Description of Task to be Performed:
AnaVation is seeking an Information System Security Officer (ISSO) to support the security posture of systems, applications, and networks. In this role, the ISSO will apply current Information Assurance (IA) technologies to the architecture, design, development, evaluation, and integration of enterprise environments to ensure compliance with Federal Information Security Modernization Act (FISMA) requirements and applicable security standards.
The ideal candidate will advise the Government on the use of security methods and technologies, including encryption, vulnerability analysis, and security management standards, to protect Government systems and applications. This role requires close coordination with program leadership, infrastructure teams, developers, and other security stakeholders to maintain compliance, support RMF activities, and sustain the overall system security posture.
Key Responsibilities / Skills
- Apply current Information Assurance (IA) technologies to maintain and improve the security posture of systems, applications, and networks.
- Advise the Government on security methods and controls, including encryption technologies, vulnerability analysis, and security management standards, to support FISMA compliance.
- Communicate security requirements clearly and accurately through strong verbal and written communication, including documentation within required security artifacts and RMF systems.
- Ensure annual FISMA deadlines are met, and notify the Government PM when deadlines are at risk or assistance is needed.
- Prepare and maintain security documentation from approved templates, including:
- Configuration Management Plan (CMP)
- Incident Response Plan (IRP)
- Information System Contingency Plan (ISCP)
- Ensure documentation complies with FBI Policy Directives (PDs), Policy Guides (PGs), and Federal IA requirements, and coordinate required reviews and approvals.
- Evaluate program policies and procedures, identify security or compliance gaps, and elevate issues to management for resolution.
- Identify IA vulnerabilities and coordinate with Infrastructure and Development teams to remediate, mitigate, or document exceptions through the POA&M process.
- Review vulnerability findings, patches, updates, and compliance scan results, including SCAP and DISA STIG assessments, to ensure systems and applications remain compliant in both on-premises and cloud environments.
- Prepare and maintain Security Authorization packages to obtain and sustain an Authority to Operate (ATO), Authority to Test (ATT), or other authorization types for systems and applications.
- Attend Configuration Control Board (CCB) meetings and review change requests for impact to system and application security posture, Federal compliance requirements, and FBI PD/PG requirements; document outcomes in the CMP.
- Coordinate security incident response activities and high-priority compliance responses with the FBI Enterprise Security Operations Center (ESOC).
- Represent program security interests in internal and external meetings with stakeholders, customers, and partner organizations.
- Schedule and lead meetings with program personnel to address findings, determine remediation paths, and document outcomes within the CMP and POA&M as needed.
- Coordinate with other system ISSOs to ensure interconnection requirements, policies, procedures, and documentation are properly addressed and maintained.
- Assess current and emerging security threats within an operational environment and provide recommendations to reduce risk.
This position requires active Top Secret (TS) clearance and the ability to obtain SCI access with a CI polygraph.
This position is on-site with our customer in Huntsville, Al.