Trilogy FederalRemote
Cyber Security Analyst
United States of America
Full Time
1 week ago
$103,000 - $118,000 USD
No H1B
Key skills
AWSAzureJenkinsAppDynamicsGitHubAgileSonarQubePenetration Testing
About this role
Trilogy Federal drives innovative solutions for complex business challenges across financial management, healthcare, and government industries. They are seeking a Cyber Security Analyst to support the security posture of VA information systems, ensuring compliance with federal and VA security requirements while conducting vulnerability assessments and incident response.
Responsibilities:
- Perform ongoing vulnerability scanning, penetration testing, code review, and remediation in line with NIST SP 800-53 and related standards
- Develop, document, review, and maintain Assessment & Authorization (A&A) artifacts, including security plans, risk assessments, and Plan of Action and Milestones (POA&M), supporting ATO submissions and renewals
- Respond to, analyze, and report on security events and incidents, including notification to stakeholders within strict timeframes
- Remediate security vulnerabilities within specified periods according to severity
- Ensure compliance with Federal, VA, FISMA, NIST, HIPAA, Privacy Act, and organizational security and privacy directives
- Complete mandatory and additional annual privacy and security training as required
- Coordinate with VA technical staff, ISSOs, and integration teams to ensure proper migration, deployment, and operational support for new or updated systems
- Provide support for the implementation of security controls on operating systems, application code, network infrastructure, and endpoints
- Participate in audits and assessments, and provide evidence of compliance as requested
- Monitor, track, and report on key security KPIs including vulnerability remediation timeframes, incident resolution metrics, and system security posture
- Proactively apply OS and application patches; validate and report the effect of third-party patches
- Develop and maintain robust operational and incident response documentation, participate in after-action reviews, and contribute to lessons learned for continuous process improvement
Requirements:
- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related discipline; equivalent practical experience may be considered
- Minimum of 10 years of progressive experience in cyber security operations, risk assessment, vulnerability management, or information security compliance
- Demonstrated knowledge of and experience with relevant federal cybersecurity standards
- Experience conducting and reporting on vulnerability assessments, penetration testing, and security control testing
- Familiarity with security tools including but not limited to Static Application Security Testing (SAST) tools (e.g., Micro Focus Fortify), penetration testing suites, SIEM/monitoring platforms
- Experience supporting ATO and A&A processes, and maintaining compliance documentation in regulated environments
- Understanding of DevSecOps practices and principles; collaborative experience with development, operations, and compliance teams
- Ability to manage multiple applications
- Ability to obtain a Public Trust Clearance
- Familiarity with VA's Governance, Risk and Compliance (GRC) tools and associated security workflows
- Experience with security assurance for cloud platforms, including compliance with FedRAMP standards (AWS, Azure, etc.)
- Demonstrated expertise with application security, code quality assurance in large-scale and agile environments, and continuous delivery pipelines
- Advanced knowledge of security and monitoring tools such as Jenkins, GitHub, SonarQube, AppDynamics, as well as experience with security architecture and incident response frameworks