- Career Center Home
- Search Jobs
- Cybersecurity Analyst (Remote)
Description
The following states/districts are excluded from this job ad: AK, CA, CO, CT, DC, HI, LA, MA, MN, MO, NE, NV, NH, NJ, NM, NY, ND, OR, PR, RI, VT, WA, WY
Future Need - Actively Interviewing
Location: Remote in any United States jurisdiction not excluded from this job advertisement.
Protect the compliance posture of a mission-critical Department of Veterans Affairs (VA) cloud platform. As a Cybersecurity Analyst, you will manage Plan of Action and Milestones (POA&Ms), Technical Reference Model (TRM) submissions, and security documentation across hundreds of applications in a multi-tenant Amazon Web Services (AWS) GovCloud environment.
Position Description: The Cybersecurity Analyst manages POA&M tracking, TRM submissions, Business Partner Extranet (BPE) connection management, and supports security documentation for the platform.
Tasks/activities include, but are not limited to:
- Creates and maintains POA&M within ServiceNow (SNOW) Continuous Authorization Monitoring (CAM) ensuring proper alignment to relevant NIST security control families and CCI
- Drafts and maintains POA&M verbiage aligning with findings and clearly depicting mitigation strategy and timeline as required by the portfolio Information System Owner
- Ensures POA&Ms are closed out once overcome by events (OBE), mitigated, or no longer relevant to the system to which they are assigned
- Drafts justification verbiage and attends TRM approval board meetings for software and application usage requests; submits requests for TRM entry removal as usage becomes unneeded
- Submits and maintains BPE connection requests including information gathering and staffing all required BPE admin team meetings
- Catalogs and maintains a complete list of all BPE connections used within the platform and manages removal of connections no longer needed
- Maintains and updates security documentation including SIA, ISVMP, PIA, PTA, and Configuration Management Plan artifacts for hosted applications
- Reports issues and approaching TRM authorization ends with potential to affect managed applications to the appropriate portfolio Information System Owner
- Contributes POA&M status, TRM activity, and BPE connection updates to the monthly RMF, security, and Authorization to Operate (ATO) status report
Compensation & Benefits: The annual projected pay range for this position is $90,897 - $118,016 with consideration being given to various factors including but not limited to qualifications, experience, job responsibilities, and geographic location.
Oxley Enterprises, Inc. offers a full array of benefits including:
- Medical, dental, vision and prescription drug coverage for you and your family.
- Life Insurance, short-term disability and long-term disability paid for by the Company.
- Supplemental coverages including Accident, Critical Illness, and Hospital.
- Additional Life insurance coverage for you and your dependents.
- 401k plan with various options to select based on your retirement goals.
Oxley Enterprises®, Inc. is a certified service-disabled veteran-owned (SDVOSB), veteran-owned (VOSB), and woman-owned small business (WOSB) that has 26 years of experience building and delivering quality IT systems and programs. Oxley is ranked in the INC 5000 7 times (2016, 2017, 2018, 2021, 2023, 2024, 2025). Oxley is a 2019 - 2025 Department of Labor HIRE Vets Medallion Award Winner. Oxley is Virginia Values Veterans certified.
All qualified applicants will receive consideration for employment without regard to any status protected by applicable federal, state, or local law.
If you require a reasonable accommodation to apply for a position at Oxley Enterprises, Inc., please send an email to our Human Resources Department at: [email protected] with the following information:
Subject Line: Accommodation Request
Provide a description of your accommodation request
Include your contact information: Full name, Email address, Best number to reach you (optional)
We participate in the E-Verify program. http://www.dhs.gov/E-Verify
Requirements
Minimum/General Experience: 5 years of experience in cybersecurity and information assurance
Minimum Education: Bachelor's Degree in cybersecurity, information technology, or related field; CompTIA Security+ or Certified Authorization Professional (CAP) certification (preferred)
Essential Skills/Qualifications:
- Excellent experience creating and maintaining POA&Ms (e.g., periodic review, milestone updates, and mitigation plan detail)
- Excellent ability to ensure POA&M alignment to National Institute of Standards and Technology (NIST) security control families and Control Correlation Identifiers (CCI)
- Excellent experience drafting and maintaining TRM submissions
- Excellent ability to submit and maintain Business Partner Extranet (BPE) connection requests (e.g., information gathering, request submission, and BPE admin team coordination)
- Excellent knowledge of POA&M closure criteria
- Above average experience maintaining security documentation (e.g., Security Impact Analysis (SIA), Information System Vulnerability Management Plan (ISVMP), Privacy Impact Assessment (PIA), Privacy Threshold Analysis (PTA), and Configuration Management Plan artifacts)
- Experience supporting a federal agency
- Excellent verbal and written communication skills
General Physical Requirements needed to perform the essential functions of this job may vary based on the location of the assignment.
- Assignment Location - Remote
- Sedentary Work - Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects.
- Typing, communicating, repetitive motions.
- Close visual acuity to prepare and analyze data, view computer monitors and read. May need to view presentation screens and other visual aids in a virtual setting.
- Inside environmental conditions with protection from outside elements.
Security: Active Federal Civilian Public Trust clearance
- U.S. Citizenship or Permanent Resident that has lived in the United States for at least 3 years
Federal Civilian Public Trust Consists of a review of up to but not limited to:
- Covers 10 year period and in some instances lifetime events
- OPM Security Investigations Index (SII)
- DOD Defense Central Investigations Index (DCII)
- National Agency Check (NAC) records
- FBI name check
- FBI fingerprint check
- Credit report check
- Written inquiries to previous employers and references listed on the application for employment
- Potential interviews with the subject, spouse, neighbors, supervisor, coworkers
- Law enforcement check
- Court records check
- Education check - Attendance and Degrees

