Cyber Security Analyst

Job Summary

Aptive Resources is seeking an Expert Cyber Security Analyst, to be part of a team, to support the Department of Veterans Affairs (VA) Office of Inspector General (OIG). OIG is an independent office within VA. Its mission is to serve Veterans and the public by conducting meaningful independent oversight of the VA's programs and services. The OIG performs audits, reviews and investigations that improve the efficiency, effectiveness, and integrity of the VA's' programs and services.

The Expert Cyber Security Analyst will work in close collaboration with technology leads and developers across various teams to assess current state and oversight to implement process improvements. In this role you will support the OIG Vulnerability Management (VM) Program which includes conducting vulnerability/compliance scanning, reporting and remediation tracking and providing corresponding VM Documentation.

This role requires experience in developing and documenting existing and new Standard Operating Procedures, Processes and/or Assessments related to Federal Information Security Management Act (FISMA) and other applicable cybersecurity rules, regulations, and policies. Through a thorough review of policies regarding FISMA and other applicable cybersecurity rules and regulations, this role will perform analysis to determine any gaps or updates required and submit recommendations to OIG for policy updates.

This position is 100% onsite in Washington, D.C. during the normal operating hours of 0800 - 1700 EST Monday to Friday, excluding Federal holidays.

Primary Responsibilities

• Support OIG to comply with the Federal Information Technology Acquisition Reform Act (FITARA) and the Federal Information Security Management Act (FISMA).
• Manage governance, risk, and compliance (GRC) tools and processes.
• Deploy and manage the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) aligned with the NIST Cybersecurity Framework (CSF) Functions.
• Leverage existing and new tools to mature the continuous monitoring program by transitioning from a reactive to proactive risk management framework.
• Create a Cybersecurity Program Strategic Plan.
• Work with all relevant stakeholders in gathering inputs to develop the Cybersecurity Program Strategic plan.
• Develop a roadmap for maturing the progress between FISMA levels, compliance reporting metrics, measuring and evaluation to identify actions to be taken to achieve desired results.
• Develop and deliver a monthly progress report including information that evaluates, measures, and reports.
• Develop a Cybersecurity Communication Plan that catalogs cybersecurity stakeholders and outlines effective communication mechanisms and channels for communication.

• Support the implementation of biweekly and monthly Cybersecurity Communication Reports to leadership using existing and updated status reporting mechanisms.
• Provide relevant information reflective of all cybersecurity projects and programs, as appropriate, and work with government stakeholders to make any updates or create new templates to ensure appropriate inclusion of cybersecurity information.
• Develop and implement monthly Cybersecurity Communication Materials to execute the Cybersecurity Communications Plan to include emails, fact sheets, surveys, and virtual meetings.
• Provide stakeholders with training, as required, for new processes, procedures, policies, and tools as it relates to cybersecurity and provide the necessary materials for this training.
• Lead Vulnerability Management (VM) Documentation (e.g., security configuration, scans, reports, and mitigation tracking), Control Assessment Documentation, Emerging Technology Security Compliance Report and Incident Response Documentation.

• Oversee all components of basic, stand-alone and day-to-day activities to ensure performance in accordance with contract requirements.
• Create meaningful relationships with clients.
• Oversee and ensure the quality of project activities and work product and approve and submit all client deliverables.
• Produce cybersecurity documentation, reporting, briefs, meeting materials, analysis, graphics, best practice presentations, benchmark info, interim and final deliverables.
• Support risk analysis for key decisions and provide input and analysis of policies and procedures.
• Meet with stakeholders to make communication easy and transparent regarding project issues and decisions on services.
• Cultivate positive, trusting, and cooperative working relationships with all persons supporting the work, including government employees and other vendors.

Minimum Qualifications

• Bachelor's Degree in Computer Science, Computer Engineering, Cyber Security, Information Systems, Engineering or related degree.
• 5+ years of experience working in cybersecurity (within the federal government, a plus)
• Experience in analysis, review and documentation of S ecurity and Risk Management.
• Expertise in Vulnerability Management.
• Strong communication skills with the ability to translate technical security requirements and risks to a diverse audience.
• Ability to work independently and unblock yourself.
• Strong organizational and prioritization skills.
• Excellent written, verbal and presentation skills.
• Capable self-starter with a drive to get all types of work done and high attention to detail.
• Experience editing and reviewing security and policy documentation.
• Experience in communicating detailed and technical concepts to a diverse audience.
• Ability to communicate effectively, both verbally and in writing, to interact effectively with IT management, software development and test teams, and infrastructure teams, help desk support teams and with business partners.
• Excellent communication and interpersonal skills, with the ability to effectively collaborate with diverse stakeholders and facilitate productive discussions.
• Experience preparing, editing and reviewing project documentation, reports, briefs, meeting materials, analysis, graphics, best practice presentations, benchmark info, interim and final deliverables.
• Ability to obtain and maintain a public trust clearance.
• Legal authorization to work in the U.S.

Desired Qualifications

• Cyber Security Certification (CISSP, CISA, CISM, SSCP, etc.).
• Experience within the federal government within cybersecurity teams.
• Broad experience in documentation, gap analysis, and reporting to Cabinet-level federal agencies, ideally the Department of Veterans Affairs.
• Strong critical thinking and analytical skills.
• Proven ability to organize, prioritize, and work well with others.
• Ability to communicate thoughts, ideas, and solutions logically, written, graphically and orally.
• Ability to get up to speed quickly on complex issues; desire to work in a fast-paced, rapidly evolving environment.
• Presentation experience on cybersecurity, risks, policy, guidance and standards efforts.
• Strong customer interaction skills and a demonstrated ability to work with various stakeholders-including government Senior Executives-across multiple tasks.
• Capable self-starter with a drive to get all types of work done and high attention to detail.
• Management of diverse teams and experienced consultants across various roles and responsibilities.

About Aptive

Aptive is a modern federal consulting firm focused on human experience, digital services, and business transformation. We harness creativity, technology, and culture to connect people and systems to impact the world. We're advisors, strategists, and engineers focused on people, above all else.

We believe in generating success collaboratively, leaving client organizations stronger after every engagement and building trust for the next big challenge. Our work inspires people, fuels change and makes an impact. Join our team to be part of positive change in your community and our nation.

EEO Statement

Aptive is an equal opportunity employer. We consider all qualified applicants for employment without regard to race, color, national origin, religion, creed, sex, sexual orientation, gender identity, marital status, parental status, veteran status, age, disability, or any other protected class.

Veterans, members of the Reserve and National Guard, and transitioning active-duty service members are highly encouraged to apply.