Cyber Security Analyst (Remote) #5064

Company Overview

 

GovCIO is a team of transformers–people who are passionate about transforming government I.T. We believe in making a difference by developing digital strategies and delivering the technology-related innovation governmental operations that improve the citizen experience every day.

But we can’t do it alone. We welcome and nurture an inclusive and diversified work culture. Because different backgrounds, experiences, abilities, and perspectives make us better decision-makers, problem solvers, and creators. We’re changing the face of I.T. – from our diverse staff to the end-products we develop. And we’re excited to expand our team. Are you ready to be a transformer?

 

Responsibilities

This individual will support cybersecurity efforts across multiple projects within a portfolio setting and proactively monitor upcoming cyber priorities across the VA Health portfolio.

• Communicate and provide consultative support on the VA on matters related to system security certification & accreditation and Authority to Operate (ATO).
• Coordinate and lead security and privacy activities within project teams and develop security and privacy related artifacts.
• Review and identified system/applications security controls in accordance with NIST SP-800 53 Rev 4 guidance and VA Handbook 6500.
• Perform cyber security and information system risk analysis, vulnerability assessment, and regulatory compliance assessment and gap analysis on existing systems and system in development.
• Responsible for on time deliverables of assigned and related security and privacy artifacts.
• Must be able to identify and mitigate risks to the program.
• Demonstrated experience in a remote work environment.
• Ability to proactively communicate and coordinate with various internal and external project stakeholders, depending on needs.
• Identifying and communicate symptoms for process improvement. 
• Support adoption of new technologies and products by performing research, identifying security-related issues, and developing adoption plans.
• Ability to work independently with minimal guidance and supervision
• Well versed in the VA Veteran-Focused Integration Process (VIP) project management methodology.
• Participate in support activities related to the integration of security architecture & engineering efforts in the SDLC IT lifecycle
• Support a team of other cyber security professionals
• Support Application development/maintenance and IT operations with DevSecOps and Agile practices
• The candidate will participate in new task orders to ensure Cyber concepts are considered within the design and architecture phases
• Build and develop cyber security related artifacts
• Implement scans, cloud security solutions; analyze, evaluate, and plan enterprise solutions
• Resolve requests for assistance in troubleshooting issues
• Participate in the planning of upgrades, replacement, configuration, and maintenance of security architecture and engineering projects
• Participate in new and existing IT modernization, expansion, and improvement of security architecture and engineering projects support enterprise operations
• Analyze process improvement areas/recommend changes to processes/procedures for efficiencies/cost-savings
• Support ATO, the VA System Steward, and the VA ISSO in support of ATCs, ATOs, eMASS, REEF, and other security tracking systems
• Typical tasks for this role include but are not limited to:
  • Authority-to-Operate (ATO) & Authority to Connect (ATC) remediation efforts
  • System scans and audit preparation
  • Cloud Migration and scans
  • eMASS updates, and reporting
  • System production monitoring
  • SOP Creation and Updating
  • Artifact Research
  • PIA (Privacy Impact Analysis) and PTA (Privacy Threshold Analysis) Documentation
  • Program and administrative support (meeting notes, reports, org/role documentation, etc.)
  • Ad hoc remediation response support
  • Communications support

 Qualifications

• Bachelor’s Degree in a Business, Engineering, or Technical discipline plus 15 years of experience; 10 additional years of experience can be substituted for the degree requirement Ability to work in a fast-paced, collaborative environment

Required Skills and Experience

• Strong understanding and hands-on experience working with Federal Information Security Management Act (FISMA), NIST-800-53 guidance, HIPAA, and HITECH Act.
• Must have experience achieving an ATO for projects within the VA or other Federal Agencies.
• Experience supporting Information Assurance Certification and Accreditation (C&A) and associated IA processes, procedures, and activities with capability and expertise to implement applicable NIST and CNSS IA directives, instructions, guidelines
• Ticketing systems experience such as Remedy, ServiceNow
• Experience in collaborating with other enterprise technologists both internal and external to resolve complex technical issues
• Ability to work both independently with minimal guidance and to supervise and lead collaborations with project team members, program customers, and program and external stakeholders on behalf of the VA Technical Lead. This position requires significant hands-on work execution by the candidate.
• Demonstrated experience in a remote work environment.
• Ability to proactively communicate and coordinate with various internal and external project stakeholders, depending on needs.
• Security+ or other applicable certification
• Experience applying security engineering concepts, processes, practices, and procedures on technical assignments, working with several different mission applications
• Experience supporting and obtaining an Authority to Operate (ATO)
• Analytical and investigation skills
• Experience with the VA Risk and Governance Tool (Risk Vision)
• Technical/Security: transaction security and virus protection tools, network monitoring tools, development tools, web tools, operating system software, object-oriented coding, network, and VPN tools, database tools, ERP tools, business intelligence tools
• Specific Tools: Knowledge of service-oriented architecture. Interfaces (middleware, APIs, SOAP, XML, etc.) to components. Health or data brokering standards (HL7, Remote Procedure Calls, etc.). Note that no coding is required, but an understanding of these concepts is important.

Preferred Skills and Experience

• Experience as a VA ISSO or System Steward
• eMASS experience a plus
• Experience with Microsoft and Linux Server Operating Systems
• Experience with Cloud Engineering and Agile/Scrum
• Experience in HBSS, ACAS, and NESSUS scanning, analysis, mitigation, and implementation
• Experience with cloud migration and security architecture
• Experience with event-driven architecture
• Knowledge of HL7
• Knowledge or experience with VistA
• Evaluation and creation of POA&Ms
• CISSP certification
• Experience with Federal Risk and Authorization Management Program (FedRAMP) is a definite plus.
• Experience with achieving an ATO for Software as a Service (SaaS) and/or Cloud based applications is a definite plus
• Well versed in the VA Veteran-Focused Integration Process (VIP) project management methodology and other VA security related reporting methodologies.
• Experience with the VA’s Governance, Risk management and Compliance (GRC) Tool, eMASS.
• Security certification below preferred.
  • Preferred: CISSP (ISC2) or CISM (ISACA)
  • Acceptable: CEH (EC-Council), GSEC (SANS GIAC), or Security+ (CompTIA)

Compensation Range (In compliance with Colorado's Equal Pay for Equal Work Act for remote or positions located in CO)

$125,000-$128,000

Apply Now