AnaVation LLC
Information System Security Engineer
AnaVation LLC, Huntsville, Alabama, United States, 35824
Overview
AnaVation is seeking a dedicated Information System Security Engineer (ISSE) to join our team. This position supports the ongoing development, operations and maintenance of several networked systems supporting digital forensic investigations running primarily on Windows and utilizing virtual and cloud environments. The ideal candidate is a self-starter with strong work habits, able to complete tasks independently while working as part of a team, and has demonstrated career experience as an ISSO or ISSE with the Federal ATO process.
Location and clearance: This position is on-site in Huntsville, AL and requires a Top Secret clearance and the ability to obtain a CI polygraph.
Responsibilities
Develops compliancy and standardization within the customer\'s policies regarding various information systems. Work closely with Government customers to ensure the confidentiality, integrity, and availability of systems, applications, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs; infrastructure; application; Security Assessment and Authorization (SAA), IA policy directives (PD) and guides (PG); and IA Security tools (e.g., Tenable.io, Nessus Pro, NMap, etc.).
Have excellent verbal and written communication skills to be able to accurately relate requirements and document all within the appropriate security document and/or within the RMF system and coordinate with program, other system(s), and security personnel
Prepare documentation from templates such as CMP, IRP, ISCP, and POA&M to ensure compliance with customer PDs and PGs and Federal IA requirements as well as coordinate review(s) and approvals
Must be able to discern the program policies and procedures, identify areas that need work and bring up to management for resolution
Identify IA vulnerabilities and coordinate with the Infrastructure and Development teams to correct, mitigated or apply for an exception via the POA&M processes
Review vulnerability (i.e., patches, updates, etc.) and compliance (i.e., SCAP and/or DISA STIG) scans on the infrastructure and applications to ensure patch and configuration compliance (on-premises and in the cloud, Azure preferred)
Prepares SAA package(s) to obtain and maintain an ATO, ATT, or other SAA authority types for all systems and applications
Attend Configuration Control Board (CCB) meetings and review all change requests for impact to the system/application security posture and applicable Federal and customer PD and PG compliance requirements; and document decisions within the CMP
Coordinate security incident and high priority compliance responses with the ESOC
Represent program security interests in various meetings within and outside of the program
Schedule and conduct meetings with pertinent program personnel to address findings to determine appropriate path forward and document within the CMP and, if necessary, POA&M
Coordinates with other system ISSOs to ensure that their requirements for interconnection, policy and procedures are met and all documentation is provided and updated as necessary
Ability to assess current and evolving security threats in an operational environment
With an appropriate amount of Government PM guidance, works independently to carry out all technical requirements as directed by the Government PM, Information System Security Representative, Information System Security Manager, and Authorizing Official in a timely manner
Qualifications
Ten (10) years of experience or more assessing and documenting results for system(s), infrastructure(s) and applications (on-premises and cloud, e.g., AWS GovCloud and/or Azure GovCloud) against NIST SP 800-53 security controls and SP 800-171 RMF processes
Bachelor of Science (B.S.) Degree in Computer Security or related field of study; (ISC)2 Information Security Certification(s) (e.g., CISSP, CAP, etc.); or in lieu of education, an additional five (5) years of relevant experience that addresses all requirements of the position
Requires an Active Top Secret clearance and the ability to obtain a CI polygraph
Day to Day Expectations
Experience working on an Agile team
Experience working with a federal law enforcement organization
Willingness to implement Lean principles, Agile engineering and DevSecOps
Desire longevity on the project
Technical background desired, knowledge broader in scope
Have an understanding of taclanes, basic coding, and scripts
Splunk and Tenable experience desired
Need to be able to read technical diagrams, dataflows, create workflows, read network diagrams. Understand JRC and the 6 steps of the Risk Management Framework
Have a team perspective, invite collaboration, the personality needs to be one of investment. Need to connect and to learn. Be function driven. They need to have an accountability to the program, be on time, personable, positive
Desired Qualifications
Experience in a cyber-risk and compliance management system (e.g., Xacta, RiskVision, etc.)
One (1) year experience or more configuring, performing, scheduling, reviewing, and assessing vulnerability (i.e., patches, updates, etc.) and compliance (SCAP and/or DISA STIG) scans on the infrastructure and applications to ensure patch and configuration compliance on-premises and in the cloud (Azure preferred)
Technical background that will assist in assessing the NIST SP 800-53 security controls and gather evidence to support conclusions
Knowledge of operating systems, network and application security to aid implementation of information security and assurance principles
Knowledge of SPLUNK software and tools
Knowledge of Taclane, encryption devices and COMSEC technology
Benefits
Generous cost sharing for medical insurance for the employee and dependents
100% company paid dental insurance for employees and dependents
100% company paid long-term and short-term disability insurance
100% company paid vision insurance for employees and dependents
401k plan with generous match and 100% immediate vesting
Competitive Pay
Generous paid leave and holiday package
Tuition and training reimbursement
Life and AD&D Insurance
About AnaVation AnaVation is the leader in solving the most complex technical challenges for collection and processing in the U.S. Federal Intelligence Community. We are a US owned company headquartered in Chantilly, Virginia. We deliver groundbreaking research with advanced software and systems engineering that provides an information advantage to contribute to the mission and operational success of our customers. We offer complex challenges, a top-notch work environment, and a world-class, collaborative team.
