Security Analyst

9th Way Insignia

10d

About The Position

The VA OIT SPM, Corporate (CORP) Service Line (SL) delivers world-class, Veteran-centric capabilities that provide secure, seamless delivery of IT systems to VA corporate offices so these offices may efficiently and effectively provide benefits and services to Veterans and their families. The Security Analyst aligns with an E2 professional level. An Engineer 2 has a good understanding of the software development life cycle and can take on work without much direction majority of the time. Performs multiple engineering-related tasks in various assignments within the project and firm. An Engineer 2 has broad knowledge of engineering procedures and assists in the resolution of complex problems. An Engineer 2 has strong technical skills and background, a knack for learning new technologies, and a blend of good problem-solving and innovation needed to resolve a wide variety of technical production challenges.

Requirements

Bachelors degree in computer science, electronics engineering or other engineering or technical discipline is required.
5+ years of experience in a security analyst, system steward, or similar role, supporting government information technology systems.
Expertise in federal Governance, Risk, and Compliance (GRC) tools such as Service Now (SNOW), Continuous Authorization and Monitoring (CAM) or Enterprise Mission Assurance Support Service (eMASS)

Responsibilities

Support Authorization to Operate (ATO) processes for VA systems by updating and maintaining security documentation, including System Security Plans (SSP), Plan of Action & Milestones (POA&M), Incident Response Plans (IRP), and Business Impact Analyses (BIA).
Perform continuous monitoring and vulnerability management using tools like Tenable Nessus, SCCD, and adherence to DISA STIGs.
Conduct risk assessments and ensure compliance with NIST Risk Management Framework (RMF) and FEDRAMP requirements for cloud systems.
Coordinate and execute annual ATO-related exercises such as Disaster Recovery, Contingency Planning, and Incident Response Tabletop tests with cross-functional stakeholders.
Ensure timely remediation of vulnerabilities and track mitigation progress in eMASSService Now (SNOW) Continuous Authorization and Monitoring (CAM), collaborating with DevOps and system owners.
Develop and review Memorandums of Understanding (MOUs), Interconnection Security Agreements (ISAs), Privacy Threshold Analyses (PTAs), and Privacy Impact Assessments (PIAs).
Provide security analysis and technical support for VA Corporate Service Line systems such as VEMS, POS, and MDM across their lifecycle.
Support VA’s compliance with government standards (FISMA, HIPAA, NIST SP 800-53, and VA-specific directives).