Platform Security Lead

Position Title: Platform Security Lead
Location: Remote (In the U.S)

Other Considerations:U.S. Citizen or Permanent Resident (Required)

POSITION SUMMARY

The Security Lead will be responsible for overseeing the security posture of the VA.gov Platform Management environment, ensuring compliance with VA security requirements, proactive risk management, vulnerability remediation, and operational security coordination across the platform ecosystem. This role serves as the primary point of contact for security operations, working closely with engineering, infrastructure, development, and VA stakeholders to protect platform integrity while enabling uninterrupted service delivery.

RESPONSIBILITIES

• Lead security operations for the VA.gov Platform Management environment, ensuring alignment with VA cybersecurity policies, standards, and compliance requirements
• Serve as the primary security point of contact for platform-related incidents, vulnerabilities, audits, and risk management activities
• Coordinate vulnerability identification, remediation tracking, patch management oversight, and security issue resolution across teams
• Monitor security alerts, findings, and emerging threats impacting platform operations and escalate issues as appropriate
• Partner with infrastructure, DevOps, development, and operations teams to embed security into operational processes and technical implementations
• Support Authority to Operate (ATO) sustainment activities, documentation updates, audit responses, and security control validation efforts
• Maintain and manage Plans of Action & Milestones (POA&Ms), risk registers, and remediation tracking for platform security findings
• Oversee access control governance, privileged access reviews, account management, and security-related onboarding/offboarding coordination
• Support incident response activities, root cause analysis, corrective actions, and post-incident security improvements
• Provide leadership reporting on security posture, risks, remediation progress, and compliance health

QUALIFICATIONS

• Ability to obtain and maintain a Public Trust clearance
• 10+ years of relevant IT/security experience
• Experience supporting enterprise cybersecurity operations, compliance programs, and security governance in complex IT environments
• Experience with vulnerability management, incident response, access management, and security remediation coordination
• Experience supporting federal security compliance frameworks, including NIST, FISMA, ATO sustainment, and security control assessments
• Experience working in highly regulated government environments, preferably VA or federal healthcare environments
• Experience collaborating across technical and operational teams in production support environments

Preferred Qualifications

• CISSP, CISM, Security+, or equivalent cybersecurity certification
• Experience supporting cloud security and modern platform/infrastructure environments
• Familiarity with DevSecOps practices, monitoring/security tooling, and continuous compliance processes
• Experience with VA security governance processes and enterprise security stakeholders preferred

WORKING CONDITIONS

Standard Business hours are Monday through Friday. Occasional extended or weekend hours may be required based on operational needs. Must havereliableinternet service that allows for effective telecommuting.

BENEFITS

Sprezzatura offers a comprehensive and flexible benefit package to include:

• Medical, Dental, and Vision
• Health Saving Account(when enrolled ineligible plan) with Company contribution
• Company paid Life, Accidental Death, Short-term & Long-term Disability
• Voluntary Accident, Hospital Indemnity, & Critical Care Insurance
• Voluntary Medical & Dependent Care Flexible Spending Accounts
• Accrued Paid Time Off & Company Paid Holidays
• 401(k) Retirement Plan with Company match

WORK AUTHORIZATION

Sprezzatura participates in E-Verify and will provide the federal government with your I-9 information to confirm that you are authorized to work in the U.S.

Sprezzatura is a mission-driven, Service-Disabled Veteran-Owned Small Business (SDVOSB) that thrives at the intersection of technology, innovation, and impact. We specialize in secure, scalable, and human-centered digital solutions that accelerate government transformation. Our work spans DevSecOps, health IT modernization, intelligent automation, benefits delivery, and digital communications. We partner with agencies ready to evolve-delivering not just strategy, but measurable execution. Rooted in operational excellence and driven by curiosity, we help our clients navigate complexity with clarity-turning ambitious ideas into real-world outcomes. No buzzwords. Just impact.

EEO STATEMENT

Sprezzatura is an Equal Opportunity Employer. We do not discriminate on the basis of race, color, religion, sex (including pregnancy, sexual orientation, and gender identity), national origin, age, disability, genetic information, protected veteran status, or any other legally protected characteristic. Applicants have the right to discuss, disclose, or inquire about compensation without retaliation. Reasonable accommodations are available for qualified individuals with disabilities.

This job description is not intended to be an employment contract and does not guarantee employment for any specific duration.