Overview:
GovCIO is currently hiring for a Cyber Security Analyst to safeguard our digital assets, ensure compliance with industry standards, and provide guidance on secure processes to the system team. The candidate will reconcile findings from system assessments, audits, and vulnerability scans. This position is fully remote within the United States.
Responsibilities:
Implement RMF steps throughout the system lifecycle system and maintain its Authority to Operate (ATO). Develop and maintain ATO plans, policies, and procedures including artifacts that demonstrate security compliance. Perform periodic control and risk assessments. Audit technical and administrative controls to ensure efficacy and maintain a strong security posture. Manage risks and conduct continuous monitoring of all assets within the ATO boundary.

REQUIRED SKILLS AND EXPERIENCE

• Security+, CISA, CISM, or CISSP certification
• Understanding of cloud architecture and secure engineering principles
• Experience with vulnerability identification and management solutions
• Experience with identity management solutions and SIEM software
• Relevant expertise/skills needed:
• 
  
  
  
• Governance, Risk & Compliance (GRC)
  
  Working knowledge of NIST and regulatory requirements, such as RMF and FedRamp. Ability to support audits, write policies, and conduct risk assessments.

• 
  
  
  
• 
  
  Communication & Documentation
  
  Strong written and verbal communication skills. Ability to document procedures, write incident reports, and explain technical issues to non-technical stakeholders.

• 
  
  
  
• 
  
  Security Architecture & Engineering
  
  Familiarity with secure infrastructure across hybrid and cloud environments (Azure, AWS).

• 
  
  
  
• 
  
  Vulnerability Management & Pen Testing
  
  Experience in scanning, prioritizing, and remediating vulnerabilities.

• 
  
  
  
• 
  
  Cloud Security
  
  Knowledge securing the cloud

PREFERRED SKILLS AND EXPERIENCE

• CISSP certification
• Knowledge assessing zero-trust architecture
• Experience with cloud service security solutions
  Company Overview:
  GovCIO is a team of transformers-people who are passionate about transforming government IT. Every day, we make a positive impact by delivering innovative IT services and solutions that improve how government agencies operate and serve our citizens.
  But we can’t do it alone. We need great people to help us do great things - for our customers, our culture, and our ability to attract other great people. We are changing the face of government IT and building a workforce that fuels this mission. Are you ready to be a transformer?

• Communicate and provide consultative support to the VA on matters related to system security and Authorization to Operate (ATO)
• Enforce and monitor the system’s cybersecurity program, aligning with business objectives and regulatory requirements.
• Lead internal program(s) to ensure the system achieves and/or maintains critical cybersecurity certifications (e.g., FISMA, ATO, etc.).
• Review, identify, and compose system/application security controls following NIST SP-800-53, CNSSI 1253, and VA Handbook 6500.
• Develop and enforce security policies, procedures, and protocols to protect digital infrastructure from threats and vulnerabilities.
• Perform cybersecurity and information system risk analysis, vulnerability assessment, compliance assessment, and gap analysis on existing systems and systems in development.
• Develop various security and privacy documents, including contingency plans, incident response plans, business impact analyses, configuration management plans, memoranda of understanding, interconnection security agreements, privacy threshold analyses, and privacy impact assessments.
• Lead incident response efforts, including the identification, containment, and remediation of security breaches. Collaborate with intrusion analysts, engineers, legal, technology partners, and federal agencies to identify, report on, and coordinate remediation of cyberthreats.
• Collaborate with cross-functional teams to integrate security into system designs and business processes.
• Leverage technical knowledge of cloud systems and networks with cyber threat information to assess the system’s security posture.
  Qualifications:
  Bachelor’s with 12+ years (or commensurate experience)