Senior Security Architect
AnaVation LLC
AWSAzureCloudCyber SecurityOracleSplunkTypeScript
Senior Security Specialist
AnaVation LLC
full-time
Posted on:
Location Type: Office
Location: Washington, DC • District of Columbia, Washington • 🇺🇸 United States
Visit company websiteJob Level
Senior
Tech Stack
AWSAzureCloudOracle
About the role
- Integral team member for agency’s risk assessment program performing internal audits and building streamlined assessment processes.
- Manage the security of a system’s accreditation boundary with in-depth technical security knowledge.
- Focus on enterprise governance and risk across a multi-cloud and on-premise environment including multiple vendors, customers and XaaS products.
- Evaluate agency’s current system infrastructure and recommend changes to improve its security posture.
- Provide customer support for security compliance and act as audit liaison to improve the security posture of the agency’s Forensic and Investigative Labs.
- Develop, maintain, and assess Security Assessment & Authorization (SA&A) packages resulting in an Authority To Operate (ATO) for IT systems.
- Create and maintain System Security Plans (SSPs) and supporting documentation (e.g., Contingency Plans, Incident Response Plans, Account Management Plans) and write implementation statements.
- Perform self-assessments and peer assessments while working with system stakeholders.
- Develop, coordinate, test, and train personnel on Incident Response Plans and Contingency Plans.
- Ensure information systems are accredited, maintain their ATO, and are continuously monitored.
- Perform risk assessments for agency systems/applications, including cloud-based systems.
- Perform security control assessments, collect supporting artifacts/evidence, and interview system owners/owner representatives.
- Maintain and track system POA&Ms.
- Review and analyze vulnerability scan data and provide recommendations on remediation.
- Take ownership of various projects and recommend process and procedure improvements to enhance agency IT security posture.
Requirements
- 6+ years’ experience with NIST, FISMA, and Security Assessment & Authorization.
- FedRAMP and Cloud experience (e.g., Azure, AWS, Oracle (OCI)).
- Knowledgeable on various security-related NIST publications (e.g., SP 800-53r5, SP 800-53A, SP 800-18r1, etc.).
- An in-depth knowledge of the Risk Management Framework (RMF).
- Ability to obtain and maintain a customer Public Trust clearance required. Qualified candidates can be sponsored for this clearance.
- Certifications: CISSP required.
- Familiarity with the security control families from the NIST guidance covered by the documents that they are responsible for evaluating.
- Ability to provide subject matter expert-level knowledge to the project team to ensure compliance with applicable requirements.
- Demonstrated knowledge of IT Security policy implementation statements, the regulatory structure of policy, the role of the Department of Homeland Security (DHS), the Office of Management and Budget (OMB), and the National Institute of Standards and Technology (NIST).
- Hands-on experience using a Governance, Risk, and Compliance tool, such as JCAM (CSAM) or eMASS.
- Ability to conduct gap analysis on non-federated vendor audit results, such as SOC Type 2, HIPAA comparison review and analyze against NIST SP 800-53 Revision 5 security controls.
- Hands-on experience providing C-Level presentation and reporting.
- Excellent written communication skills and understand the purpose and use of the System Security Plan (SSP).
- Possess an understanding of control inheritance as applied to the RMF implementation in the JCAM tool.
- Ability to accurately manage complex workstreams, comprehend the application of the RMF, and understand the application of security controls across the interface, application, operating system, network, and database layers of modern information systems. Understand the applicable artifacts used as evidence to assess compliance.
- Experience with multiple tools providing security functions such as vulnerability management (e.g., Nessus), configuration management (e.g., BigFix, SCCM, ePO), endpoint protection (e.g., antivirus, ATP), data loss prevention, and intrusion detection software and hardware.
- Ability to evaluate data flows, network diagrams, and logical security boundaries.
- Excellent oral and written communication skills
- Familiarity with the use of data analysis tools, including the use of Microsoft Excel or PowerBI to combine data from multiple sources.
Benefits
- Generous cost sharing for medical insurance for the employee and dependents
- 100% company paid dental insurance for employees and dependents
- 100% company paid long-term and short term disability insurance
- 100% company paid vision insurance for employees and dependents
- 401k plan with generous match and 100% immediate vesting
- Competitive Pay
- Generous paid leave and holiday package
- Tuition and training reimbursement
- Life and AD&D Insurance
ATS Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
NISTFISMASecurity Assessment & AuthorizationRisk Management Frameworkvulnerability managementconfiguration managementendpoint protectiondata loss preventionincident responsesecurity control assessments
Soft skills
excellent written communicationexcellent oral communicationability to manage complex workstreamssubject matter expert-level knowledgecustomer supportproject ownershipprocess improvementtraining personnelgap analysisC-Level presentation
Certifications
CISSP
Similar jobs on JobTailor
Cloud Information Systems Security Engineer, ISSE
H2 Performance Consulting
AWSCloudCyber SecurityITSMSplunkTerraform
Security Architecture Director
Brown & Brown Insurance
AWSAzureCloudCyber SecurityDNSFirewallsSQL
Senior DevOps Systems Engineer
Trilogy Federal
AWSAzureCloudCyber SecurityDockerJenkinsKubernetesServiceNowTerraformVBA
Senior GRC Analyst
Doppel
AWSAzureCloudCyber SecurityGoogle Cloud PlatformSDLC