Cyber Security Analyst

About The Position

Requirements

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related discipline; equivalent practical experience may be considered.
• Minimum of 10 years of progressive experience in cyber security operations, risk assessment, vulnerability management, or information security compliance.
• Demonstrated knowledge of and experience with relevant federal cybersecurity standards.
• Experience conducting and reporting on vulnerability assessments, penetration testing, and security control testing.
• Familiarity with security tools including but not limited to Static Application Security Testing (SAST) tools (e.g., Micro Focus Fortify), penetration testing suites, SIEM/monitoring platforms.
• Experience supporting ATO and A&A processes, and maintaining compliance documentation in regulated environments.
• Understanding of DevSecOps practices and principles; collaborative experience with development, operations, and compliance teams.
• Ability to manage multiple applications.
• Ability to obtain a Public Trust Clearance.

Nice To Haves

• Familiarity with VA’s Governance, Risk and Compliance (GRC) tools and associated security workflows.
• Experience with security assurance for cloud platforms, including compliance with FedRAMP standards (AWS, Azure, etc.).
• Demonstrated expertise with application security, code quality assurance in large-scale and agile environments, and continuous delivery pipelines.
• Advanced knowledge of security and monitoring tools such as Jenkins, GitHub, SonarQube, AppDynamics, as well as experience with security architecture and incident response frameworks.

Responsibilities

• Perform ongoing vulnerability scanning, penetration testing, code review, and remediation in line with NIST SP 800-53 and related standards.
• Develop, document, review, and maintain Assessment & Authorization (A&A) artifacts, including security plans, risk assessments, and Plan of Action and Milestones (POA&M), supporting ATO submissions and renewals.
• Respond to, analyze, and report on security events and incidents, including notification to stakeholders within strict timeframes. Remediate security vulnerabilities within specified periods according to severity.
• Ensure compliance with Federal, VA, FISMA, NIST, HIPAA, Privacy Act, and organizational security and privacy directives.
• Complete mandatory and additional annual privacy and security training as required.
• Coordinate with VA technical staff, ISSOs, and integration teams to ensure proper migration, deployment, and operational support for new or updated systems.
• Provide support for the implementation of security controls on operating systems, application code, network infrastructure, and endpoints. Participate in audits and assessments, and provide evidence of compliance as requested.
• Monitor, track, and report on key security KPIs including vulnerability remediation timeframes, incident resolution metrics, and system security posture.
• Proactively apply OS and application patches; validate and report the effect of third-party patches.
• Develop and maintain robust operational and incident response documentation, participate in after-action reviews, and contribute to lessons learned for continuous process improvement

Benefits

• Health, dental, and vision plans
• Optional FSA
• Paid parental leave
• Safe Harbor 401(k) with employer contributions 100% vested from day 1
• Paid time off and 11 paid holidays
• No cost group term life/AD&D plan, and optional supplemental coverage
• Pet insurance
• Monthly phone and internet stipend
• Tuition and training reimbursement