• Lead product security engineering for our payment platform—owning threat modeling, security architecture review, secure SDLC practices, and API security across the engineering organization • Help mature our AI security program developing genAI controls, securing ML pipelines, and working alongside the Model Risk Office for model evaluations. • Provide security architecture oversight across infrastructure and enterprise security—endpoint, network, VPN, and corporate security controls—ensuring technical standards are coherent across all security domains • Shape how security engineering scales across the organization through tooling, frameworks, security champions engagement, and engineering partnerships

• Design, implement, and maintain security controls across our AWS environment • Manage and tune AWS-native security tooling (GuardDuty, Security Hub, CloudTrail, Inspector, etc) • Develop and enforce infrastructure-as-code (IaC) security policies using tools such as Terraform • Conduct periodic reviews of AWS account architecture • Collaborate with Platform Engineering teams to embed security into CI/CD pipelines • Monitor, investigate, and respond to cloud security alerts and incidents

• Own the end-to-end vulnerability lifecycle: intake, triage, assignment, remediation coordination, verification, and closure across all finding sources. • Enforce severity-based SLAs, escalation paths, and ownership expectations. Track remediation timelines and follow up with engineering teams to ensure findings are resolved within policy requirements. • Aggregate findings centrally from all scanning tools and sources into a unified tracking system. • Manage exception and risk acceptance workflows. Process exception requests, document compensating controls, and ensure approvals are captured with appropriate evidence. • Produce vulnerability posture reports and dashboards. • Coordinate with engineering teams on remediation prioritization, providing context on severity, exploitability, and business impact to support informed decision-making. • Drive reduction of aging findings through proactive follow-up, workflow automation, and escalation when remediation stalls. • Assist the DevSecOps Lead with implementation of baseline security controls. • Help integrate controls into repositories, CI/CD pipelines, registries, and deployment workflows. • Validate that controls are functioning as intended, producing actionable findings, and are difficult to bypass.

Role Description The Incident Response / Systems Support Specialist provides operational, testing, deployment, and application support services for the Veterans Benefits Administration (VBA). This role supports pre-production and production environments, coordinates application testing and deployments, manages user access and permissions, and collaborates with development, testing, and infrastructure teams to ensure successful implementation and maintenance of VBA systems and applications. The ideal candidate has experience supporting enterprise environments within government organizations, working closely with application developers, testers, infrastructure teams, and system owners in a highly collaborative environment. Key Responsibilities - Support and maintain VBA pre-production and testing environments in coordination with internal IT teams and stakeholders. - Coordinate with testers and development teams to validate new and updated VBA applications prior to deployment. - Troubleshoot environmental and application-related issues and communicate findings to development teams for resolution. - Create, manage, and maintain user roles and permissions using Common Security Employee Manager (CSEM). - Assist with testing and deployment activities for new applications, patches, upgrades, and system enhancements. - Collaborate with Client Technologies teams to install, configure, and validate updates to VBA systems including: - Operating System Deployments (OSD) - BIOS updates - Windows Feature Updates - Microsoft 365 application updates - Administer and maintain multiple VBA SharePoint environments and sites. - Configure SharePoint access, permissions, document libraries, and lists for users and project teams. - Develop and maintain automated workflows using SharePoint Designer and Microsoft Power Automate. - Design and maintain SharePoint pages and automated processes to support testing coordination and IT operations. - Work with testing teams to develop and execute automated test scripts using Rational Functional Tester (RFT). - Utilize Dimensions CM to manage and release application baselines into Beta and Production server environments. - Lead and facilitate conference calls with testers, IT specialists, developers, and system owners for: - Beta testing coordination - Troubleshooting activities - Deployment planning - Installation scheduling - Send deployment notifications and communications to Alpha, Beta, and Production sites regarding: - Application releases - Security alerts - System patches - Upgrades and maintenance activities - Maintain documentation related to deployments, testing procedures, troubleshooting efforts, and operational processes. Qualifications - Bachelor’s degree - 2+ years of experience supporting enterprise applications, testing environments, deployments, and IT operations or related experience