Senior Security Engineer
Oddball believes that the best products are built when companies understand and value the things they are working on. We value learning and growth and the ability to make a big impact at a small company. We believe that we can make big changes happen and improve the daily lives of millions of people by bringing quality software to the federal space.
The My HealtheVet (MHV) Senior Security Engineer leads and coordinates security, privacy, risk management, and compliance activities for the My HealtheVet platform — a FISMA High federal system designated as a High Value Asset. This role partners closely with engineering, program leadership, and government stakeholders to ensure the platform maintains a strong, audit-ready security posture while supporting ongoing authorization and continuous monitoring activities.
This is a hands-on, senior security role operating in a high-impact healthcare environment where security, privacy, and mission delivery are tightly coupled.
What You’ll Be Doing:
Security Governance & Program Leadership
Serve as the system Security Manager / ISSO for My HealtheVet and act as the primary security point of contact for internal leadership and VA stakeholders
Establish and maintain a comprehensive security program aligned with FISMA, NIST RMF, NIST SP 800-53 Rev. 5 (High baseline), HVA guidance, and VA cybersecurity policy (VA 6500 series)
Lead ATO, reauthorization, and Continuous Monitoring (ConMon) activities, including assessment planning, evidence management, and package quality control
Coordinate audits, assessments, and required security testing activities, including control assessments and penetration testing
Risk Management & Compliance
Drive a risk-based security approach appropriate for a FISMA High / HVA system
Identify, document, prioritize, and track security and privacy risks through POA&Ms, ensuring remediation actions are measurable and tracked to closure
Perform and document system risk assessments, security impact analyses, and privacy-related assessments
Ensure system security documentation remains current, accurate, and defensible for audits and oversight reviews
Vulnerability Management & Continuous Diagnostics
Oversee vulnerability management activities including triage, prioritization, remediation coordination, validation, and reporting
Integrate enterprise security initiatives (e.g., CDM-related reporting where applicable) into system risk tracking and POA&Ms
Support secure configuration, hardening, and ongoing control effectiveness monitoring
Incident Response & Security Operations
Coordinate incident response activities, including investigation support, escalation, documentation, and communication with VA security operations and CISO teams
Ensure incident response playbooks, reporting thresholds, and escalation paths are documented and exercised
Support after-action reviews and ensure lessons learned are translated into corrective actions
Identity, Credential, and Access Management (ICAM)
Oversee privileged and non-privileged access governance, enforcing least privilege, role-based access, and need-to-know principles
Ensure onboarding/offboarding controls, periodic access reviews, and MFA requirements are implemented and monitored
Support governance and monitoring of privileged access activity consistent with high-impact system expectations
Documentation, Reporting & Stakeholder Communication
Prepare and maintain security and authorization artifacts, including SSPs, assessment evidence, POA&Ms, risk acceptance documentation, and ConMon deliverables
Provide regular reporting to leadership on authorization status, risk posture, open findings, and remediation progress
Partner with Privacy, FOIA, and Records stakeholders to support breach documentation, consent and data-handling documentation, and incident records
Training, Awareness & Continuous Improvement
Deliver or coordinate security and privacy awareness activities for engineers, staff, and contractors supporting My HealtheVet
Brief leadership on emerging threats, HVA-specific risks, and recommended mitigations, translating technical risk into mission impact
Track emerging threats relevant to healthcare and high-value federal systems (e.g., ransomware, supply chain risk) and drive implementation of safeguards
Lead remediation efforts for findings from oversight bodies such as OIG, GAO, and external assessors
What you’ll bring:
5+ years of experience in IT and cybersecurity, including experience supporting federal systems operating at FISMA Moderate or High
Strong working knowledge of FISMA, HVA expectations, NIST RMF, and NIST SP 800-53 Rev. 5 (High baseline)
Hands-on experience managing ATO, reauthorization, and Continuous Monitoring activities
Experience producing and maintaining federal security documentation (SSP, POA&Ms, assessment artifacts, SAR support)
Familiarity with privacy and security requirements relevant to federal healthcare systems and protection of sensitive data
Experience with vulnerability management workflows and security monitoring outputs (e.g., scan results, SIEM dashboards)
Understanding of Zero Trust concepts, cloud security considerations, and secure SDLC / DevSecOps practices
Strong written and verbal communication skills, with the ability to brief senior stakeholders and produce audit-ready documentation
Performs other related duties as assigned
Nice to Haves:
Experience supporting the Department of Veterans Affairs or other large federal agencies
Familiarity with Veteran-facing health platforms or the My HealtheVet ecosystem
Experience supporting or participating in incident response tabletop exercises
Hands-on experience with federal authorization tooling (e.g., eMASS or equivalent) and evidence repositories
Requirements:
Applicants must be authorized to work in the United States. In alignment with federal contract requirements, certain roles may also require U.S. citizenship and the ability to obtain and maintain a federal background investigation and/or a security clearance.
