• Cybersecurity Specialist, Senior

    Job Locations US-TX-Austin | US-PA-Philadelphia
    Posted Date 2 weeks ago(11/26/2018 11:01 AM)
    Job ID
    # of Openings
    Information Technology
  • Overview

    GCIO is seeking a well-qualified Cybersecurity Specialist for the Insurance Modernization program of the Department of Veteran’s Affairs. Performs assessment of present levels of Cybersecurity, defines acceptable levels of risk, trains all personnel in proper cyber hygiene and establishes formal maintenance procedures. Performs privacy impact assessments and provides PII data security and monitoring, migration strategies, and System Privacy Plans for systems. Identifies potential vulnerabilities to cyber and information security using penetration testing and red teams. Provides technologies for identification, modeling, and predictive analysis of cyber threats.



    The primary responsibility of the Cybersecurity Specialist is to support the objectives and mission of the VA Insurance Modernization Office, through oversight of support services that will enhance and expand the ability of the VA to securely build custom software applications in current and potential Virtual Machine and Cloud-hosted environments using secure coding. The Cybersecurity Specialist must effectively plan, administer, and document penetration testing of built and managed applications while rapidly addressing potential vulnerabilities. The Cybersecurity Specialist must also manage mitigations to protect applications and networks. In compliance with the VA business needs and federal mandates, the work will include support for analysis/verification and monitoring of service performance. The Cybersecurity Specialist shall provide oversight for comprehensive expert cybersecurity and networking support to the CIO by:


    • determining the impact of new technologies, software versions, or federal policy changes to application builds, web, networking, and maintenance;
    • determining the impact of new technologies, software versions, or federal policy changes to based tools, virtual, and Cloud environments, in accordance with 508 compliance;
    • conducting meetings, including preparing, documenting, and recording minutes;
    • providing expert analysis and documentation for various analytical efforts focused on VA Office cybersecurity processes and procedures;
    • reviewing various draft documents and providing timely feedback to federal IT employees and appointed collaborative contractors for VA Office business, infrastructure, and cloud hosting providers;
    • contributing to the further development, enhancement, and implementation of VA Office information systems, cybersecurity assessments, communication plans, strategic and tactical goals, and objectives determined by the VA Office IT federal management;
    • conducting mandated cybersecurity vulnerability scanning and penetration testing identifying potentially exploitable vulnerabilities of VA INSURANCE MODERNIZATION Office information systems and applications while devising mitigation strategies and reports;
    • identifying and developing cybersecurity performance management metrics and reporting that includes performance measures, tracking metrics, and trend analysis;
    • generating regular and ad hoc VA INSURANCE MODERNIZATION Office cybersecurity dashboards, reports, and/or metrics;
    • recommending development and maintaining monthly, quarterly, and annual FISMA reporting documents in VA INSURANCE MODERNIZATION Office required format;
    • attending FISMA working group meetings as assigned by the CISO/ISSO.
    • assisting in researching and compiling FISMA reporting data, artifacts, and points of contact;

    Supporting and preparing documents for submission such as:

    • VA Office Cybersecurity report templates and audit metrics
    • VA Office Cybersecurity monthly report
    • VA Office System Security Plan
    • VA Office Certification and Accreditation
    • VA Office Authority to Operate (ATO) and future federally mandated initiatives

    Using VA Office and agency approved tools, maintaining FISMA documentation, artifact inventory, and Plan of Action & Milestone (POA&M) reports and testing in DOJ required format;

    • preparing FISMA reporting documents monthly, quarterly, and annually as required;
    • reporting on FISMA information systems and submitting POA&M reports monthly;
    • maintaining a tracking system of all VA Office federal IT and Office Change Control Board (CCB) information and relatable security and IT project-related deliverables (regularly scheduled and ad hoc implementations);
    • contributing to the further development, enhancement, and implementation of VA Office audit responses to federal ad hoc reporting requirements;
    • updating cybersecurity project charters and project management plans monthly, quarterly, and yearly as required;
    • participating in special projects as required
    • being available 24/7 to respond to system outages; and security incidents;

    Preparing meeting agenda’s, minutes, and diagrams as required by VA Office CIO and ISSO; and contributing to the further development, enhancement, and implementation of VA Office and federally mandated compliance initiatives and policies such as but not limited to:

    • Homeland Security Presidential Directive 12 (HSPD-12)
    • Federal Information Processing Standards (FIPS)
    • Federal Information Security Management Act (FISMA)
    • NIST Risk Management Framework (RMF)
    • SP 800-53 and 53A Revision 4 (Security and Privacy Controls)
    • NIST SP 800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
    • NIST Security Content Automation Protocol (SCAP) Validated Products
    • Federal Risk and Authorization Management Program (FedRAMP)



    • At least 10 Years of experience and an Advanced degree in Computer Science, Information Systems, Engineering, Business or a scientific or technical discipline related to a specific field, as well as additional applicable certifications related to the position.



    • Certified Information Systems Security Professional (CISSP)
    • Certified Ethical Hacker (CEH)
    • Certified Authorization Professional (CAP)
    • Certified Network Defense Architect (CNDA)
    • Certified Information Systems Auditor (CISA)


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed