RES eVA Cyber Security Associate (Remote)

About The Position

Requirements

• Bachelor’s degree in Computer Science, Cyber Security, Information Systems, or equivalent experience.
• 2–5 years of hands‑on cybersecurity or GRC experience supporting ATO or compliance activities.
• Working knowledge of RMF, NIST SP 800‑53 controls, and federal security requirements.
• Experience using eMASS, GRC tools, or vulnerability management platforms.
• Ability to analyze security findings, interpret scan results, and document remediation steps.
• Strong writing ability for security documentation.
• Strong attention to detail and organizational skills.
• Effective communication and collaboration skills across technical and non‑technical teams.
• Ability to obtain and maintain Suitability for Public Trust clearance.

Nice To Haves

• Experience with Jira, Confluence, and Microsoft 365.
• Experience supporting VA cybersecurity programs or other federal clients.
• Certifications such as Security+, CAP, CISA (in progress), or similar.
• Experience with or interest in AI‑assisted automation for evidence review and control mapping.
• FISMA, FedRAMP
• NIST SP 800‑53 Rev 4/5
• NIST SP 800‑37 RMF
• VA Directive 6500 and VA RMF processes

Responsibilities

• Develop and maintain portions of ATO documentation such as SSP control narratives, RA inputs, IRP/ISCP sections, and configuration management artifacts.
• Manage day‑to‑day updates in eMASS including POA&M edits, control evidence uploads, package preparation, and workflow tracking with moderate independence.
• Support Continuous Monitoring activities by updating ServiceNow CAM dashboards, analyzing control status, and assisting in monthly/quarterly reporting.
• Coordinate vulnerability scans and perform preliminary analysis to identify potential weaknesses.
• Participate in security audits and assessments by assembling evidence, drafting responses, and executing assigned tasks.
• Contribute to risk assessments by identifying gaps, summarizing findings, and proposing initial remediation recommendations.
• Assist in planning and conducting IRP/ISCP/DRP tabletop exercises; update plans based on observed results.
• Work with cross‑functional partners to support alignment of engineering, security, and privacy requirements.
• Draft SOPs, workflows, and documentation to improve security processes.
• Develop proficiency with VA cybersecurity frameworks, GRC requirements, and system boundary documentation.