Overview
The ERA Analyst role involves executing the VA Enterprise Risk Analysis process utilizing a specialized ERA tool to identify critical cybersecurity risk factors in network-connected medical devices and other specialized systems. This position focuses on assessing residual cyber risks prior to device integration into the VA network, requiring detailed documentation and evaluation to support VA authorizations. The analyst collaborates closely with federal and contractor teams, leveraging system data, conducting interviews, and applying risk management standards to ensure robust security postures.
Education & Certification Requirements
A bachelor’s degree in computer science, electronics engineering, or a related technical field is required, along with at least 5 years of professional experience or a total of 13 years of experience in lieu of education. Certifications such as CompTIA Security+, CRISC, or CISSP are advantageous.
Clearance Requirements
Public Trust - can be obtained during onboarding but it will take 4-6 weeks
Onsite Requirements
This role is a remote opportunity.
Responsibilities
- Conduct risk assessments on network-connected medical devices and specialized systems using a custom ERA tool.
- Gather and review system documentation, including hardware/software inventory, communication profiles, and security controls.
- Collaborate with clients, vendor representatives, and team members to document critical security posture elements.
- Summarize risk factors with quantitative and qualitative scores to inform VA authorization decisions.
- Analyze network topology and protocols to identify vulnerabilities and security gaps.
- Prepare comprehensive reports that clearly communicate residual cyber risks.
- Support enterprise risk management efforts through regular review and updating of risk assessments.
- Engage with federal customers and stakeholders to facilitate risk analysis processes.
Qualifications
- Experience with cybersecurity risk management for complex systems and medical technology.
- Knowledge of NIST SP 800-53 and NIST SP 800-30 standards.
- Ability to document and depict network topology and protocols accurately.
- Skilled in conducting interviews and gathering technical data from diverse sources.
- Proficiency with risk management tools and methodologies.
- Strong collaboration and communication capabilities in a federal environment.
- Ability to obtain and maintain a Public Trust clearance.
Desired Skills
- Experience with IoT cybersecurity analysis.
- Familiarity with Governance, Risk, and Compliance (GRC).
- Knowledge of Assessment and Authorization (A&A) processes and eMASS.
- Proficiency in Excel and Visio.
- Certifications such as CompTIA Security+ or CRISC.
