Cyber Security Analyst
Position Description
The Cyber Security Analyst is responsible for supporting the security posture of VA information systems and environments. This role ensures compliance with Federal, VA, and industry information security policies and standards, conducts continuous vulnerability identification and remediation, and participates in both internal and external security assessments. The position requires routine engagement with technical and program stakeholders to maintain and improve security controls and documentation, elevate incident response, and support the ongoing Authorization to Operate (ATO) for supported systems and applications. The Analyst operates within an agile, DevSecOps-focused environment, requiring proactive risk identification and collaboration with cross-functional teams to ensure the security and integrity of VA’s technical ecosystem.
Trilogy Federal is seeking a Cyber Security Analyst to support the T4NG Consolidated Corporate Support Services (CCSS) program for the Department of Veterans Affairs (VA). This position is responsible for implementing and maintaining the security posture of VA enterprise systems and data, ensuring robust compliance with federal and VA security requirements, and supporting the ongoing authorization and risk management of critical VA platforms as part of a multi-disciplinary, agile technology team.Position Description
The Cyber Security Analyst is responsible for supporting the security posture of VA information systems and environments. This role ensures compliance with Federal, VA, and industry information security policies and standards, conducts continuous vulnerability identification and remediation, and participates in both internal and external security assessments. The position requires routine engagement with technical and program stakeholders to maintain and improve security controls and documentation, elevate incident response, and support the ongoing Authorization to Operate (ATO) for supported systems and applications. The Analyst operates within an agile, DevSecOps-focused environment, requiring proactive risk identification and collaboration with cross-functional teams to ensure the security and integrity of VA’s technical ecosystem.
Trilogy Federal is seeking a Cyber Security Analyst to support the T4NG Consolidated Corporate Support Services (CCSS) program for the Department of Veterans Affairs (VA). This position is responsible for implementing and maintaining the security posture of VA enterprise systems and data, ensuring robust compliance with federal and VA security requirements, and supporting the ongoing authorization and risk management of critical VA platforms as part of a multi-disciplinary, agile technology team. Position Description: The Cyber Security Analyst is responsible for supporting the security posture of VA information systems and environments. This role ensures compliance with Federal, VA, and industry information security policies and standards, conducts continuous vulnerability identification and remediation, and participates in both internal and external security assessments. The position requires routine engagement with technical and program stakeholders to maintain and improve security controls and documentation, elevate incident response, and support the ongoing Authorization to Operate (ATO) for supported systems and applications. The Analyst operates within an agile, DevSecOps-focused environment, requiring proactive risk identification and collaboration with cross-functional teams to ensure the security and integrity of VA’s technical ecosystem. This range is not a guarantee of compensation or salary, as Trilogy Federal conducts an individual equity review for every candidate based on experience, location, education, industry experience, and comparisons to internal pay bands. In addition to salary, Trilogy offers robust benefits including medical/dental/vision insurance coverage, 401(k) match, paid holidays, paid time off, tuition reimbursement, and a very supportive work/life balance. Primary Responsibilities:Develop, document, review, and maintain Assessment & Authorization (A&A) artifacts, including security plans, risk assessments, and Plan of Action and Milestones (POA&M), supporting ATO submissions and renewals.
Respond to, analyze, and report on security events and incidents, including notification to stakeholders within strict timeframes. Remediate security vulnerabilities within specified periods according to severity.
Ensure compliance with Federal, VA, FISMA, NIST, HIPAA, Privacy Act, and organizational security and privacy directives.
Complete mandatory and additional annual privacy and security training as required.
Coordinate with VA technical staff, ISSOs, and integration teams to ensure proper migration, deployment, and operational support for new or updated systems.
Provide support for the implementation of security controls on operating systems, application code, network infrastructure, and endpoints. Participate in audits and assessments, and provide evidence of compliance as requested.
Monitor, track, and report on key security KPIs including vulnerability remediation timeframes, incident resolution metrics, and system security posture.
Proactively apply OS and application patches; validate and report the effect of third-party patches.
Develop and maintain robust operational and incident response documentation, participate in after-action reviews, and contribute to lessons learned for continuous process improvement
-
Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related discipline; equivalent practical experience may be considered.
-
Minimum of 10 years of progressive experience in cyber security operations, risk assessment, vulnerability management, or information security compliance.
-
Demonstrated knowledge of and experience with relevant federal cybersecurity standards.
-
Experience conducting and reporting on vulnerability assessments, penetration testing, and security control testing.
-
Familiarity with security tools including but not limited to Static Application Security Testing (SAST) tools (e.g., Micro Focus Fortify), penetration testing suites, SIEM/monitoring platforms.
-
Experience supporting ATO and A&A processes, and maintaining compliance documentation in regulated environments.
-
Understanding of DevSecOps practices and principles; collaborative experience with development, operations, and compliance teams.
-
Ability to manage multiple applications.
-
Ability to obtain a Public Trust Clearance.
-
Familiarity with VA’s Governance, Risk and Compliance (GRC) tools and associated security workflows.
-
Experience with security assurance for cloud platforms, including compliance with FedRAMP standards (AWS, Azure, etc.).
-
Demonstrated expertise with application security, code quality assurance in large-scale and agile environments, and continuous delivery pipelines.
-
Advanced knowledge of security and monitoring tools such as Jenkins, GitHub, SonarQube, AppDynamics, as well as experience with security architecture and incident response frameworks.