Perform ongoing vulnerability scanning, penetration testing, code review, and remediation in line with NIST SP 800-53 and related standards.
Develop, document, review, and maintain Assessment & Authorization (A&A) artifacts, including security plans, risk assessments, and Plan of Action and Milestones (POA&M), supporting ATO submissions and renewals.
Respond to, analyze, and report on security events and incidents, including notification to stakeholders within strict timeframes. Remediate security vulnerabilities within specified periods according to severity.
Ensure compliance with Federal, VA, FISMA, NIST, HIPAA, Privacy Act, and organizational security and privacy directives.
Complete mandatory and additional annual privacy and security training as required.
Coordinate with VA technical staff, ISSOs, and integration teams to ensure proper migration, deployment, and operational support for new or updated systems.
Provide support for the implementation of security controls on operating systems, application code, network infrastructure, and endpoints. Participate in audits and assessments, and provide evidence of compliance as requested.
Monitor, track, and report on key security KPIs including vulnerability remediation timeframes, incident resolution metrics, and system security posture.
Proactively apply OS and application patches; validate and report the effect of third-party patches.
Develop and maintain robust operational and incident response documentation, participate in after-action reviews, and contribute to lessons learned for continuous process improvement

Requirements

Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related discipline; equivalent practical experience may be considered.
Minimum of 10 years of progressive experience in cyber security operations, risk assessment, vulnerability management, or information security compliance.
Demonstrated knowledge of and experience with relevant federal cybersecurity standards.
Experience conducting and reporting on vulnerability assessments, penetration testing, and security control testing.
Familiarity with security tools including but not limited to Static Application Security Testing (SAST) tools (e.g., Micro Focus Fortify), penetration testing suites, SIEM/monitoring platforms.
Experience supporting ATO and A&A processes, and maintaining compliance documentation in regulated environments.
Understanding of DevSecOps practices and principles; collaborative experience with development, operations, and compliance teams.
Ability to manage multiple applications.
Ability to obtain a Public Trust Clearance.

Benefits

Health, dental, and vision plans
Optional FSA
Paid parental leave
Safe Harbor 401(k) with employer contributions 100% vested from day 1
Paid time off and 11 paid holidays
No cost group term life/AD&D plan, and optional supplemental coverage
Pet insurance
Monthly phone and internet stipend
Tuition and training reimbursement

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

vulnerability scanningpenetration testingcode reviewrisk assessmentsecurity controlsincident responsesecurity complianceDevSecOpssecurity documentationsecurity metrics

Soft Skills

analytical skillscommunication skillscollaborationtime managementproblem-solvingattention to detailorganizational skillsstakeholder engagementprocess improvementteam coordination

Certifications

Bachelor's degree in CybersecurityBachelor's degree in Computer ScienceBachelor's degree in Information TechnologyPublic Trust Clearance