Support cybersecurity efforts across multiple projects within the VA Health portfolio, including ATO remediation, system scans, and artifact development.
Communicate and provide consultative support on system security certification & accreditation, coordinating with internal and external project stakeholders.
Identify and mitigate risks, support team of cyber professionals, and build artifacts in accordance with NIST and VA guidelines.
Lead and execute RMF compliance activities in accordance with DoD and NIST requirements, supporting system accreditation and ATO efforts.
Conduct STIG and SRG assessments across Windows, Linux, database, cloud, and application environments using tools such as SCC and STIG Viewer.
Analyze vulnerability scan results, develop and maintain POA&Ms, and track remediation activities to closure.
Peraton is a next-generation national security company that drives missions of consequence across land, sea, space, air, and cyberspace. As a leading mission capability integrator and enterprise IT provider, we deliver trusted solutions to protect our nation and allies, supporting essential government agencies and every branch of the U.S. armed forces.
Monitor security alerts, vulnerabilities, and incidents across enterprise systems and assist in incident response.
Maintain compliance with standards such as NIST CSF, ISO 27001, and SOC 2 through audits and policy development.
Conduct security risk assessments, evaluate controls, and track remediation plans.
Mission Critical Group is an end-to-end power solutions and services provider that accelerates time-to-power for mission critical environments. With over 1.5 million square feet of U.S. manufacturing capacity, they support data centers, healthcare, and industrial facilities.
Monitors, investigates, and responds to cybersecurity events and alerts across various security platforms.
Manages data loss prevention and insider risk alerts, collaborating with IT and business stakeholders.
Supports continuous improvement of detection capabilities through alert tuning and process optimization.
USAP is a company that safeguards organizational data and technology assets through cybersecurity operations. The size and culture are not specified, but the job emphasizes collaboration, continuous improvement, and a secure technology environment.
Collaborate with cross-functional teams to apply cybersecurity best practices across systems, applications, and cloud environments.
Lead portions of cybersecurity assessments across the technology stack, identifying vulnerabilities and recommending remediation strategies.
Assist in shaping cybersecurity risk management activities, helping prioritize and guide security initiatives to protect critical assets.
Rise8 builds custom, secure software for government organizations, measuring success by impact: lives saved, time returned, and missions advanced. Certified as a Great Place to Work® with 100% of employees saying they love working here, Rise8 offers a culture rooted in kindness, candor, and continuous learning.
Lead Risk Management Framework activities for a federal AI platform deployment in AWS GovCloud.
Own authorization artifacts and coordinate with ISSOs and Authorizing Officials for ATO.
Partner with platform engineers on cloud and container security, vulnerability management, and hardening.
LMI is a digital solutions provider dedicated to accelerating government impact with innovation and speed, bringing commercial-grade platforms and mission-ready AI to federal agencies. Headquartered in Tysons, Virginia, it serves the defense, space, healthcare, and energy sectors, with a culture more startup than traditional government contractor.
Maintain Risk Management Framework artifacts for DevSecOps pipeline inheritance of NIST SP 800-53 controls.
Complete and validate STIG/SRG checklists quarterly and provide monthly application STIG status reports.
Evaluate program risks, document mitigation strategies, and recommend courses of action to ensure continuous ATO compliance.
DecisionPoint is a company providing cloud services and DevSecOps solutions, supporting ARTRANS AWS environments. It is a regular full-time employer fostering a culture of security and compliance, with an active Secret clearance required for this role.
Manage full-lifecycle project delivery for Saviynt platform implementations using Agile, Waterfall, or hybrid methodologies.
Monitor risks related to federal regulations, ensuring adherence to NIST SP 800-53, FISMA, and FedRAMP standards.
Serve as the primary operational point of contact for federal C-suite executives and IAM Program Directors.
Saviynt is a leading identity platform providing cutting-edge solutions for identity and access governance to safeguard critical organizations. It is a high-growth, Platform as a Service company known for its welcoming and positive work environment.
Perform detailed architecture and technical design reviews on the full stack for vendor solutions.
Conduct architecture reviews of Cloud Service Providers authorization packages to validate secure design and compliance.
Lead and conduct architecture interviews with CSPs to ensure critical control areas are designed to meet program requirements.
Valiant Solutions is a security-focused IT solutions provider with public clients nationwide. Named one of the fastest growing privately held companies by Inc. 5000, Washington Technology’s Fast 50, and Washington Business Journal’s Best Places to Work in the D.C. area, the company prides itself on providing employees with great benefits and career development opportunities.
Support analysis and evaluation of VA health informatics program operations and workflows.
Develop and maintain action trackers, status reports, and meeting materials.
Coordinate with stakeholders to capture decisions, risks, and follow-up actions.
Aptive partners with federal agencies to improve performance and streamline operations. Founded in 2012, the company has over 300 employees nationwide and focuses on applying technology and human-centered services to optimize mission delivery.
