Who We Are

Known for being a Best Place to Work and a People First company, IronArch Technology is an award-winning Service-Disabled Veteran-Owned Small Business (SDVOSB) specializing in providing innovative solutions and world class services to Federal Government clients. 

Our employees have voted us as a 'Best Place to Work' 9 times and we are an INC 5000 recipient for being one of the fastest growing businesses in the United States.

Our Values: Deliver Outcomes with Speed | Own the Work and the Results | Respect People. Speak Directly. | Stay Curious. Enjoy the Journey.

About the Role

IronArch Technology is looking for an ATO Security Analyst to support the Department of Veterans Affairs in maintaining cybersecurity compliance across VA research environments. This is a documentation-first role. You will own the paperwork that keeps VA systems authorized and running: ATO and ATC packages, security artifacts, POA&Ms, gap analyses, and FISMA documentation.

If you find satisfaction in precision, in keeping complex authorization packages current and accurate, and in being the person who knows the RMF process cold then this role was built for you. You'll work directly with VA Information System Owners (ISOs), Information System Security Officers (ISSOs), site managers, and research stakeholders to drive ATO activities from start to finish.  

What You’ll Do

Most of your time will be spent developing, reviewing, and maintaining ATO and ATC packages including system security plans (SSPs), control implementation statements, FISMA documents, and POA&Ms across a portfolio of VA research systems. You'll own the tracking and resolution of open POA&M items, keep authorization schedules current, and make sure nothing falls through the cracks.

You'll support all RMF steps from security categorization through authorization, coordinating directly with VA ISOs, ISSOs, site managers, and system owners to close gaps and hit deadlines. When research teams have cybersecurity compliance questions, you're the person who answers them using current VA Handbooks, Directives, and NIST guidance. 

You'll also conduct security assessment reviews for VA research submissions, work within the VA's Continuous Authorization and Monitoring (CAM) framework, and support product installation planning for major system changes. You'll lead client-facing meetings on ATO topics regularly. The expectation is that you can walk both technical and non-technical audiences through complex authorization status clearly and confidently.

Education and Experience 

Bachelor's degree in computer science, electronics engineering, or another engineering or technical discipline, plus 5 years of relevant experience. 13 years of relevant experience may substitute in lieu of a degree (8 additional years may substitute for education per contract requirements). 

What we're looking for 

You need hands-on experience with the full RMF lifecycle, categorization through authorization, and you should be comfortable creating and maintaining SSPs, control implementation statements, POA&Ms, and FISMA security documentation without a lot of handholding. Working knowledge of NIST SP 800-53 is a hard requirement. So is the ability to read authorization documentation, find the gaps, build a plan to address them, and communicate it clearly to people who may not have a security background.

We need someone who can manage a lot of open items simultaneously including multiple systems, multiple deadlines, and different expiration windows while keeping everything current and accurate. If you've supported secure product installation planning and worked with system stakeholders through the ATO process, that's exactly the experience this role is built on. 

You'll need to be able to obtain and maintain a VA Public Trust or Suitability/Fitness determination. U.S. citizenship required. 

AI Capabilities 

Comfortable using AI tools to assist with documentation drafting, artifact review, and compliance gap analysis. Understands that AI accelerates RMF documentation work, but that accuracy and human review are non-negotiable in an authorization context.

Preferred Experience

• Experience with ServiceNow's Continuous Authorization and Monitoring (CAM) application is a plus, as is familiarity with VHA Research and Development Policies, VA Handbook 1200, and VA 6500 Handbooks and Directives.
• If you've supported ATOs for specialized or connected devices, that's relevant here. 
• An active Public Trust clearance isn't required to apply but will accelerate your onboarding timeline if you have one.  

(#LI-remote) 

 Remote, U.S.-based. Occasional travel may be required to support program needs. 

Impact / What Success Looks Like 

In your first 90 days, you'll have established your working relationships with VA ISOs and ISSOs, gotten current on the open ATO packages you're supporting, and taken ownership of the POA&M tracking for your assigned systems. By six months, the systems you support will have no overdue authorization milestones, and you'll be the person stakeholders call first with compliance questions. In the long run, your work keeps VA research systems authorized and operating which directly enables Veterans to access care through modernized VA tools. 

Why IronArch Technology?

• Awarded Best Place to Work 9 times!
• Competitive compensation and market-leading bonus opportunities
• Medical, dental and vision benefits where a significant portion of the premium is subsidized by IronArch. For qualifying high deductible health plans, IronArch also contributes towards a Health Reimbursement Account to cover eligible medical expenses
• Company-provided healthcare concierge assistance to help explain your coverage in plain language; help you find, choose, and schedule quality care; and address billing, benefit, or claims concerns, potentially saving hours of your time
• 401(k) retirement plan where the company contributes dollar for dollar up to 3 percent, and 50 cents on the dollar for the 4th and 5th percent with immediate entry and immediate vesting
• 20 days of PTO accumulated per calendar year
• 11paid holidays
• Bereavement, jury duty, parental (maternity/paternity/adoption), and military leaves
• Sabbatical programs
• Company-paid short- and long-term disability
• Company-paid life insurance
• Voluntary life, accidental and indemnity income replacement benefits
• Professional development reimbursement
• Health club reimbursement
• Matching donation program and annual philanthropic activities 
• Pet insurance
• And more!

Apply today to learn why IronArch Technology has been recognized as “Best Place to Work” for 9 years!

IronArch Technology is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law.

In alignment with applicable state and local pay transparency laws, IronArch includes a salary range in our job descriptions to support equity and transparency in our hiring process. The compensation range provided reflects what we reasonably expect to offer for this role, with the final offer determined by a variety of factors including skills, experience, and scope of responsibilities.