reporting systems, vulnerability management programs, and other continuous monitoring capabilities
• Participate in the change management process, including reviewing Requests for Change (RFC) and assist in the assessment of a potential change’s security impact
• Conduct daily, weekly and monthly audit review and management of the audit collection system
• Continuously review and evaluate vendor, security, and business best practices for implementing a comprehensive audit program
• Implement vulnerability management programs, including tracking and addressing IAVAs and security patches, accessing applicability to existing systems, and ensuring closure
• Provide direction and guidance to less experienced IA personnel
• Remain sensitive to security infractions and assist in security investigations and responses as requested
• Monitor system recovery processes to ensure security features and functions are properly restored and functioning correctly following an outage
• A minimum of five (5) years of work experience in computer science or cyber security-related field.
• Strong background and extensive experience with Risk Management Framework (RMF), ICD 503, NIST SP800-53 and 53a or DCID 6/3; knowledge of current authorization practices, particularly within the Department of Justice. Extensive background with DITSCAP/DIACAP may be substituted in some cases.
• Certified in at least one of the following during the life of the contract: International Information Systems Security Certification Consortium (ISC2) Certified Information systems Security Professional (CISSP), the Global Information Assurance Certification (GIAC) Information Security Professional (GISP), or the Computing Technology Industry Association (CompTIA) Advanced Security Practitioner (CASP) or other certifications exemplifying DoD 8570.1 IAM level III proficiency
• Bachelor's or advanced degree in Computer Science, Cyber Security, Mathematics, or Engineering is highly desirable.
• Familiarity with the use and operation of such tools such as Tenable’s Nessus and/or Security Center, IBM Guardium, HP WebInspect, AppDetect, Network Mapper (NMAP), or like applications;
• Knowledge and experience with security efforts related to Windows, Linux, Solaris, VMWare, Cisco, Juniper, SQL, and Oracle.
• Experience implementing and using various IA tools including vulnerability assessment, patch management, audit collection, audit review, audit management, and end-point protection
• Analytical skills, with the capacity to quantify and/or qualify risks as they relate to the enterprise systems
• Good communications skills, both in writing and orally
Selected applicant will be subject to a government security investigation and must meet eligibility requirements for access to classified information.
AnaVation is an Equal Employment/Affirmative Action employer. We do not discriminate in hiring on the basis of sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected Veteran status, or any other characteristic protected by federal, state, or local law.
If you need a reasonable accommodation for any part of the employment process, please contact us by email at firstname.lastname@example.org and let us know the nature of your request and your contact information. Requests for accommodation will be considered on a case-by-case basis. Please note that only inquiries concerning a request for reasonable accommodation will be responded to from this email address