​This is a Senior-level, 100% Remote position supporting the Department of Veterans Affairs (VA) Health Portfolio. LTS is looking for a practitioner who specializes in federal compliance and “Security-as-a-Service” within a PMO (Program Management Office) structure. Your primary objective is ensuring that VA health IT projects—which manage sensitive Veteran health data—achieve and maintain their Authority to Operate (ATO) while following the VA’s unique Veteran-Focused Integration Process (VIP).

• ​Job Code: 2943
• ​Location: Remote
• ​Clearance/Trust: Requires ability to work within VA Health Portfolio guidelines (typically Public Trust or Secret).
• ​Core Frameworks: NIST SP 800-53 Rev 4, VA Handbook 6500, HIPAA, and HITECH.
• ​Key Methodology: VA VIP (Agile-based) and NIST RMF.

​Key Responsibilities: ATO Success & Portfolio Governance

​This role acts as a bridge between high-level policy and technical implementation across multiple health-related IT projects.

​1. Security Certification & ATO Remediation

​You will lead the efforts to secure Authority to Operate (ATO) and Authority to Connect (ATC) for various applications. This is not just documentation; it involves active remediation. You will identify security gaps through system scans and audits, then work with development teams to fix them. You’ll be a power user of the ServiceNow (SNOW) CAM and GRC tools to track these vulnerabilities.

​2. Artifact Development & Privacy

​A significant portion of the role involves building the “Body of Evidence” for security. This includes creating System Security Plans (SSP), Privacy Impact Analyses (PIA), and Privacy Threshold Analyses (PTA). Given the “Health” focus of the portfolio, you must ensure all artifacts comply with HIPAA and the HITECH Act regarding the protection of Electronic Health Records (EHR).

​3. Integration with Agile & VIP

​The VA uses the Veteran-Focused Integration Process (VIP), an Agile-based framework. You will participate in Scrum ceremonies and integrate security architecture and engineering efforts directly into the Software Development Life Cycle (SDLC). This ensures security is “baked in” rather than “bolted on” at the end of a project.

​Required Qualifications and Skills

​LTS is looking for a “hands-on” analyst who has navigated the specific complexities of the VA security environment before.

• ​Experience: 5 years of experience with a relevant Bachelor’s degree (or 10 years without).
• ​Federal Mastery: Deep understanding of FISMA, NIST 800-53, and the Information Assurance Certification and Accreditation (C&A) process.
• ​VA Specifics: Proven experience achieving an ATO within the VA and familiarity with the VA VIP methodology.
• ​Technical Tools: Proficiency in ServiceNow and GRC tracking systems.
• ​Certifications: Security+ is required; CISSP or CISM is highly preferred.

​Preferred “Deep-Dive” Skills

• ​Cloud & SaaS: Experience with FedRAMP and achieving ATOs for Cloud/SaaS applications.
• ​Scanning & Analysis: Hands-on time with ACAS, Nessus, and HBSS.
• ​Healthcare Tech: Knowledge of HL7 (Health Level Seven) protocols or experience with VistA (the VA’s legacy EHR system).

​Summary of Role Impact

​Within the VA Health Portfolio, the stakes are literal lives. If a security vulnerability delays an ATO, Veterans may lose access to critical digital health services. In this role, your expertise in the VA Risk and Governance Tool and your ability to coordinate across stakeholders ensures that innovation in Veteran healthcare doesn’t come at the cost of data privacy. You are the guardian of the “mission-critical” systems that keep the VA Health mission moving.