Track efforts and perform tasks for A & A within Veterans Affairs (VA) to ensure assigned information systems, devices, and networks can obtain and maintain Authorization to Operate (ATO) and other decisions
Plan, coordinate, and lead teams to conduct assessments of information systems and networks to identify vulnerabilities, risks, and security requirements in accordance with the A & A process
Perform secondary responsibilities such as testing CCIs, validating Security Plans, weekly status updates, and extensive work in Enterprise Mission Assurance Support Service (eMASS) packages
Support Supplier Corrective Action Reports (SCARs), the Security Control Assessor (SCA), and other cybersecurity leadership in the execution and enforcement of cybersecurity and RMF processes

Knowledge of information security and assurance principles such as defense-in-depth and associated supporting technologies
Ability to work as an independent security practitioner and participate in a small team of security personnel reviewing the same system
Ability to organize, analyze, and write technical documents that can be understood by non-technical individuals
Ability to obtain a Secret clearance
Experience with Prisma Cloud or Twistlock and containerization
Experience with VA cybersecurity
Experience performing Information Assurance (IA) controls analysis, testing, and risk assessments
Experience with Nessus, Nmap, Burpsuite, Linux security (RHEL7), and AWS cloud security
Experience using vulnerability scanning and assessment tools necessary to identify and document compliance
Knowledge of eMASS
Knowledge of NIST SP 800-53 and 800-37, CNSSI 1254, and other VA Risk Management policies
Ability to identify and evaluate major applications, infrastructure, enclaves, and Enterprise environments based on accreditation boundaries
Possession of excellent written and verbal communication skills

Information Assurance Analyst

Key skills