• Security Development Lifecycle (SDLC) Integration: Drive the implementation of security practices throughout the entire software development process, from design review through deployment. • Application Security Testing: Perform offensive penetration testing and defensive (Blue Team) testing on web applications, internal services, and robot-side software to identify and remediate vulnerabilities. • Automation and Tooling: Implement and manage security tools, including Static Application Security Testing (SAST) or Dynamic Application Security Testing (DAST) or runtime vulnerability assessments, and Software Bill of Materials (SBOM) systems. Implementation of these systems using tools such as JFrog Artifactory, GitHub Advanced Security, Datadog, Wiz or Snyk. • Code Review and Governance: Define and enforce security policies for source code, including mandatory GitHub security practices and review procedures. • Vulnerability Management: Manage the lifecycle of identified vulnerabilities, prioritizing remediation efforts based on risk to the fleet, proprietary code, and cloud infrastructure. • Collaboration: Partner with development, platform, and infrastructure teams to ensure security requirements are met without hindering engineering velocity.

• Security Development Lifecycle (SDLC) Integration: Support security practices throughout the entire software development process, from design review through deployment. • Application Security Testing: Perform offensive penetration testing on web applications, internal services, and robot-side software to identify and remediate vulnerabilities. • Automation and Tooling: Support security tools, including Static Application Security Testing (SAST) or Dynamic Application Security Testing (DAST) or runtime vulnerability assessments, and Software Bill of Materials (SBOM) systems. Experience with systems such as Artifactory and GitHub Security. • Threat Modeling and Security Reviews: Support threat modeling including security reviews of major software releases. • Vulnerability Management: Manage the lifecycle of identified vulnerabilities, prioritizing remediation efforts based on risk to the fleet, proprietary code, and cloud infrastructure. • Collaboration: Partner with development, platform, and infrastructure teams to ensure security requirements are met without hindering engineering velocity.

Role Description GovCIO is seeking a VistA Pharmacy Applications Release Verifier (Remote/Part-Time) to join our Patient Care Services Product line, in the Office of Information Technology at the Department of Veterans Affairs. The candidate will support the release management and package verification of VistA-related patches using the National Patch Module (NPM) on FORUM. This position will be a fully remote within the United States with core hours of operation from Monday to Friday 8 AM to 5 PM ET. - Collaborate closely with development teams, Health Infrastructure and Systems Management (HISM) VistA Applications teams, Software Quality Assurance (SQA), and VHA Initial Operating Capability (IOC) test sites throughout the full patch lifecycle. - Ensure all requirements, validations, and release steps are executed according to VistA Patch Release standards. - Coordinate end-to-end VistA patch testing and release activities using the National Patch Module (NPM). - Perform Verifier responsibilities, including checklist execution, review validation, compliance date alignment, and patch status updates. - Manage release artifacts by moving builds, executables, and documentation to the National File Server as required. - Analyze defect incidents, reproduce issues, conduct assessments, and document findings for defect resolution. - Maintain Problem Incident updates throughout development, testing, and verification phases. - Evaluate enhancement requirements by reviewing user stories and validating expected functionality. - Create Patch Stubs following VistA Patch Template standards, including Packman and Host File formats. - Develop complete Patch Descriptions with accurate installation steps and required supporting documentation. - Upload KIDS Builds to NPM on FORUM and document progress in Problem Incidents. - Coordinate with other Verifiers or Functional Analysts when development overlaps across product areas. - Conduct technical preparation activities such as checksum verification and routine backups. - Update routines using approved VistA tools (KIDS Utilities, ^XINDEX) and submit Data Dictionary changes to the DBA. - Validate ICR usage, submit new or updated ICR requests, and coordinate HL7 messaging reviews for impacted components. - Support FDA impact reviews and assess external system impacts, engaging stakeholders as needed. - Assist developer unit testing, coordinate peer code reviews, and support SQA using the VistA SQA Checklist. - Prepare all required SQA and UAT distribution materials, including developer checklists, documentation, and versioned Host File Builds. Qualifications - Master's with 10 years (or commensurate experience) - Strong understanding of software development lifecycles (SDLC), Agile/SAFe, and CI/CD pipelines. - Proven experience coordinating complex, multiteam releases in enterprise or mission-critical environments. - Exceptional communication, facilitation, and stakeholder management skills. - Ability to manage multiple releases simultaneously with tight deadlines. - Strong analytical, organizational, and problem-solving skills. Requirements - Ability to obtain and maintain a Suitability/Public Trust clearance Preferred Skills and Experience - Experience working within the Department of Veterans Affairs (VA) or other federal healthcare environments. - Familiarity with NPM, KIDS Builds, HL7 messaging, Data Dictionary structures, and VistA architecture. - Experience with incident/problem management and structured testing methodologies. SAFe ITIL, PMP, or Agile certification(s). - Experience with automated testing, monitoring, and deployment tooling. - Strong understanding of risk, compliance, and audit requirements for production systems. Posted Salary Range USD $55.00 - USD $60.00 /Hr.

Lead end-to-end security for products, perform deep-dive security reviews, manage vulnerability lifecycles, and integrate security checks into workflows to ensure a robust security posture in multi-tenant environments.