ISSO - Information Systems Security Officer

AnaVation is seeking an Information System Security Officer (ISSO) to support the security posture of systems, applications, and networks. The ideal candidate will apply current Information Assurance (IA) technologies to maintain and improve the security posture of systems, applications, and networks, and advise the Government on security methods and controls.

Requirements

• Apply current Information Assurance (IA) technologies to maintain and improve the security posture of systems, applications, and networks.
• Advise the Government on security methods and controls, including encryption technologies, vulnerability analysis, and security management standards, to support FISMA compliance.
• Communicate security requirements clearly and accurately through strong verbal and written communication, including documentation within required security artifacts and RMF systems.
• Ensure annual FISMA deadlines are met, and notify the Government PM when deadlines are at risk or assistance is needed.
• Prepare and maintain security documentation from approved templates, including: Configuration Management Plan (CMP), Incident Response Plan (IRP), Information System Contingency Plan (ISCP).
• Evaluate program policies and procedures, identify security or compliance gaps, and elevate issues to management for resolution.
• Identify IA vulnerabilities and coordinate with Infrastructure and Development teams to remediate, mitigate, or document exceptions through the POA&M process.
• Review vulnerability findings, patches, updates, and compliance scan results, including SCAP and DISA STIG assessments, to ensure systems and applications remain compliant in both on-premises and cloud environments.
• Prepare and maintain Security Authorization packages to obtain and sustain an Authority to Operate (ATO), Authority to Test (ATT), or other authorization types for systems and applications.
• Attend Configuration Control Board (CCB) meetings and review change requests for impact to system and application security posture, Federal compliance requirements, and FBI PD/PG requirements; document outcomes in the CMP.
• Coordinate security incident response activities and high-priority compliance responses with the FBI Enterprise Security Operations Center (ESOC).
• Represent program security interests in internal and external meetings with stakeholders, customers, and partner organizations.
• Schedule and lead meetings with program personnel to address findings, determine remediation paths, and document outcomes within the CMP and POA&M as needed.
• Coordinate with other system ISSOs to ensure interconnection requirements, policies, procedures, and documentation are properly addressed and maintained.
• Assess current and emerging security threats within an operational environment and provide recommendations to reduce risk.