Design and implement enterprise security controls aligned with NIST SP 800-53 and Zero Trust Architecture principles.
Conduct continuous security monitoring, incident response, and vulnerability management across cloud, network, and endpoint environments.
Develop and maintain cybersecurity SOPs, security baselines, and asset inventories to support audit readiness.
DMI is a leading provider of digital services and technology solutions, headquartered in Tysons Corner, VA, supporting public sector agencies and commercial enterprises globally. Recognized as a Top Workplace, the company delivers secure, efficient, and cost-effective solutions through a culture guided by five core values.
Oversee implementation of technologies to protect systems and data from cyber threats.
Synthesize data into actionable intelligence for incident response and situational awareness.
Provide expert insight and strategic recommendations for cybersecurity program direction.
LMI is a new breed of digital solutions provider dedicated to accelerating government impact with innovation and speed. Headquartered in Tysons, Virginia, LMI serves the defense, space, healthcare, and energy sectors with a focus on agility and collaboration.
Focus on developing and delivering compliance solutions and strategies for Commercial, Defense Industrial Base, and State/Local customers.
Conduct compliance audits, assessments, and gap analyses to identify areas for improvement.
Author policies, plans, and procedures in CJIS and FedRAMP environments while serving as a trusted advisor to customers.
Planet Technologies is the leading provider of Microsoft consulting services to public sector and commercial organizations, specializing in building custom solutions that transform business operations. They are a growing team with collaborative peers and caring leaders, focused on high-profile client projects.
Lead infrastructure architecture and modernization efforts supporting large-scale VA enterprise health systems.
Design and implement secure, scalable hybrid cloud and on-premise infrastructure solutions.
Review and validate AI-generated outputs related to infrastructure components for compliance with federal standards.
LTS is a company that supports federal IT modernization programs, focusing on healthcare systems for veterans. It has a collaborative environment that values innovation, integrity, and professional growth while empowering employees to make a lasting impact.
Provide quality customer service and monitor compliance mailbox for client requests.
Prepare written responses to security inquiries and handle due diligence questionnaires.
Support audit activities and coordinate with departments on policy development and remediation.
TierPoint provides information security and compliance solutions. The company fosters a collaborative, team-oriented culture with a focus on confidentiality and accuracy.
Write and maintain security compliance documentation including agency policies and technical baselines.
Translate federal regulations like NIST and FISMA into clear, actionable policies for technical and non-technical audiences.
Collaborate with system owners and stakeholders to ensure documentation aligns with IT standards and organizational needs.
Valiant Solutions is a security-focused IT solutions provider serving public clients nationwide. Named one of the fastest growing privately held companies and a Best Place to Work, we pride ourselves on an employee-centric culture and work-life balance.
Provide systems engineering support for analysis of system under test (SUT) integration of COTS/GOTS products.
Perform performance analysis on business logic, data storage, processing, and transfer; evaluate test data needs.
Evaluate risk and impact for business operations based on requirements, criticality, configuration, and data management.
PSI is a government contractor providing Independent Verification and Validation (IV&V) services to support software delivery and modernization for Veterans Affairs. It offers a competitive total compensation package including paid leave, group medical, dental, vision, 401(k) with employer match, and invests in professional growth through certifications and tuition reimbursement.
Serve as a trusted advisor to clients, defining and advancing cybersecurity strategy over multi-year engagements.
Develop prioritized security roadmaps and advise on governance, risk, and compliance frameworks.
Translate technical risk into business language for executives and boards, owning the advisory relationship.
Apollo Information Systems is a cybersecurity services company delivering comprehensive security and compliance programs, pioneering a cybersecurity-as-a-service model. Backed by Series A funding, we foster a collaborative, mission-driven culture with deep expertise, and primarily work remotely with a hub in Denver.
Identifying and coordinating portfolio/product requirements, epics, user stories, and acceptance criteria with product owners and scrum masters.
Evaluating business risk and criticality through system of records and workbooks, and recommending risk mitigation strategies.
Facilitating pre-testing intake assessments and collaborating with stakeholders to support software and hardware application goals.
Planned Systems International (PSI) is a Government Contractor providing IT solutions and independent verification and validation services to federal clients. The company focuses on supporting Veterans Affairs initiatives and offers a competitive compensation package with benefits including paid leave, insurance, and a 401(k) retirement plan.
Own and manage POA&M lifecycle activities, including tracking findings, coordinating remediation, and maintaining audit-ready documentation.
Support FISMA compliance programs with evidence collection, continuous monitoring, and coordination with system owners and ISSOs/ISSMs.
Develop operational reporting for leadership and government stakeholders, translating compliance and operational data into actionable insights.
Aquia is a Veteran-founded digital services firm that helps the government modernize and secure its systems and processes. Named the “#1 Best Remote Startup to Work For in 2025” by Built In and a certified “Great Place to Work” for five years in a row, we prioritize outcomes over outputs.