Position Description:
The Cyber Security Analyst is responsible for supporting the security posture of VA information systems and environments. This role ensures compliance with Federal, VA, and industry information security policies and standards, conducts continuous vulnerability identification and remediation, and participates in both internal and external security assessments. The position requires routine engagement with technical and program stakeholders to maintain and improve security controls and documentation, elevate incident response, and support the ongoing Authorization to Operate (ATO) for supported systems and applications. The Analyst operates within an agile, DevSecOps-focused environment, requiring proactive risk identification and collaboration with cross-functional teams to ensure the security and integrity of VA’s technical ecosystem.
Develop, document, review, and maintain Assessment & Authorization (A&A) artifacts, including security plans, risk assessments, and Plan of Action and Milestones (POA&M), supporting ATO submissions and renewals.
Respond to, analyze, and report on security events and incidents, including notification to stakeholders within strict timeframes. Remediate security vulnerabilities within specified periods according to severity.
Ensure compliance with Federal, VA, FISMA, NIST, HIPAA, Privacy Act, and organizational security and privacy directives.
Complete mandatory and additional annual privacy and security training as required.
Coordinate with VA technical staff, ISSOs, and integration teams to ensure proper migration, deployment, and operational support for new or updated systems.
Provide support for the implementation of security controls on operating systems, application code, network infrastructure, and endpoints. Participate in audits and assessments, and provide evidence of compliance as requested.
Monitor, track, and report on key security KPIs including vulnerability remediation timeframes, incident resolution metrics, and system security posture.
Proactively apply OS and application patches; validate and report the effect of third-party patches.
Develop and maintain robust operational and incident response documentation, participate in after-action reviews, and contribute to lessons learned for continuous process improvement
-
Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related discipline; equivalent practical experience may be considered.
-
Minimum of 10 years of progressive experience in cyber security operations, risk assessment, vulnerability management, or information security compliance.
-
Demonstrated knowledge of and experience with relevant federal cybersecurity standards.
-
Experience conducting and reporting on vulnerability assessments, penetration testing, and security control testing.
-
Familiarity with security tools including but not limited to Static Application Security Testing (SAST) tools (e.g., Micro Focus Fortify), penetration testing suites, SIEM/monitoring platforms.
-
Experience supporting ATO and A&A processes, and maintaining compliance documentation in regulated environments.
-
Understanding of DevSecOps practices and principles; collaborative experience with development, operations, and compliance teams.
-
Ability to manage multiple applications.
-
Ability to obtain a Public Trust Clearance.
-
Familiarity with VA’s Governance, Risk and Compliance (GRC) tools and associated security workflows.
-
Experience with security assurance for cloud platforms, including compliance with FedRAMP standards (AWS, Azure, etc.).
-
Demonstrated expertise with application security, code quality assurance in large-scale and agile environments, and continuous delivery pipelines.
-
Advanced knowledge of security and monitoring tools such as Jenkins, GitHub, SonarQube, AppDynamics, as well as experience with security architecture and incident response frameworks.
Trilogy’s story began in 2009 when our founders decided to combine the best practices and lessons learned from working across both large and small organizations to launch a new company focused on delivering client-centric, high-quality solutions. Together, these leaders saw an opportunity to create a different type of company with the goal of supporting our Federal clients, with special emphasis on helping our nation’s Veterans. Influenced by two shared work experiences at other organizations, our company’s founders were determined to make the third chapter in their careers the very best it could be. They named this chapter Trilogy. Trilogy was founded with core value system that balances service delivery excellence with a people-centric culture. Building on our foundation of implementing, operating, and modernizing Financial Management systems, Trilogy has evolved to provide our clients and partners with a wide range of professional services via a collaborative, client-first approach to solving their most challenging problems. This approach, combined with our commitment to the rapid implementation of pragmatic solutions, has earned Trilogy an unparalleled reputation for delivering transformative results.
Key team members
Kim Nazi, Ph.D
Andre Adams
Eric McNutt, PMP, CGFM
Torsten Timm, CGFM, PMP, CMC, CSSBB
Jobr aggregates jobs directly from company career portals — no middlemen. Our team applies on your behalf with AI-tailored resumes, reviewed by a human before submission.