Security Analyst/ISSO

Title: Security Analyst/Information Systems Security Officer (ISSO)

Location: Maryland (Columbia/Bethesda)

Company Background

A P Ventures, LLC (APV) is an innovative Woman-Owned Small Business (WOSB) providing services to Government customers at the federal and state levels in three key focus areas: High-End IT Consulting, Emerging Technology and Training Solutions, and Human Capital Services. Established in 2007, APV has completed 70 prime contracts and currently oversees 25 task orders, consistently achieving high client satisfaction, CPARS, and customer accolades. Our success is fueled by our skilled and motivated workforce, reflected in our impressive employee retention rate exceeding 90%. APV has a wide portfolio of contracts and “Best-in-Class” contract vehicles, including GSA MAS, OASIS Small Business, and 8(A) Pool 1, CIO-SP3 SB & 8(a) across all functional areas, HCaTS, and several other industry-specific BPA and IDIQs.

APV is a mature company dedicated to quality and exceptional delivery to meet its clients’ missions. We understand personnel are an essential part of this. We hire the best and take care of the people who come to work for us. We continue to maintain employee satisfaction and have a high retention rate, well above the industry average for our small business peers. We do this through our corporate practice that emphasizes on employee satisfaction through the three “C’s” – Culture, Compensation, and Career Development.

Duties: 

The Security Analyst/ISSO will:

• Serve as the Information System Security Officer (ISSO) for a major CMS IT system, ensuring compliance with CMS security policies, FISMA, and FedRAMP.
• Conduct security assessments, audits, and risk analyses to maintain CMS accreditation and continuous monitoring.
• Develop and maintain Security Authorization Packages (SAP), System Security Plans (SSP), and Authority to Operate (ATO) documentation.
• Implement and oversee continuous monitoring programs, identifying vulnerabilities and recommending risk mitigation strategies.
• Ensure compliance with HIPAA, NIST 800-53, and CMS Acceptable Risk Safeguards (ARS).
• Support incident response efforts, coordinating with CMS cybersecurity teams to resolve security breaches and vulnerabilities.
• Advise developers and infrastructure teams on security best practices for DevSecOps, API security, and encryption.
• Act as the primary security liaison between APV and CMS security teams, ensuring compliance with all federal security mandates.
• Provide input on security architectures, access control models, and secure coding practices.
• Oversee security reporting and risk mitigation tracking, ensuring CMS stakeholders remain informed of all security activities.

Education:

• Bachelor's degree in Cybersecurity, Computer Science, or a related field (Master’s preferred).

Required Skills:

• 10-15 years of experience in cybersecurity, risk management, and compliance for federal IT systems.
• Expertise in cloud security best practices, particularly within AWS GovCloud environments.
• Hands-on experience with SIEM tools (Splunk, AWS Security Hub), vulnerability scanning (Nessus, Qualys), and endpoint protection.
• Familiarity with SOC reporting, security automation, and penetration testing methodologies.
• Strong knowledge of CMS security frameworks, including Acceptable Risk Safeguards (ARS) and TIC 3.0 requirements.

Preferred Experience and Skills:

• Experience working with CMS, CCIIO, or federal healthcare IT projects.
• Certifications such as CISSP, CISM, AWS Security Specialty, or CEH.
• Experience leading security training and awareness programs for IT teams.

About A P Ventures

A P Ventures is an Equal Employment Opportunity employer. All qualified applicants are considered without regard to race, national origin, gender, age, religion, disability, sexual orientation, veteran status, or marital status. Minorities/Females/Veterans/Disability candidates are encouraged to apply. Qualified military veterans are encouraged to apply.