Apply on Employer Site

Oddball · 6 hours ago

Senior Security Engineer

United States

Full-time

Remote

Mid, Senior Level

$120K/yr - $165K/yr

5+ years exp

Oddball is a company that values learning and growth while aiming to improve lives through quality software in the federal space. The Senior Security Engineer will lead security, privacy, risk management, and compliance activities for the My HealtheVet platform, ensuring a strong security posture and supporting ongoing authorization and monitoring activities.

Computer Vision

Growth Opportunities

No H1B

U.S. Citizen Only

Responsibilities

Serve as the system Security Manager / ISSO for My HealtheVet and act as the primary security point of contact for internal leadership and VA stakeholders

Establish and maintain a comprehensive security program aligned with FISMA, NIST RMF, NIST SP 800-53 Rev. 5 (High baseline), HVA guidance, and VA cybersecurity policy (VA 6500 series)

Lead ATO, reauthorization, and Continuous Monitoring (ConMon) activities, including assessment planning, evidence management, and package quality control

Coordinate audits, assessments, and required security testing activities, including control assessments and penetration testing

Drive a risk-based security approach appropriate for a FISMA High / HVA system

Identify, document, prioritize, and track security and privacy risks through POA&Ms, ensuring remediation actions are measurable and tracked to closure

Perform and document system risk assessments, security impact analyses, and privacy-related assessments

Ensure system security documentation remains current, accurate, and defensible for audits and oversight reviews

Oversee vulnerability management activities including triage, prioritization, remediation coordination, validation, and reporting

Integrate enterprise security initiatives (e.g., CDM-related reporting where applicable) into system risk tracking and POA&Ms

Support secure configuration, hardening, and ongoing control effectiveness monitoring

Coordinate incident response activities, including investigation support, escalation, documentation, and communication with VA security operations and CISO teams

Ensure incident response playbooks, reporting thresholds, and escalation paths are documented and exercised

Support after-action reviews and ensure lessons learned are translated into corrective actions

Oversee privileged and non-privileged access governance, enforcing least privilege, role-based access, and need-to-know principles

Ensure onboarding/offboarding controls, periodic access reviews, and MFA requirements are implemented and monitored

Support governance and monitoring of privileged access activity consistent with high-impact system expectations

Prepare and maintain security and authorization artifacts, including SSPs, assessment evidence, POA&Ms, risk acceptance documentation, and ConMon deliverables

Provide regular reporting to leadership on authorization status, risk posture, open findings, and remediation progress

Partner with Privacy, FOIA, and Records stakeholders to support breach documentation, consent and data-handling documentation, and incident records

Deliver or coordinate security and privacy awareness activities for engineers, staff, and contractors supporting My HealtheVet

Brief leadership on emerging threats, HVA-specific risks, and recommended mitigations, translating technical risk into mission impact

Track emerging threats relevant to healthcare and high-value federal systems (e.g., ransomware, supply chain risk) and drive implementation of safeguards

Lead remediation efforts for findings from oversight bodies such as OIG, GAO, and external assessors

Qualification

FISMANIST RMFNIST SP 800-53 Rev. 5Continuous MonitoringVulnerability ManagementRisk ManagementIncident ResponseSecurity DocumentationZero TrustCloud SecuritySecure SDLCCommunication Skills

Required

5+ years of experience in IT and cybersecurity, including experience supporting federal systems operating at FISMA Moderate or High

Strong working knowledge of FISMA, HVA expectations, NIST RMF, and NIST SP 800-53 Rev. 5 (High baseline)

Hands-on experience managing ATO, reauthorization, and Continuous Monitoring activities

Experience producing and maintaining federal security documentation (SSP, POA&Ms, assessment artifacts, SAR support)

Familiarity with privacy and security requirements relevant to federal healthcare systems and protection of sensitive data

Experience with vulnerability management workflows and security monitoring outputs (e.g., scan results, SIEM dashboards)

Understanding of Zero Trust concepts, cloud security considerations, and secure SDLC / DevSecOps practices

Strong written and verbal communication skills, with the ability to brief senior stakeholders and produce audit-ready documentation

Applicants must be authorized to work in the United States. In alignment with federal contract requirements, certain roles may also require U.S. citizenship and the ability to obtain and maintain a federal background investigation and/or a security clearance

Bachelor's Degree