Nava
Information System Security Engineer
Nava, Virginia, Minnesota, United States, 55792
Be Challenged and Make a DifferenceIn a world of technology, people make the difference. We believe if we invest in great people, then great things will happen. At AnaVation, we provide unmatched value to our customers and employees through innovative solutions and an engaging culture.Description of Task to be Performed:AnaVation is looking for a dedicated Information System Security Engineer (ISSE) to join our team. The ISSE is to have senior level regarding information system security, to include being knowledgeable of current Information Assurance (IA) technologies to the architecture, design, development, evaluation, and integration of applications, systems, and networks to maintain the system security posture. The candidate is expected to develop compliance and standardization with the policies regarding various information systems. The employee will work closely with customers to ensure the confidentiality, integrity, and availability of systems, applications, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs; infrastructure; application; Security Assessment and Authorization (SAA), IA policy directives (PD) and guides (PG); and IA Security tools (e.g.,
Tenable.io , Nessus Pro, NMap, etc.).This position is on-site in Quantico, VA. This position requires an active Top Secret clearance and the ability to obtain a CI poly.Required Qualifications:Must have excellent verbal and written communication skills to be able to accurately relate requirements and document requirements within the appropriate security document and/or within the RMF system and coordinate with the program, other systems, and security personnel.Prepare documentation from templates such as, but not limited to, Configuration Management Plan (CMP), Incident Response Plan (IRP), Information System Contingency Plan (ISCP), and Plan of Action and Milestones (POA&M) to ensure compliance with customer PDs and PGs and Federal IA requirements as well as coordinate review(s) and approvals.Must be able to discern the program policies and procedures, identify areas that need work and notify management of possible resolutions.Identify IA vulnerabilities and coordinate with the Infrastructure and Development teams to correct, mitigate, or apply for an exception via the POA&M processes.Review vulnerability (i.e., patches, updates, etc.) and compliance (i.e., Security Content Automation Protocol (SCAP) and/or Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG)) scans on the infrastructure and applications to ensure patch and configuration compliance (on-premises and in the cloud).Prepare SAA package(s) to obtain and maintain an authority-to-operate (ATO), authority-to-test (ATT), or other SAA authority types for all systems and applications.Attend Configuration Control Board (CCB) meetings if needed and review all change requests for impact to the system/application security posture(s) and applicable Federal and customer PD and PG compliance requirements, and document decisions within the CMP.Coordinate security incident and high-priority compliance responses with the customer Enterprise Security Operations Center (ESOC).Represent program security interests in various meetings within and outside of the program.Schedule and conduct meetings with pertinent program personnel to address findings to determine the appropriate path forward and document within the CMP and, if necessary, POA&M.Coordinate with other systems Information System Security Officers (ISSO) to ensure that their requirements for interconnection, policy, and procedures are met and all documentation is provided and updated as necessary.Ability to assess current and evolving security threats in an operational environment.With an appropriate amount of Government PM guidance, works independently to carry out all requirements as directed by the Government PM, Information System Security Representative, Information System Security Manager, and Authorizing Official in a timely manner.Education: Bachelor of Science (B.S.) Degree in Computer Security or related field of study; (ISC)2 Information Security Certification(s) (e.g., CISSP, CAP, etc.); or in lieu of education, an additional five (5) years of relevant experience that addresses all requirements of the position.Preferred Qualifications:Working Experience: Splunk and Tenable, reading technical and network diagrams, dataflows, creating workflows.Authorizations Experience: Experience with the process of obtaining and maintaining Authorization to Operate (ATO) is preferred.Subject Matter Expertise: Demonstrated expertise in information systems security, with a strong technical background and a comprehensive understanding of security protocols and practices.Longevity and Commitment: Seeking a candidate who is committed to long-term career growth and stability within the organization.Technical Proficiency: Advanced knowledge beyond operations and maintenance, including a solid background in network security and familiarity with technical aspects such as basic coding and scripting.Adaptability and Innovation: Ability to think fluidly and adapt to evolving technical challenges, with a proactive approach to learning and problem-solving.Team Collaboration: Proven experience in working collaboratively within a team environment, contributing to collective goals and initiatives.Investment in Role: Demonstrated dedication and investment in the responsibilities and growth associated with the role.BenefitsGenerous cost sharing for medical insurance for the employee and dependents100% company paid dental insurance for employees and dependents100% company paid long-term and short-term disability insurance100% company paid vision insurance for employees and dependents401k plan with generous match and 100% immediate vestingCompetitive PayGenerous paid leave and holiday packageTuition and training reimbursementLife and AD&D InsuranceAbout AnaVationAnaVation is the leader in solving the most complex technical challenges for collection and processing in the U.S. Federal Intelligence Community. We are a US owned company headquartered in Chantilly, Virginia. We deliver groundbreaking research with advanced software and systems engineering that provides an information advantage to contribute to the mission and operational success of our customers. We offer complex challenges, a top-notch work environment, and a world-class, collaborative team.If you want to grow your career and make a difference while doing it, AnaVation is the perfect fit for you!