If you want to grow your career and make a difference while doing it, AnaVation is the perfect fit for you!
AnaVation is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.
Job Details
Seniority level: Not Applicable
Employment type: Full-time
Job function: Information Technology
Industries: IT Services and IT Consulting
#J-18808-Ljbffr
Location and clearance: This position is on-site in Huntsville, AL and requires a Top Secret clearance and the ability to obtain a CI polygraph.
Responsibilities
Develops compliancy and standardization within the customer\'s policies regarding various information systems. Work closely with Government customers to ensure the confidentiality, integrity, and availability of systems, applications, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs; infrastructure; application; Security Assessment and Authorization (SAA), IA policy directives (PD) and guides (PG); and IA Security tools (e.g., Tenable.io, Nessus Pro, NMap, etc.).
Have excellent verbal and written communication skills to be able to accurately relate requirements and document all within the appropriate security document and/or within the RMF system and coordinate with program, other system(s), and security personnel
Prepare documentation from templates such as CMP, IRP, ISCP, and POA&M to ensure compliance with customer PDs and PGs and Federal IA requirements as well as coordinate review(s) and approvals
Must be able to discern the program policies and procedures, identify areas that need work and bring up to management for resolution
Identify IA vulnerabilities and coordinate with the Infrastructure and Development teams to correct, mitigated or apply for an exception via the POA&M processes
Review vulnerability (i.e., patches, updates, etc.) and compliance (i.e., SCAP and/or DISA STIG) scans on the infrastructure and applications to ensure patch and configuration compliance (on-premises and in the cloud, Azure preferred)
Prepares SAA package(s) to obtain and maintain an ATO, ATT, or other SAA authority types for all systems and applications
Attend Configuration Control Board (CCB) meetings and review all change requests for impact to the system/application security posture and applicable Federal and customer PD and PG compliance requirements; and document decisions within the CMP
Coordinate security incident and high priority compliance responses with the ESOC
Represent program security interests in various meetings within and outside of the program
Schedule and conduct meetings with pertinent program personnel to address findings to determine appropriate path forward and document within the CMP and, if necessary, POA&M
Coordinates with other system ISSOs to ensure that their requirements for interconnection, policy and procedures are met and all documentation is provided and updated as necessary
Ability to assess current and evolving security threats in an operational environment
With an appropriate amount of Government PM guidance, works independently to carry out all technical requirements as directed by the Government PM, Information System Security Representative, Information System Security Manager, and Authorizing Official in a timely manner
Qualifications
Ten (10) years of experience or more assessing and documenting results for system(s), infrastructure(s) and applications (on-premises and cloud, e.g., AWS GovCloud and/or Azure GovCloud) against NIST SP 800-53 security controls and SP 800-171 RMF processes
Bachelor of Science (B.S.) Degree in Computer Security or related field of study; (ISC)2 Information Security Certification(s) (e.g., CISSP, CAP, etc.); or in lieu of education, an additional five (5) years of relevant experience that addresses all requirements of the position
Requires an Active Top Secret clearance and the ability to obtain a CI polygraph
Day to Day Expectations
Experience working on an Agile team
Experience working with a federal law enforcement organization
Willingness to implement Lean principles, Agile engineering and DevSecOps
Desire longevity on the project
Technical background desired, knowledge broader in scope
Have an understanding of taclanes, basic coding, and scripts
Splunk and Tenable experience desired
Need to be able to read technical diagrams, dataflows, create workflows, read network diagrams. Understand JRC and the 6 steps of the Risk Management Framework
Have a team perspective, invite collaboration, the personality needs to be one of investment. Need to connect and to learn. Be function driven. They need to have an accountability to the program, be on time, personable, positive
Desired Qualifications
Experience in a cyber-risk and compliance management system (e.g., Xacta, RiskVision, etc.)
One (1) year experience or more configuring, performing, scheduling, reviewing, and assessing vulnerability (i.e., patches, updates, etc.) and compliance (SCAP and/or DISA STIG) scans on the infrastructure and applications to ensure patch and configuration compliance on-premises and in the cloud (Azure preferred)
Technical background that will assist in assessing the NIST SP 800-53 security controls and gather evidence to support conclusions
Knowledge of operating systems, network and application security to aid implementation of information security and assurance principles
Knowledge of SPLUNK software and tools
Knowledge of Taclane, encryption devices and COMSEC technology
Benefits
Generous cost sharing for medical insurance for the employee and dependents
100% company paid dental insurance for employees and dependents
100% company paid long-term and short-term disability insurance
100% company paid vision insurance for employees and dependents
401k plan with generous match and 100% immediate vesting
Competitive Pay
Generous paid leave and holiday package
Tuition and training reimbursement
Life and AD&D Insurance
About AnaVation AnaVation is the leader in solving the most complex technical challenges for collection and processing in the U.S. Federal Intelligence Community. We are a US owned company headquartered in Chantilly, Virginia. We deliver groundbreaking research with advanced software and systems engineering that provides an information advantage to contribute to the mission and operational success of our customers. We offer complex challenges, a top-notch work environment, and a world-class, collaborative team.
If you want to grow your career and make a difference while doing it, AnaVation is the perfect fit for you!
AnaVation is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.
Job Details
Seniority level: Not Applicable
Employment type: Full-time
Job function: Information Technology
Industries: IT Services and IT Consulting
#J-18808-Ljbffr