Lead Cybersecurity Engineer/Task Order Manager

AnaVation is seeking a Lead Cybersecurity Engineer/Task Order Manager for our mission-critical customer in Washington, DC. This is a hands-on technical leadership role. As Lead Cybersecurity Engineer (approximately 75% of your time), you will safeguard customer networks against unauthorized modification, destruction, or disclosure and have overall responsibility for the technical tasks enumerated below. As Task Order Manager (approximately 25% of your time), you will lead a 3-person cybersecurity team; interface with key customer stakeholders; manage day-to-day cybersecurity tasks and reporting; manage task order delivery; provide guidance, technical support, mentoring, and day-to-day management for team members; and be a member of AnaVation’s leadership team, interfacing with peers across other work programs and further developing your leadership skills. The project team is responsible for conducting risk analysis on customer products.
Responsibilities:·       Manage all aspects of an organization's information security system, including researching, testing, training, and implementing programs designed to safeguard sensitive information from any possible breaches.·       Conduct risk analyses from vulnerability, compliance scans, pen testing results, or other audit activity; writes relevant documents including but not limited to Plan of Action and Milestones, System Security Plans, Security Control Traceability Matrices, Configuration Management Plans, Contingency Plans and Test Results, Business Impact Analyses, and Security Impact Analyses.·       Research, evaluate, design, test, recommend, communicate, and implement new security software or devices; facilitate technical insertion for new products.·       Implement, enforce, communicate, and develop internet, network, or other information security policies or security plans for data, internet, software applications, hardware, telecommunications, and computer installations.·       Review CVEs, plug-ins, CWEs etc.·       Participate in Agile Planning Events to provide technical input; participate in daily Scrum meeting and ensure timely response and reporting of team’s action items.·       Responds to data calls, scan requests and weekly and monthly reporting.·       Interact with agency departments/division.·       Provide or oversee contract deliverables.·       Obtain information systems authorized for operations (ATOs) based on NIST SP 800 series guidance.·       Conduct gap analysis of commercial vendor service/application security audits, such SOC Type 2 or HIPAA to NIST SP 800-53 Revision 5 security controls.·       Assist other agency’s assessor with security control evaluations.·       Generate Plans of Action & Milestones (POA&M) to track the mitigation of vulnerabilities and compliance issues with agency Governance, Risk and Compliance tool (CSAM).·       Generate security artifacts such as System Security Plans, Security Control Traceability Matrices, Configuration Plans and Contingency Plans and Testing, and Self-Assessment Test Plans.·       Continuous monitoring of system; responsible for monitoring and tracking system vulnerabilities and compliance issues.·       Demonstrated knowledge of IT Security policy implementation statements, the regulatory structure of policy, the role of the Department of Homeland Security (DHS), the Office of Management and Budget (OMB), and the National Institute of Standards and Technology (NIST).·       Demonstrated hands-on experience with multiple tools providing security functions such as vulnerability management (e.g., Nessus, Retina), configuration management (e.g., Tenable Security Center, IBM BigFix, SCCM, McAfee ePO), endpoint protection (e.g., antivirus, ATP), data loss prevention, and intrusion detection software and hardware.·       Hands-on experience conducting system administration of Windows servers and client, Linux, and network devices, such as Windows 2019 servers, Windows 10 Enterprise client, and Linux 7.x servers.·       Extensive working knowledge of various network ports, protocols, and service and provide guidance on the establishment of secure paths of communicates between application and agency’s nodes.·       Hands-on experience conducting and/or assisting with a cybersecurity root cause analysis and developing a strategy for mitigation of the potential vulnerability.·       Hands-on experience working with Governate, Risk, and Compliance tools, such as CSAM.·       Familiarity with the use of data analysis tools, including the use of Microsoft Excel or PowerBI to combine data from multiple sources.·       Excellent oral and written communication skills and the ability to deliver in-person or virtual training that results in excellent assessment via trainee feedback, and ability to review and comment on design documents while providing subject matter expert review.·       Customer location is Washington D.C. This is currently a hybrid on site/remote role, subject to change according to customer Return to Office policies. 

Required Qualifications

• Bachelor’s Degree with 10 years related experience OR 10 total years of experience in Cybersecurity and IT Security
• Active Secret Clearance required; ability to obtain customer accesses
• At least one relevant certification, such as CISSP-ISSMP, CISM, PMP
• 5-7 years’ experience working in Federal space

Desired Qualifications

• Active Top-Secret Clearance
• Cloud security experience highly desired
• Cyber program experience within federal customer space a strong plus!
• Additional relevant certifications