​This is a full-time, 100% remote contract role supporting a large federal government agency (specifically indicated as the Department of Veterans Affairs / VA). The role focuses on the Assessment and Authorization (A&A) process to ensure systems obtain and maintain their Authorization to Operate (ATO).

• ​Location: Fully Remote.
• ​Pay Range: $38–$42 per hour.
• ​Start Date: 1/20/2026.
• ​Clearance: Requires passing a Public Trust Clearance and fingerprinting process.
• ​Experience Required: 1+ years in Information Assurance (IA) controls analysis and risk assessments.
• ​Core Frameworks: NIST SP 800-53, 800-37 (RMF), and CNSSI 1254.

​The Challenge: ATO Lifecycle and Compliance

​The primary responsibility is ensuring that government information systems, devices, and networks remain compliant with federal security standards through rigorous testing and documentation.

• ​A&A Leadership: Plan and coordinate teams to conduct assessments of systems and networks to identify vulnerabilities and risks.
• ​eMASS Management: Perform extensive work within eMASS (Enterprise Mission Assurance Support Service) packages to track compliance.
• ​Technical Testing: Test CCIs (Control Correlation Identifiers) and validate Security Plans.
• ​Vulnerability Analysis: Support VASCARs and the Security Control Assessor (SCA) in enforcing the Risk Management Framework (RMF).
• ​Boundary Evaluation: Identify and evaluate major applications and infrastructure based on specific accreditation boundaries.

​Required Technical Skills and Experience

​The agency is looking for an analyst with a foundational background in IA tools and a strong grasp of the NIST-based Risk Management Framework.

• ​Tool Proficiency: 1+ years of experience with Nessus, Nmap, Burp Suite, and vulnerability scanning tools.
• ​Environment Knowledge: Familiarity with Linux security (RHEL7) and AWS cloud security.
• ​Platform Experience: Working knowledge of eMASS.
• ​Regulatory Knowledge: Deep understanding of NIST SP 800-53 and 800-37 and associated VA cybersecurity policies.
• ​Defense-in-Depth: Knowledge of information security and assurance principles and their supporting technologies.
• ​Advisory Skills: Capable of providing feedback to the ISO and ISSO regarding risks and recommended courses of action.

​Nice to Have

• ​VA Specifics: Prior experience with VA Cyber Security processes.
• ​Modern Infrastructure: Experience with Prisma Cloud/Twistlock and containerization.
• ​Documentation: Ability to write technical documents that are easily understood by non-technical stakeholders.