Support the Department of Veterans Affairs (VA) by guiding systems through the full Risk Management Framework (RMF) lifecycle and ensuring compliance with VA security policies and authorization requirements.
Partner with Information System Owners (ISOs), Information System Security Officers (ISSOs), and other stakeholders to coordinate Authorization to Operate (ATO) activities, identify and mitigate risks, and maintain the security posture of systems from acquisition and deployment through decommissioning.
Serve as a trusted security advisor, translating complex cybersecurity requirements into practical recommendations that enable secure and compliant IT system implementation.
Coordinate and support RMF Steps 0–6 activities required to obtain and maintain system Authorizations to Operate (ATO).
Collaborate with Information System Owners (ISOs), Information System Security Officers (ISSOs), and system stakeholders to ensure security requirements are implemented and documented.
Develop, update, and maintain detailed security documentation and authorization artifacts in accordance with VA policies and processes.
Identify, assess, and help mitigate security risks and vulnerabilities, escalating critical risks to leadership when necessary.
Provide information system security guidance throughout the system lifecycle, including acquisition, installation, operations, and decommissioning.
Translate complex cybersecurity and RMF requirements into actionable recommendations to support secure system deployment and operations.
Support security reviews of IT systems, networks, hardware, and software across a variety of environments and installation sites.

Requirements

Experience in proactively and independently managing complex system records in the Enterprise Mission Assurance Support Service (eMASS) tool.
Experience with supporting all RMF steps, security categorizations, creating and updating security artifacts and FISMA security documents, control implementation details, and Plan of Action and Milestones (POA&M)
Experience with National Institute of Standards and Technology (NIST) SP 800-53 security controls, RMF, and system authorizations and security compliance standards and processes
Experience in creating plans and approaches for executing product installation securely in accordance with agency authorization policy requirements for system major changes and development lifecycle, while identifying potential risks and working with system stakeholders to create mitigation strategies to reduce or eliminate risks
Analyze authorization documents and associated artifacts against authorization requirements to identify gaps, establish a schedule to address outstanding authorization requirements, and coordinate directly with system stakeholders to address identified gaps in accordance with required deadlines
Excellent oral and written communication skills and the ability to independently lead client-facing meetings and present complex ATO topics to the client
Ability to organize, manage, and maintain large amounts of discrete data with various expiration dates across multiple systems simultaneously
Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements.
Bachelor’s degree in Computer Science, Electronics Engineering or other Engineering or technical discipline and 5 years of relevant work experience or 13 years of relevant work experience in lieu of degree

Benefits

Competitive compensation and market-leading bonus opportunities
Medical, dental and vision benefits where a significant portion of the premium is subsidized by IronArch.
Company-provided healthcare concierge assistance to help explain your coverage in plain language; help you find, choose, and schedule quality care; and address billing, benefit, or claims concerns, potentially saving hours of your time
401(k) retirement plan where the company contributes dollar for dollar up to 3 percent, and 50 cents on the dollar for the 4th and 5th percent with immediate entry and immediate vesting
20 days of PTO accumulated per calendar year
11 paid holidays
Bereavement, jury duty, parental (maternity/paternity/adoption), and military leaves
Sabbatical programs
Company-paid short- and long-term disability
Company-paid life insurance
Voluntary life, accidental and indemnity income replacement benefits
Professional development reimbursement
Health club reimbursement
Matching donation program and annual philanthropic activities
Pet insurance

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Risk Management Framework (RMF)FISMA security documentsNIST SP 800-53security categorizationssecurity artifactsPlan of Action and Milestones (POA&M)security documentationsecurity controlssystem authorizationsvulnerability assessment

Soft Skills

communication skillsleadershiporganizational skillsproblem-solvingcollaborationindependent managementclient-facing skillspresentation skillsrisk mitigationdata management

Certifications

Public TrustSuitability/Fitness determination