Education:
Bachelor’s Degree
Benefits:
Fully remote
Tech & Education Stipend
Comprehensive Benefits Package
Company Match 401(k) plan
Flexible PTO, Paid Holidays
Oddball is an Equal Opportunity Employer and does not discriminate against applicants based on race, religion, color, disability, medical condition, legally protected genetic information, national origin, gender, sexual orientation, marital status, gender identity or expression, sex (including pregnancy, childbirth or related medical conditions), age, veteran status or other legally protected characteristics. Any applicant with a mental or physical disability who requires an accommodation during the application process should contact an Oddball HR representative to request such an accommodation by emailing hr@Oddball.io
Compensation:
At Oddball, it’s important each employee is compensated competitively and fairly. In alignment with state legal requirements. A range for the included position is listed below. Be advised, actual offer details are determined by job category, job location, and candidate skill level.
United States Wage Range: $120,000 – $165,000
About the job
Apply for this position
Senior Security Engineer
Oddball believes that the best products are built when companies understand and value the things they are working on. We value learning and growth and the ability to make a big impact at a small company. We believe that we can make big changes happen and improve the daily lives of millions of people by bringing quality software to the federal space.
The My HealtheVet (MHV) Senior Security Engineer leads and coordinates security, privacy, risk management, and compliance activities for the My HealtheVet platform — a FISMA High federal system designated as a High Value Asset. This role partners closely with engineering, program leadership, and government stakeholders to ensure the platform maintains a strong, audit-ready security posture while supporting ongoing authorization and continuous monitoring activities.
This is a hands-on, senior security role operating in a high-impact healthcare environment where security, privacy, and mission delivery are tightly coupled.
What You’ll Be Doing:
Security Governance & Program Leadership
Serve as the system Security Manager / ISSO for My HealtheVet and act as the primary security point of contact for internal leadership and VA stakeholders
Establish and maintain a comprehensive security program aligned with FISMA, NIST RMF, NIST SP 800-53 Rev. 5 (High baseline), HVA guidance, and VA cybersecurity policy (VA 6500 series)
Lead ATO, reauthorization, and Continuous Monitoring (ConMon) activities, including assessment planning, evidence management, and package quality control
Coordinate audits, assessments, and required security testing activities, including control assessments and penetration testing
Risk Management & Compliance
Drive a risk-based security approach appropriate for a FISMA High / HVA system
Identify, document, prioritize, and track security and privacy risks through POA&Ms, ensuring remediation actions are measurable and tracked to closure
Perform and document system risk assessments, security impact analyses, and privacy-related assessments
Ensure system security documentation remains current, accurate, and defensible for audits and oversight reviews
Vulnerability Management & Continuous Diagnostics
Oversee vulnerability management activities including triage, prioritization, remediation coordination, validation, and reporting
Integrate enterprise security initiatives (e.g., CDM-related reporting where applicable) into system risk tracking and POA&Ms
Support secure configuration, hardening, and ongoing control effectiveness monitoring
Incident Response & Security Operations
Coordinate incident response activities, including investigation support, escalation, documentation, and communication with VA security operations and CISO teams
Ensure incident response playbooks, reporting thresholds, and escalation paths are documented and exercised
Support after-action reviews and ensure lessons learned are translated into corrective actions
Identity, Credential, and Access Management (ICAM)
