Cybersecurity Engineer; Remote

GovCIO is currently hiring for a Cybersecurity Engineer supporting the Department of Veterans Affairs. This position is fully remote.

The Information Systems Security Analyst supports the Information System Security Officer (ISSO) in executing a wide range of cybersecurity and compliance activities in support of a federal civilian agency. This role is responsible for supporting Assessment and Authorization (A&A) efforts under the Risk Management Framework (RMF), coordinating with technical and business stakeholders, and ensuring information systems meet applicable federal security requirements prior to receiving and maintaining an Authority to Operate (ATO).

• Support the Information System Security Officer (ISSO) with a wide variety of information system security activities.
• Perform Assessment and Authorization (A&A) efforts for Major Applications and General Support Systems in accordance with the Risk Management Framework (RMF) per NIST SP 800-37.
• Facilitate A&A kickoff, bi-weekly status, and close-out meetings with system owners, subject matter experts (SMEs), and other stakeholders to drive systems toward successful authorization outcomes.
• Develop system security categorization documentation in accordance with FIPS 199 and NIST SP 800-60, and tailor security control selections based on system type, architecture, and operational environment.
• Document security control implementation statements by gathering and validating information from SMEs, System Owners (SOs), and the ISSO.
• Conduct Security Impact Assessments (SIAs) to evaluate changes to system architecture, networks, applications, security boundaries, or environments of operation.
• Request and coordinate vulnerability scanning activities for assigned systems and analyze scan results using tools such as Nessus.
• Conduct Security Control Assessments (SCAs) in accordance with NIST SP 800-53 Rev. 5, NIST SP 800-53A Rev. 5, and NIST SP 800-37 Rev. 1, including facilitation of evidence and artifact collection.
• Initiate, develop, and maintain Plans of Action and Milestones (POA&M) documenting security assessment findings, risk impacts, and remediation recommendations.
• Coordinate vulnerability remediation activities with technical teams to ensure findings are addressed within required timelines.
• Work directly with SMEs throughout the Security Assessment and Authorization (SA&A) process to resolve issues and provide guidance across all phases of the RMF life cycle.
• Develop, update, and review RMF documentation, including System Description Reports, System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Risk Reports (RARs).
• Assemble complete security authorization packages, develop authorization briefings, and schedule and participate in authorization meetings in support of obtaining and maintaining ATOs.

• Bachelor’s Degree and 5 – 8 years of experience (or commensurate experience)
• Experience supporting RMF-based Assessment and Authorization (A&A) efforts for federal information systems.
• Strong working knowledge of NIST SP 800-37, NIST SP 800-53/53A Rev. 5, FIPS 199, and NIST SP 800-60.
• Experience developing and maintaining RMF documentation, including SSPs, SAPs, SARs, POA&Ms, and ATO packages.
• Familiarity with vulnerability scanning tools such as Nessus and interpreting scan results.
• Ability to coordinate across technical and non-technical stakeholders, including system owners and SMEs.
• Strong written and verbal communication skills.

• Five (5) to eight (8) years of progressive experience supporting RMF-based cybersecurity activities for federal information systems.
• Prior experience supporting the Department of Veterans Affairs (VA), including familiarity with VA-specific security policies, procedures, and ATO processes.
• Demonstrated experience performing A&A activities for Major Applications and General Support Systems within a federal civilian environment.
• Experience briefing senior leadership, Authorizing Officials (AOs), or Designated Approving Authorities (DAAs).
• Relevant cybersecurity certification (e.g., CISSP, CAP, Security, or similar).

Ability to obtain and maintain a Suitability/Public Trust clearance.

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, disability, or status as a protected veteran. EOE, including disability/vets.