Cyber Security Analyst

Primary Responsibilities:

Perform ongoing vulnerability scanning, penetration testing, code review, and remediation in line with NIST SP 800-53 and related standards.

Develop, document, review, and maintain Assessment & Authorization (A&A) artifacts, including security plans, risk assessments, and Plan of Action and Milestones (POA&M), supporting ATO submissions and renewals.

Respond to, analyze, and report on security events and incidents, including notification to stakeholders within strict timeframes. Remediate security vulnerabilities within specified periods according to severity.

Ensure compliance with Federal, VA, FISMA, NIST, HIPAA, Privacy Act, and organizational security and privacy directives.

Complete mandatory and additional annual privacy and security training as required.

Coordinate with VA technical staff, ISSOs, and integration teams to ensure proper migration, deployment, and operational support for new or updated systems.

Provide support for the implementation of security controls on operating systems, application code, network infrastructure, and endpoints. Participate in audits and assessments, and provide evidence of compliance as requested.

Monitor, track, and report on key security KPIs including vulnerability remediation timeframes, incident resolution metrics, and system security posture.

Proactively apply OS and application patches; validate and report the effect of third-party patches.

Develop and maintain robust operational and incident response documentation, participate in after-action reviews, and contribute to lessons learned for continuous process improvement

Minimum Requirements:

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related discipline; equivalent practical experience may be considered.

• Minimum of 10 years of progressive experience in cyber security operations, risk assessment, vulnerability management, or information security compliance.

• Demonstrated knowledge of and experience with relevant federal cybersecurity standards.

• Experience conducting and reporting on vulnerability assessments, penetration testing, and security control testing.

• Familiarity with security tools including but not limited to Static Application Security Testing (SAST) tools (e.g., Micro Focus Fortify), penetration testing suites, SIEM/monitoring platforms.

• Experience supporting ATO and A&A processes, and maintaining compliance documentation in regulated environments.

• Understanding of DevSecOps practices and principles; collaborative experience with development, operations, and compliance teams.

• Ability to manage multiple applications.

• Ability to obtain a Public Trust Clearance.

Preferred Qualifications:

• Familiarity with VA’s Governance, Risk and Compliance (GRC) tools and associated security workflows.

• Experience with security assurance for cloud platforms, including compliance with FedRAMP standards (AWS, Azure, etc.).

• Demonstrated expertise with application security, code quality assurance in large-scale and agile environments, and continuous delivery pipelines.

• Advanced knowledge of security and monitoring tools such as Jenkins, GitHub, SonarQube, AppDynamics, as well as experience with security architecture and incident response frameworks.

Benefits (including but not limited to):

• Health, dental, and vision plans
• Optional FSA
• Paid parental leave
• Safe Harbor 401(k) with employer contributions 100% vested from day 1
• Paid time off and 11 paid holidays
• No cost group term life/AD&D plan, and optional supplemental coverage
• Pet insurance
• Monthly phone and internet stipend
• Tuition and training reimbursement