Microsoft Cyber Security Analyst

Job Title: Microsoft Cybersecurity Analyst

Location: Virtual 

Other Consideration: U.S. Citizen (Required) 

Position Summary:

The Microsoft Cybersecurity Analyst is responsible for executing comprehensive cybersecurity lifecycle activities in support of federal systems, with a focus on compliance, risk management, and system authorization processes. This role supports the Authority to Operate (ATO) lifecycle within the VA environment, leveraging eMASS and working closely with cross-functional teams to ensure systems meet strict security and operational requirements.

Key Responsibilities:

• Perform all Authority to Operate (ATO) lifecycle cybersecurity activities in eMASS, including documentation, assessment, authorization, and ongoing monitoring.
• Serve as System Steward (SS) for eMASS packages, ensuring accurate and timely updates to system security documentation and compliance records.
• Partner with Service Managers to track Plan of Action & Milestones (POA&M), manage Security Risk (SecRisk) approval conditions, and gather ATO artifact information.
• Manage changes to existing systems through the SecRisk Change Control Process, coordinating with Information System Owners (ISO), Information System Security Officers (ISSO), Service Managers, System Integrators (SIs), and Release Management.
• Conduct and lead Security Impact Analyses (SIA) for both major and minor changes affecting systems within the ATO boundary.
• Provide expert security consultation during Architecture Review Boards (ARBs) and during the review of technical change proposals.
• Oversee the secure onboarding and offboarding of minor applications and APIs within Platform-as-a-Service (PaaS) environments.
• Analyze and respond to Office of Information and Technology (OIT) action bulletins to ensure full alignment with evolving VA cybersecurity policies and directives.

Qualifications:

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related field (or equivalent experience).
• 3–5 years of experience in cybersecurity roles within federal environments, preferably supporting VA systems.
• Strong working knowledge of the eMASS tool and ATO processes within federal frameworks such as NIST RMF.
• Experience managing POA&Ms, system risk reviews, and implementing corrective actions in regulated IT environments.
• Familiarity with security architecture, change control processes, and vulnerability management.
• Excellent communication skills and experience working with diverse stakeholder groups including IT leadership, compliance, and technical teams.

Preferred Certifications:

• Security+
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• ITIL Foundation or relevant process management certifications

Transitioning military and/or Veterans with IT/IS, finance, and/or healthcare systems specialties are invited to apply. Sprezzatura is an equal opportunity employer and offers benefits including healthcare and paid vacation time.

WORK AUTHORIZATION

This role requires you to live within the United States.

Evidence of work authorization upon employment is required in compliance with the Immigration Reform and Control Act of 1986. Completion of USCIS form I-9 will be required to verify employment eligibility within 3 business days of the first day of employment.

AAP/EEO STATEMENT

Sprezzatura expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of Sprezzatura ’s employees to perform their job duties may result in discipline up to and including discharge.

CLEARANCE REQUIREMENT

This position may require Public Trust clearance. Candidates must undergo a background investigation, including a review of employment history, education, criminal record, and financial history. The clearance process ensures that the candidate is reliable, trustworthy, and of good conduct and character. Employment offers are contingent upon successful passing a public trust clearance process.

COMPANY DESCRIPTION

Sprezzatura (www.sprezzmc.com) is a Washington, DC-area Service-Disabled Veteran-Owned Small Business (SDVOSB) that enables client success by supplying insight and leadership at the intersection of people, processes, and technology.