Cyber Security Engineer

Summary

Join VetsEZ as a Cyber Security Engineer (System Steward) to support a Department of Veterans Affairs project. This role focuses on guiding cybersecurity compliance through the NIST Risk Management Framework (RMF), supporting the Authority to Operate (ATO) process, and maintaining strong system security. The ideal candidate possesses expertise in cloud and enterprise security, risk assessments, and compliance documentation. Responsibilities include leading ATO activities, supporting security documentation, conducting risk assessments, analyzing authorization documents, utilizing various security tools, applying NIST 800-53 and FedRAMP controls, providing security guidance, and delivering security briefings. The position requires a Bachelor’s degree, 5+ years of experience in Information Security (3+ in Cyber or Cloud Security), and hands-on RMF and ATO experience. The candidate must reside within the continental US.

Requirements

• Bachelor’s degree in Cybersecurity, Information Systems, or related field
• 5+ years of experience in Information Security, including 3+ in Cyber Security or Cloud Security
• Hands-on experience with RMF, ATO processes, and federal cybersecurity standards
• Strong understanding of IT systems, cloud environments, and compliance frameworks (e.g., FedRAMP, NIST)
• Proficiency in evaluating system vulnerabilities and implementing security controls

Responsibilities

• Lead ATO activities, including creation of RMF artifacts and POAMs
• Support security documentation such as Incident Response, Contingency Plans, and Disaster Recovery
• Conduct risk and impact assessments, implementing security controls and mitigations
• Analyze authorization documents, identify gaps, and coordinate remediation plans with stakeholders
• Utilize tools like eMASS, Nessus, Nmap, Wireshark, and SCAP for compliance assessments
• Apply NIST 800-53 and FedRAMP security controls across IaaS, PaaS, and SaaS environments
• Provide security guidance for system design, development, and configuration
• Deliver clear reports and security briefings to technical and non-technical audiences

Preferred Qualifications

• Required certification: ISC2 CISSP
• Additionally must have one or more of the following certifications: IAT II, IAM II, IASAE II, Security+, CISA, CEH, CAP, SSCP, CCSP, or similar
• Experience supporting VA, DoD, GSA, or other federal agencies
• Ability to obtain government clearance

Benefits

• Medical/Dental/Vision
• 401k with Employer Match
• PTO + Federal Holidays
• Corporate Laptop
• Training opportunities
• Remote Opportunity