​This is a Senior-level, Remote role (previously active as of Dec 15, 2025) requiring 10 years of experience. The position is heavily focused on the Risk Management Framework (RMF) and the Authorization to Operate (ATO) process. While no initial clearance is required, you must be a U.S. citizen capable of obtaining a Public Trust clearance, specifically aligned with Department of Veterans Affairs (VA) guidelines.

• ​Requisition ID: 2511716
• ​Location: Remote (Texas, US)
• ​Salary Range: $40,001 – $80,000 (Note: This is an unusually low estimate for a 10-year senior role; the “target” may be subject to adjustment based on experience).
• ​Core Tech/Frameworks: NIST RMF, NIST SP 800-53 Rev 4, eMASS, VA 6500.

​Key Responsibilities: Governance and Risk Management

​This role is less about “hacking” and more about the “Assurance” side of security—ensuring that systems are legally and technically authorized to handle government data.

​The RMF and ATO Process

​Your primary duty is navigating systems through the NIST Risk Management Framework (RMF) to achieve an Authorization to Operate (ATO). This is a rigorous 7-step process where you categorize the system, select and implement security controls, and then have those controls assessed by a third party. You will likely use eMASS (Enterprise Mission Assurance Support Service), the standard automated tool used by the DoD and VA to track these requirements.

​Control Assessment and Compliance

​You will be responsible for NIST SP 800-53 Rev 4 compliance. This involves performing self-assessments of security controls to identify gaps. You will work on SCA (Security Control Assessments) and support third-party audits. A critical part of this is documenting everything—creating and maintaining the System Security Plan (SSP), policies, procedures, and POA&Ms (Plan of Action and Milestones) to track vulnerability remediation.

​VA-Specific Standards (VA 6500)

​Because this role supports the Department of Veterans Affairs, you must be familiar with VA 6500, which is the VA’s specific Information Security Program. This handbook adapts NIST standards to the unique needs of veteran data and healthcare privacy, adding another layer of regulatory requirements to your assessments.

​Required Qualifications and Skills

​This position requires a “Subject Matter Expert” level of knowledge in federal cybersecurity regulations.

• ​Experience: 10 years of relevant experience (8 years can be substituted for a degree).
• ​Technical Knowledge: Deep understanding of NIST 800-53 controls and vulnerability management.
• ​Tooling: Hands-on experience with GRC (Governance, Risk, and Compliance) tools like eMASS.
• ​Clearance: Must be a U.S. Citizen with the ability to pass a Public Trust background check.
• ​Soft Skills: Ability to foster an inclusive team environment and handle high-pressure tasks simultaneously.

​Preferred Experience

• ​Certifications: CISSP (highly desired for IA roles) or OSCP (for those leaning toward the assessment/technical side).
• ​Agency Experience: Prior experience with the VA or DoD is a significant advantage.
• ​Engineering Breadth: Familiarity with network topologies, PKI (Public Key Infrastructure), and intrusion detection systems.

​Summary of Role Impact

​Information Assurance Analysts are the “gatekeepers” of federal systems. Without your work on the RMF and ATO process, mission-critical applications—including those used to provide healthcare to veterans—cannot legally go live. Your expertise ensures that malicious actors cannot exploit gaps in system documentation or configuration, keeping the Department of Veterans Affairs resilient against evolving cyber threats.