[Remote] ATO Security Analyst

Note: The job is a remote job and is open to candidates in USA. IronArch Technology is an award-winning Service-Disabled Veteran-Owned Small Business specializing in providing innovative solutions and world-class services to Federal Government clients. They are seeking an ATO Security Analyst to support the Department of Veterans Affairs in maintaining cybersecurity compliance across VA research environments, focusing on documentation and the RMF process.

Responsibilities

• Develop, review, and maintain ATO and ATC packages including system security plans (SSPs), control implementation statements, FISMA documents, and POA&Ms across a portfolio of VA research systems
• Own the tracking and resolution of open POA&M items, keep authorization schedules current, and make sure nothing falls through the cracks
• Support all RMF steps from security categorization through authorization, coordinating directly with VA ISOs, ISSOs, site managers, and system owners to close gaps and hit deadlines
• Answer cybersecurity compliance questions using current VA Handbooks, Directives, and NIST guidance
• Conduct security assessment reviews for VA research submissions, work within the VA's Continuous Authorization and Monitoring (CAM) framework, and support product installation planning for major system changes
• Lead client-facing meetings on ATO topics regularly

Skills

• Bachelor's degree in computer science, electronics engineering, or another engineering or technical discipline, plus 5 years of relevant experience
• 13 years of relevant experience may substitute in lieu of a degree (8 additional years may substitute for education per contract requirements)
• Hands-on experience with the full RMF lifecycle, categorization through authorization
• Comfortable creating and maintaining SSPs, control implementation statements, POA&Ms, and FISMA security documentation without a lot of handholding
• Working knowledge of NIST SP 800-53
• Ability to read authorization documentation, find the gaps, build a plan to address them, and communicate it clearly to people who may not have a security background
• Ability to manage a lot of open items simultaneously including multiple systems, multiple deadlines, and different expiration windows while keeping everything current and accurate
• Ability to obtain and maintain a VA Public Trust or Suitability/Fitness determination
• U.S. citizenship required
• Comfortable using AI tools to assist with documentation drafting, artifact review, and compliance gap analysis
• Understands that AI accelerates RMF documentation work, but that accuracy and human review are non-negotiable in an authorization context
• Experience with ServiceNow's Continuous Authorization and Monitoring (CAM) application
• Familiarity with VHA Research and Development Policies, VA Handbook 1200, and VA 6500 Handbooks and Directives
• Experience supporting ATOs for specialized or connected devices
• An active Public Trust clearance

Benefits

• Competitive compensation and market-leading bonus opportunities
• Medical, dental and vision benefits where a significant portion of the premium is subsidized by IronArch.
• For qualifying high deductible health plans, IronArch also contributes towards a Health Reimbursement Account to cover eligible medical expenses
• Company-provided healthcare concierge assistance to help explain your coverage in plain language; help you find, choose, and schedule quality care; and address billing, benefit, or claims concerns, potentially saving hours of your time
• 401(k) retirement plan where the company contributes dollar for dollar up to 3 percent, and 50 cents on the dollar for the 4th and 5th percent with immediate entry and immediate vesting
• 20 days of PTO accumulated per calendar year
• 11paid holidays
• Bereavement, jury duty, parental (maternity/paternity/adoption), and military leaves
• Sabbatical programs
• Company-paid short- and long-term disability
• Company-paid life insurance
• Voluntary life, accidental and indemnity income replacement benefits
• Professional development reimbursement
• Health club reimbursement
• Matching donation program and annual philanthropic activities
• Pet insurance

Company Overview