Senior ISSE

Be Challenged and Make a Difference 

In a world of technology, people make the difference. We believe if we invest in great people, then great things will happen. At AnaVation, we provide unmatched value to our customers and employees through innovative solutions and an engaging culture. 

As an information systems security engineer (ISSE), you will support the customer in safeguarding networks against unauthorized modification, destruction, or disclosure. Activities include but are not limited to:

•Conducting risk analysis on products reviewing CVEs, plugins, CWEs etc;

•Understanding how to explain and remediate the technical security controls;

•Facilitating Technical Insertions (the introduction of any new and/or improved hardware or software capabilities into an established operational system) for new products;

•Reviewing change requests for security impacts and technical documentation from a security perspective;

•Participates in Agile Planning Events to provide technical input.

•Providing technical input into trade studies for tools;

•Providing technical expertise in implementation of technical security controls in government cloud environments (cloud security experience is highly desired);

•Researching, evaluating, testing, recommending, communicating, and implementing new security software or devices;

•Implementing, enforcing, communicating internet, network, or other information security policies or security plans for data, internet, software applications, hardware, telecommunications, and computer installations;

•Managing all aspects of an organization's information security system, including researching, testing, training and implementing programs designed to safeguard sensitive information from any possible breaches.

Specific to cloud environment vulnerability management:

•Technical expertise in system security vulnerabilities and remediation techniques, network, and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, etc.)

•Technical expertise in security engineering, system and network security, authentication and security protocols, cryptography, and application security

•Experience with vulnerability scanning and testing tools such as: Burp suite, Rapid7 InsightVM, Tenable Nessus, Web Inspect, Net Sparker, DB Protect, App Detective, Prisma Cloud, Core Impact, Code DX and similar.

•Experience analyzing vulnerabilities, establish cause and impact, and identify the corrective action needed to eliminate and prevent the event from happening in the future.

•Experienced in vulnerability validation, Pre-Production, remediation, testing for false positives and vulnerability research skills.

•Experience using at least one scripting language (e.g.: Perl, Python, PowerShell)

•Experience with system administration in Windows and/or Linux.

•Experience testing and operating Amazon Web Services, Azure, and/or Google

The ISSE supports the Information systems security officer (ISSO) in managing all aspects of an organization's information security system, including researching, testing, training and implementing programs designed to safeguard sensitive information from any possible breaches. The ISSE will support the ISSO in the following activities (including but not limited to):

•Conducting risk analyses from vulnerability, compliance scans, pen testing results, or other audit activity; writes including but not limited to Plan of Action and Milestones, System Security Plans, Security Control Traceability Matrices, Configuration Management Plans, Contingency Plans and Test Results, Business Impact Analyses, and Security Impact Analyses;

•Submitting monthly scan data in support of FISMA scorecard compliance requirements;

•Responding to data calls, scan requests and weekly and monthly reporting requirements.

Required Qualifications

• Bachelor’s Degree with 7 years related experience including cloud security OR 10 total years of experience in Information Assurance, and IT Security including cloud security
• Active Secret Clearance required
• Thorough knowledge of cloud security (AWS, Azure), AWS well-architected framework concepts.

Desired Qualifications

• Cyber program experience within federal customer space a plus!
• Certifications such as CISSP, CEH, CISA, CAP highly desired

Benefits 

· Generous cost sharing for medical insurance for the employee and dependents 

· 100% company paid dental insurance for employees and dependents 

· 100% company paid long-term and short term disability insurance 

· 100% company paid vision insurance for employees and dependents 

· 401k plan with generous match and 100% immediate vesting 

· Competitive Pay 

· Generous paid leave and holiday package 

· Tuition and training reimbursement 

· Life and AD&D Insurance

About AnaVation 

AnaVation is the leader in solving the most complex technical challenges for collection and processing in the U.S. Federal Intelligence Community. We are a US owned company headquartered in Chantilly, Virginia. We deliver groundbreaking research with advanced software and systems engineering that provides an information advantage to contribute to the mission and operational success of our customers. We offer complex challenges, a top-notch work environment, and a world-class, collaborative team.

If you want to grow your career and make a difference while doing it, AnaVation is the perfect fit for you!