Senior Security Analyst

LeoRose is seeking a Senior Security Analyst (US based remote) to join our team dedicated to supporting the Department of Veterans Affairs (VA) Information Technology (IT) Operations and Network Engineering challenges. With COVID-19, the ChooseVA reorganization effort, and the ever-present challenges associated with serving those who have served – now is a great time to be at the VA.

Position Description

The Security Analyst SR will work with system owners to create their Authority to Operate (ATO) packages, review and create artifacts that comply with VA’s authorization requirements, compliance and map those artifacts to the appropriate NIST 800-53 controls (specifically, Control Correlation Identifiers (CCIs)).  They will review and help to write control implementation statements, work with system teams to review/update/create their Plan of Action and Milestones (POAMs) and help system teams to navigate the Enterprise Mission Assurance Support Service (eMASS) Governance, Risk Management and Compliance (GRC) tool.  Provide guidance and support to system teams throughout every step of the Risk Management Framework (RMF) process and eMASS workflow.

Candidate has experience in managing teams of security analysts and is able to effectively leverage vast detailed knowledge and familiarity with security discipline. Has thorough knowledge of security principles, concepts, policy and regulations and is able to identify risks in security systems and work with technical experts to resolve security issues. Possess ability to identify key concepts, factors and risks based on conversations and document these in clear and concise narrative or graphic reports.

Mandatory Required Experience – Candidate MUST have:

  • Thorough comprehension of the Risk Management Framework (RMF)
  • Prior experience supporting system Authority to Operate (ATO) processes, and creating artifacts, control implementation details, and POAMs
  • Thorough understanding of NIST 800-53 Rev. 4
  • Excellent written and verbal communication skills
  • Ability to facilitate meetings, analyze authorization documents and associated artifacts against authorization requirements to identify gaps, establish a schedule to address outstanding authorization requirements, coordinate directly with system team stakeholders, and implement work activities in accordance with established standard operating procedures (SOPs)
  • Able to work independently and in teams
  • Able to work core business hours of 8AM to 5PM (EST), Monday through Friday
  • Self-Starter; able to work in remote capacity

Additional Preferred Experience – Would Be NICE if Candidate has:

  • Artifact generation and review experience
  • Ability to articulate authorization requirements to varying degrees of staff/leadership
  • POAM Lifecycle management
  • eMASS experience
  • Understanding of information technology concepts, cloud computing methodologies (PAAS, SAAS, IAAS), Fedramp/AWS GovCloud, network/server topologies and configurations
  • Certifications: CISSP, CISA, CAP, CISM, CRISC

This is a full-time, W2 role, with full benefits. Benefits include 14 days of PTO, 10 federal holidays, medical, dental, vision, parental leave, and 401k. with matching. We offer a competitive salary and benefits package. Salary is commensurate with experience.

Additional Requirements

This is a remote role. For consideration, candidates must be based in the United States and have a quiet workspace with internet connection. Must be eligible to work in the United States. Must be able to obtain a Public Trust Clearance.


For consideration, please submit a resume tailored to this job description and the required skills and experience outlined to (subject line: Senior Security Analyst). All resumes should include start and end dates (month and year) for all work experience and education listed.