Full-Time
Senior Security Specialist
AnaVation LLC
51-200 employees
IT engineering services for federal government
No salary listed
Washington, DC, USA
In Person
 IT & Security (1) |
|---|
- Six or more years’ experience with NIST, Federal Information Security Management Act (FISMA), and Security Assessment and Authorization.
- Federal Risk and Authorization Management Program (FedRAMP) and Cloud experience (e.g., Azure, Amazon Web Services, Oracle Cloud Infrastructure).
- Knowledgeable on various security-related National Institute of Standards and Technology publications (e.g., SP 800-53 revision 5, SP 800-53A, SP 800-18 revision 1, etc.).
- In-depth knowledge of the Risk Management Framework (RMF).
- Ability to obtain and maintain a customer Public Trust clearance; qualified candidates can be sponsored for this clearance.
- Certifications: Certified Information Systems Security Professional (CISSP) required
- Serve as an integral team member for the agency’s risk assessment program that will perform internal audits and build streamlined assessment processes.
- Possess in-depth security knowledge, be highly technical, and be experienced in managing the security of a system’s accreditation boundary.
- Focus on enterprise governance and risk exposure across a multi-cloud and on-premise environment that includes multiple vendors, customers, and eXtended as a Service products.
- Evaluate the agency’s current system infrastructure and recommend changes to improve its security posture.
- Provide customer support for security compliance and audit liaison activities, focusing on improving the security posture of the agency’s Forensic and Investigative Labs.
- Develop, maintain, and assess Security Assessment and Authorization (SA&A) packages resulting in an Authority to Operate (ATO) for IT systems.
- Create and maintain System Security Plans (SSPs) and supporting documentation in accordance with agency guidelines and directives, including writing implementation statements and creating supporting documentation (e.g., Contingency Plans, Incident Response Plans, Account Management Plans), performing self-assessments, and/or assessing peers’ assessments while working with system stakeholders.
- Develop, coordinate, test, and train personnel on Incident Response Plans and Contingency Plans.
- Ensure information systems are accredited, maintain their ATO, and are continuously monitored.
- Perform risk assessments for agency systems/applications, including cloud-based systems.
- Perform security control assessments to collect artifacts/evidence and interview system owners/representatives.
- Maintain and track system Plan of Actions and Milestones (POA&Ms).
- Review and analyze vulnerability scan data and provide remediation recommendations.
- Take ownership of various projects.
- Improve processes and procedures and make recommendations to improve the security posture of the agency's IT systems and applications.
- Familiarity with the security control families from the National Institute of Standards and Technology guidance relevant to the documents they are responsible for evaluating.
- Ability to provide subject matter expert-level knowledge to the project team to ensure compliance with applicable requirements.
- Demonstrated knowledge of IT Security policy implementation statements, the regulatory structure of policy, the role of the Department of Homeland Security, the Office of Management and Budget, and the National Institute of Standards and Technology.
- Hands-on experience using a Governance, Risk, and Compliance tool, such as Joint Compliance Assessment Management (JCAM) or eMASS.
- Ability to conduct gap analysis on non-federated vendor audit results, such as System and Organization Control Type 2, Health Insurance Portability and Accountability Act comparison reviews, and analysis against NIST SP 800-53 Revision 5 security controls.
- Hands-on experience providing executive-level presentations and reporting.
- Excellent written communication skills and understanding of the System Security Plan (SSP).
- Understanding of control inheritance as applied to RMF implementation in the JCAM tool.
- Ability to manage complex workstreams, comprehend the RMF, and apply security controls across interface, application, operating system, network, and database layers; understanding artifacts used as evidence to assess compliance.
- Experience with multiple tools providing security functions such as vulnerability management (e.g., Nessus), configuration management (e.g., BigFix, SCCM, ePolicy Orchestrator), endpoint protection (e.g., antivirus, Advanced Threat Protection), data loss prevention, and intrusion detection software and hardware.
- Ability to evaluate data flows, network diagrams, and logical security boundaries.
- Excellent oral and written communication skills.
- Familiarity with data analysis tools including Microsoft Excel or Power BI to combine data from multiple sources
AnaVation LLC provides IT engineering and cybersecurity services to the U.S. Federal Government. It helps agencies solve complex technical and analytical problems by delivering services such as intelligence collection and processing, analytical systems, big data solutions, and cybersecurity measures. The company operates by winning government contracts and projects, offering cost-effective and tailored solutions through a team of professionals called AnaVators who work to improve clients’ operational efficiency and security. AnaVation differentiates itself by focusing on deeply specialized government IT engineering expertise, long-term customer relationships, and a values-driven culture that emphasizes employees’ growth and positive work environment. The goal is to be a trusted partner for federal agencies, delivering practical, mission-focused engineering solutions that address their toughest technical challenges.
Company Size
51-200
Company Stage
N/A
Total Funding
N/A
Headquarters
Reston, Virginia
Founded
2013
Simplify's Take
What believers are saying
- Federal cybersecurity spending reaches $15.4B by 2027; zero-trust and cloud security drive demand.
- DoD allocates $8B+ through 2027 for cloud migration and legacy modernization projects.
- Forensics and incident response services grow 18% annually as cyber threats escalate.
What critics are saying
- CACI's $8.7B Applied Insight acquisition displaces AnaVation's small business set-aside advantages.
- Palantir's $1.2B Army Vantage contract extension locks AnaVation out of intelligence fusion missions.
- Commercial AI platforms like AWS Bedrock render 40% of AnaVation's proprietary systems obsolete.
What makes AnaVation LLC unique
- AnaVation achieved FedRAMP High and DoD IL-4/5 authorization via AWS Bedrock integration.
- Integrated end-to-end solutions across cybersecurity, big data, and analytics attract consolidating federal agencies.
- Specialized expertise in intelligence collection, forensics, and exploitation serves niche IC/DoD missions.
Help us improve and share your feedback! Did you find this helpful?
Your Connections
People at AnaVation LLC who can refer or advise you
Benefits
Health Insurance
Dental Insurance
Vision Insurance
Disability Insurance
401(k) Retirement Plan
401(k) Company Match
Paid Vacation
Paid Holidays
Professional Development Budget
Life Insurance
Company News
AnaVation's Intern Hackathon 2025: programming with AI.
AnaVation has been recognized as Best Places to Work 2025 Honoree by The Washington Business Journal, marking its 10th consecutive year receiving this honor!
Josh joined AnaVation in 2019 as an intern, bringing a fresh perspective and a strong foundation in software engineering.
Alex joined AnaVation in May 2019 as an HR Generalist and Assistant Facility Security Officer (AFSO).
AnaVation has once again been recognized as the Best Place to Work in 2024 by the Washington Business Journal, marking its 9th consecutive year receiving this honor!