Oversee privileged and non-privileged access governance, enforcing least privilege, role-based access, and need-to-know principles
Ensure onboarding/offboarding controls, periodic access reviews, and MFA requirements are implemented and monitored
Support governance and monitoring of privileged access activity consistent with high-impact system expectations
Documentation, Reporting & Stakeholder Communication
Prepare and maintain security and authorization artifacts, including SSPs, assessment evidence, POA&Ms, risk acceptance documentation, and ConMon deliverables
Provide regular reporting to leadership on authorization status, risk posture, open findings, and remediation progress
Partner with Privacy, FOIA, and Records stakeholders to support breach documentation, consent and data-handling documentation, and incident records
Training, Awareness & Continuous Improvement
Deliver or coordinate security and privacy awareness activities for engineers, staff, and contractors supporting My HealtheVet
Brief leadership on emerging threats, HVA-specific risks, and recommended mitigations, translating technical risk into mission impact
Track emerging threats relevant to healthcare and high-value federal systems (e.g., ransomware, supply chain risk) and drive implementation of safeguards
Lead remediation efforts for findings from oversight bodies such as OIG, GAO, and external assessors
What you’ll bring:
5+ years of experience in IT and cybersecurity, including experience supporting federal systems operating at FISMA Moderate or High
Strong working knowledge of FISMA, HVA expectations, NIST RMF, and NIST SP 800-53 Rev. 5 (High baseline)
Hands-on experience managing ATO, reauthorization, and Continuous Monitoring activities
Experience producing and maintaining federal security documentation (SSP, POA&Ms, assessment artifacts, SAR support)
Familiarity with privacy and security requirements relevant to federal healthcare systems and protection of sensitive data
Experience with vulnerability management workflows and security monitoring outputs (e.g., scan results, SIEM dashboards)
Understanding of Zero Trust concepts, cloud security considerations, and secure SDLC / DevSecOps practices
Strong written and verbal communication skills, with the ability to brief senior stakeholders and produce audit-ready documentation
Performs other related duties as assigned
Nice to Haves:
Experience supporting the Department of Veterans Affairs or other large federal agencies
Familiarity with Veteran-facing health platforms or the My HealtheVet ecosystem
Experience supporting or participating in incident response tabletop exercises
Hands-on experience with federal authorization tooling (e.g., eMASS or equivalent) and evidence repositories
Requirements:
Applicants must be authorized to work in the United States. In alignment with federal contract requirements, certain roles may also require U.S. citizenship and the ability to obtain and maintain a federal background investigation and/or a security clearance.
Education:
Bachelor’s Degree
Benefits:
Fully remote
Tech & Education Stipend
Comprehensive Benefits Package
Company Match 401(k) plan
Flexible PTO, Paid Holidays
Oddball is an Equal Opportunity Employer and does not discriminate against applicants based on race, religion, color, disability, medical condition, legally protected genetic information, national origin, gender, sexual orientation, marital status, gender identity or expression, sex (including pregnancy, childbirth or related medical conditions), age, veteran status or other legally protected characteristics. Any applicant with a mental or physical disability who requires an accommodation during the application process should contact an Oddball HR representative to request such an accommodation by emailing hr@Oddball.io
Compensation:
At Oddball, it’s important each employee is compensated competitively and fairly. In alignment with state legal requirements. A range for the included position is listed below. Be advised, actual offer details are determined by job category, job location, and candidate skill level.
United States Wage Range: $120,000 – $165,000