#J-18808-Ljbffr
Tenable.io , Nessus Pro, NMap, etc.).This position is on-site in Quantico, VA. This position requires an active Top Secret clearance and the ability to obtain a CI poly.Required Qualifications:Must have excellent verbal and written communication skills to be able to accurately relate requirements and document requirements within the appropriate security document and/or within the RMF system and coordinate with the program, other systems, and security personnel.Prepare documentation from templates such as, but not limited to, Configuration Management Plan (CMP), Incident Response Plan (IRP), Information System Contingency Plan (ISCP), and Plan of Action and Milestones (POA&M) to ensure compliance with customer PDs and PGs and Federal IA requirements as well as coordinate review(s) and approvals.Must be able to discern the program policies and procedures, identify areas that need work and notify management of possible resolutions.Identify IA vulnerabilities and coordinate with the Infrastructure and Development teams to correct, mitigate, or apply for an exception via the POA&M processes.Review vulnerability (i.e., patches, updates, etc.) and compliance (i.e., Security Content Automation Protocol (SCAP) and/or Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG)) scans on the infrastructure and applications to ensure patch and configuration compliance (on-premises and in the cloud).Prepare SAA package(s) to obtain and maintain an authority-to-operate (ATO), authority-to-test (ATT), or other SAA authority types for all systems and applications.Attend Configuration Control Board (CCB) meetings if needed and review all change requests for impact to the system/application security posture(s) and applicable Federal and customer PD and PG compliance requirements, and document decisions within the CMP.Coordinate security incident and high-priority compliance responses with the customer Enterprise Security Operations Center (ESOC).Represent program security interests in various meetings within and outside of the program.Schedule and conduct meetings with pertinent program personnel to address findings to determine the appropriate path forward and document within the CMP and, if necessary, POA&M.Coordinate with other systems Information System Security Officers (ISSO) to ensure that their requirements for interconnection, policy, and procedures are met and all documentation is provided and updated as necessary.Ability to assess current and evolving security threats in an operational environment.With an appropriate amount of Government PM guidance, works independently to carry out all requirements as directed by the Government PM, Information System Security Representative, Information System Security Manager, and Authorizing Official in a timely manner.Education: Bachelor of Science (B.S.) Degree in Computer Security or related field of study; (ISC)2 Information Security Certification(s) (e.g., CISSP, CAP, etc.); or in lieu of education, an additional five (5) years of relevant experience that addresses all requirements of the position.Preferred Qualifications:Working Experience: Splunk and Tenable, reading technical and network diagrams, dataflows, creating workflows.Authorizations Experience: Experience with the process of obtaining and maintaining Authorization to Operate (ATO) is preferred.Subject Matter Expertise: Demonstrated expertise in information systems security, with a strong technical background and a comprehensive understanding of security protocols and practices.Longevity and Commitment: Seeking a candidate who is committed to long-term career growth and stability within the organization.Technical Proficiency: Advanced knowledge beyond operations and maintenance, including a solid background in network security and familiarity with technical aspects such as basic coding and scripting.Adaptability and Innovation: Ability to think fluidly and adapt to evolving technical challenges, with a proactive approach to learning and problem-solving.Team Collaboration: Proven experience in working collaboratively within a team environment, contributing to collective goals and initiatives.Investment in Role: Demonstrated dedication and investment in the responsibilities and growth associated with the role.BenefitsGenerous cost sharing for medical insurance for the employee and dependents100% company paid dental insurance for employees and dependents100% company paid long-term and short-term disability insurance100% company paid vision insurance for employees and dependents401k plan with generous match and 100% immediate vestingCompetitive PayGenerous paid leave and holiday packageTuition and training reimbursementLife and AD&D InsuranceAbout AnaVationAnaVation is the leader in solving the most complex technical challenges for collection and processing in the U.S. Federal Intelligence Community. We are a US owned company headquartered in Chantilly, Virginia. We deliver groundbreaking research with advanced software and systems engineering that provides an information advantage to contribute to the mission and operational success of our customers. We offer complex challenges, a top-notch work environment, and a world-class, collaborative team.If you want to grow your career and make a difference while doing it, AnaVation is the perfect fit for you!
#J-18808-Ljbffr