×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity IT Consultant Information Security

Sr. Security Specialist

Job in Chantilly, Fairfax County, Virginia, 22021, USA
Listing for: Nava
Full Time position
Listed on 2026-01-12
Job specializations:
  • IT/Tech
    Cybersecurity, IT Consultant, Information Security
Salary/Wage Range or Industry Benchmark: 90000 - 120000 USD Yearly USD 90000.00 120000.00 YEAR
Job Description & How to Apply Below

Be Challenged and Make a Difference

In a world of technology, people make the difference. We believe if we invest in great people, then great things will happen. At Ana Vation, we provide unmatched value to our customers and employees through innovative solutions and an engaging culture.

Description of Task to be Performed

Ana Vation is seeking a Sr. Security Specialist (ISSO/Risk Assessor duties) for our mission critical customer in Washington, DC. You will work as part of a fantastic team providing security expertise on high priority projects. Daily duties include, but are not limited to:

  • Integral team member for agency’s risk assessment program that will be performing internal audits and building streamlined assessment processes.
  • Having in-depth security knowledge, is highly technical, and experienced in managing the security of a system’s accreditation boundary.
  • Focusing on the enterprise governance and risk of exposure across a multi-cloud and on-premise environment that will include multiple vendors, customers and XaaS products.
  • Evaluating agency’s current system infrastructure and recommending changes to improve its security posture.
  • Providing customer support for security compliance and audit liaison activities. Focus is on improving the security posture of the agency’s Forensic and Investigative Labs.
  • Developing, maintaining, and assessing Security Assessment & Authorization (SA&A) packages resulting in an Authority To Operate (ATO) for IT systems.
  • Creating and maintaining SSPs and supporting documentation in accordance with agency guidelines and directives. This includes writing implementation statements, creating supporting documentation (e.g., Contingency Plans, Incident Response Plans, Account Management Plans, etc.), performing self‑assessments, and/or assessing your peer’s assessment, while working with system stakeholders.
  • Develop, coordinate, test, and train personnel on Incident Response Plans and Contingency Plans.
  • Ensuring that information systems are accredited, maintain their ATO, and are being continuously monitored.
  • Performing risk assessments for agency systems/applications, to include cloud-based systems.
  • Performing security control assessments to include collecting supporting artifacts/evidence and interviewing system owner/owner representatives.
  • Maintaining and tracking system POA&Ms.
  • Reviewing and analyzing vulnerability scan data and providing recommendations on remediation.
  • Taking ownership on various projects.
  • Improving on processes and procedures and making recommendations to improve the security posture of the agency's IT systems and applications.

This position is on-site in Washington, DC.

Required Qualifications
  • 6+ years’ experience with NIST, FISMA, and Security Assessment & Authorization.
  • FedRAMP and Cloud experience (e.g., Azure, AWS, Oracle (OCI)).
  • Knowledgeable on various security‑related NIST publications (e.g., SP 800‑53r5, SP 800‑53A, SP 800‑18r1, etc.).
  • An in‑depth knowledge of the Risk Management Framework (RMF).
  • Ability to obtain and maintain a customer Public Trust clearance required. Qualified candidates can be sponsored for this clearance.
  • Certifications:

    CISSP required.
Preferred Qualifications
  • Familiarity with the security control families from the NIST guidance covered by the documents that they are responsible for evaluating.
  • Ability to provide subject‑matter expert‑level knowledge to the project team to ensure compliance with applicable requirements.
  • Demonstrated knowledge of IT Security policy implementation statements, the regulatory structure of policy, the role of the Department of Homeland Security (DHS), the Office of Management and Budget (OMB), and the National Institute of Standards and Technology (NIST).
  • Hands‑on experience using a Governance, Risk, and Compliance tool, such as JCAM (CSAM) or eMASS.
  • Ability to conduct gap analysis on non‑federated vendor audit results, such as SOC Type 2, HIPAA comparison review and analyze against NIST SP 800‑53 Revision 5 security controls.
  • Hands‑on experience providing C‑Level presentation and reporting.
  • Excellent written communication skills and understand the purpose and use of the System Security Plan (SSP).
  • Possess an…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search