Cybersecurity Engineer

Colorado Springs, CO, United States

Overview

Systems Planning and Analysis, Inc. (SPA) delivers high-impact, technical solutions to complex national security issues. With over 50 years of business expertise and consistent growth, we are known for continuous innovation for our government customers, in both the US and abroad. Our exceptionally talented team is highly collaborative in spirit and practice, producing  Results that Matter . Come work with the best! We offer opportunity, unique challenges, and clear-sighted commitment to the mission. Objective. Responsive. Trusted.

The Space and Intelligence Division provides professional services to the US Space Force, Combatant Commands, Intelligence Community, and NASA. Our work includes enterprise architectural assessments, systems engineering and integration, test, planning and execution, cost estimating and analysis, acquisition support, and cybersecurity.  We are trusted partners developing approaches and concepts to meet emerging high priority needs, assessing cutting-edge technologies, and supporting capabilities for our National Defense.  Come join the fastest growing Division at Systems Planning and Analysis, Inc.!

The Space Systems Group, part of SPA’s Space and Intelligence Division, provides timely and objective assessments and recommendations integrating technical, operational, programmatic, policy and business analysis. We focus on our key clients in the Space community including the US Space Force’s Space Systems Command (USSF/SSC), one of the three designated Field Commands under USSF. We work tirelessly to provide integrated solutions based on information and communications throughout the chain of command.  We provide clear and consistent analysis and recommendations which are aligned to strategic and leadership goals while balancing the ability to  execute on time and on budget within the technical communities. Come join an organization responsible for being a key enabler of Spacepower!

SPA has an near-term need for a Cybersecurity Engineer.

Responsibilities

As a Cybersecurity Engineer at SPA, you will be assigned to support the Space Systems Command Program Office developing software solutions to perform cyber operations in defense of the US Space Force’s mission systems. Using the Scaled Agile Framework (SAFe) to implement a DevSecOps approach, you will enable the rapid development and shipment of software solutions to protect, defend, and respond to both ground- and space-based cyber adversarial threats. You will be expected to understand and apply the best practices and standards for secure software development and deployment as set forth by Defense Information Systems Agency (DISA), Security Technical Implementation Guides (STIGs), and Open Worldwide Application Security Project (OWASP) Top 10 policies and procedures. You will be expected to design, develop, test, integrate, and deploy software in accordance with the concepts and techniques defined by the 12 Factor App development practices (12factor.net), cloud native (cncf.io), and National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).

As Cybersecurity Engineer your responsibilities will include:

Preparing and participating in Agile and/or DevSecOps ceremonies.

Ensuring all intrusion detection or other information assurance and cybersecurity systems are fully functioning within the OS and are running the currently approved baseline, for both Microsoft (MS) Windows and Linux-based OS.

Supporting patch management to existing Amazon Machine Instances (AMI) and provide quarterly updates to AMI templates including the latest patches and STIGs for Windows and Linux instances.

Ensuring system compliance with the US Space Force and Space Systems Command security policies to safeguard the system against external and insider threats.

Developing test plans, performing integration activities, and developing & maintaining security paperwork.

Providing DevSecOps expertise to ensure compliance and readiness for all Authorization to Operate (ATO) requirements.

Ensuring Risk Management Framework artifacts reflect the current application and hosting environment with fielding plan impacts.

Verifying fielding capabilities compliance with all site security and operations rules, including site access determination, site access and clearance boards, security review of hardware and software, ATO paperwork submission, Interim Authority to Test (IATT) paperwork submission, and related activities.

At SPA, we strive to deliver a robust total compensation package that will attract and retain the top talent.  Elements of the compensation package include competitive base pay and variable compensation opportunities.

SPA provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.

The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, etc.

Please note that the salary information shown below is a general guideline only.  Salaries are commensurate with experience and qualifications, as well as market and business considerations.  Salary pay range:  140k - 185k

Qualifications

About the Must Haves

Minimum 7 years of professional experience performing cybersecurity engineering for a software-intensive system

Bachelor’s degree in cybersecurity, IT, computer science or relevant STEM from an accredited institution

Certified IAT Level II

Must be a US Citizen and possess a current Top Secret Clearance

Your resume must demonstrate experience:

Implementing Department of Defense cybersecurity policies, directives, instructions, and standards for software-intensive mission systems

Developing Risk Management Framework assessment and authorization documentation

Writing and executing cybersecurity test procedures for validation of Risk Management Framework control compliance

Monitoring and analyzing outputs of cybersecurity-related tools for vulnerabilities, reportable security incidents, and residual risks

Reviewing and/or authoring documentation such as, Cybersecurity Strategies, Program Protection Plans, Anti-Tamper Plans, Counterintelligence Support Plans, Integrated Threat Assessment Reports, Operations Security Plans, Continuous Monitoring Plans, and Defensive Cyberspace Operations Plans

Working in eMASS and/or Xacta