VetsEZ is currently seeking a remote certified CISSP Cybersecurity Engineer, where their expertise will be utilized to identify and minimize cybersecurity risks for the Department of Veterans Affairs (VA). The candidate will be responsible for implementing policies that address requests for information on cyber best practices, assessing risks, supporting Authority to Operate (ATO) activities throughout the NIST Risk Management Framework (RMF) certification/accreditation processes (Steps 1-7), and providing expert guidance on information system security to maintain optimal operational security posture. Their role will involve meticulous system documentation and updates, close collaboration with system administrators, developers, system owners, and Information System Security Officers (ISSO) for ATO support, and translating security concepts into practical recommendations to assist the client in making well-informed security decisions.

In Short

Expert communication and consultative support to the VA on matters related to system security certification & accreditation and Authority to Operate (ATO), using Risk Management Framework (RMF).
Experience in the creation of Security-Specific documentation such as Incident Response, Contingency Planning, and Disaster Recovery processes.
Familiarity with the security controls outlined by the National Institute of Standards and Technology (NIST), as well as the Governance, Risk Management Framework (RMF), and security compliance procedures (GRC).
Skilled in providing support for system Authority to Operate (ATO) processes, including the creation of artifacts, implementation of controls, and development of Plan of Action & Milestones (POAM).
Capable of facilitating meetings, conducting a thorough analysis of authorization documents and associated artifacts to identify any gaps, establishing a schedule to address outstanding authorization requirements, and effectively coordinating with stakeholders within the system team.
Proficient in utilizing the Enterprise Mission Assurance Support Service (eMASS) tool to manage intricate system records.
Experience in IT and Cloud design, security, development, systems engineering, and implementation efforts.
Utilize security evaluation tools such as Tenable Nessus, Nmap, SCAP, and Wireshark to conduct analyses and identify potential vulnerabilities.
Prepare and present comprehensive security briefings, reports, and summaries, while effectively collaborating with internal and external stakeholders on system configuration changes and their impact on security policies.
Take on additional tasks and responsibilities as needed to support team objectives and ensure the success of the project.

Requirements

Bachelor or Master in Cybersecurity, Computer Science, Information Systems, Information Assurance, Information Security, Information Resource Management, or related fields.
Must have one or more of the following: IAT II, IAM II or IASAE II certifications: ISC2 CISSP, ISC2 CAP, ISC2 SSCP, ISC2 CCSP, ISC2 ISSEP, ISACA CISM, ISACA CISA, EC-COUNCIL CEH, CompTIA Security+, CompTIA Network+, CompTIA SecurityX, CompTIA Linux+.
Nice to have - ISC2 CISSP Certification.
Minimum Experience: 5 years of Information Security Experience of which at least 3 years are of Cybersecurity and Cloud Security experience at a large Government agency similar in size/scope to GSA, IRS, DoD or VA.
Lead and coordinate security and privacy activities within project teams, developing relevant artifacts and documenting cybersecurity requirements using the Risk Management Framework.
Perform security analyses to identify gaps, conduct impact assessments, implement compensating controls, and evaluate residual risks through system risk assessments and security impact analyses.
Conduct security compliance evaluations on IT products, assess operating system and security configurations, and ensure alignment with NIST SP 800-53 Security Controls.
Assess operating system and security configuration guidelines into images for IT products initialization and deployment within the infrastructure SCAP-SCCD-BigFix.
Experience working in the FedRAMP cloud environment, understanding IaaS, PaaS, and SaaS regarding cloud service provider (CSP) security control responsibilities and customer responsibilities.
Communicate and collaborate with internal and external customers regarding hardware and software configuration changes that may impact system security or violate policies.
Apply security principles, policies, and regulations in daily tasks, along with performing additional responsibilities as assigned.