• Process and track user account forms and required training for privileged and non-privileged accounts, perform annual accounts validation, and work with the system administrator to create, modify, and remove accounts
• Assess systems and networks within a virtual environment and identify where those systems deviate from acceptable configurations, enclave policy, or local policy through passive evaluations such as compliance audits using STIG Viewer, SCAP and vulnerability assessments utilizing ACAS
• Perform Security Technical Implementation Guide (STIG) assessments and hardening for both Windows, Red Hat Enterprise Linux (RHEL) systems, and networking equipment utilizing ConfigOS
• Develop test plans reflecting how STIG checks are implemented and be able to show the expected outcomes of those checks
• Update the Risk Management Framework (RMF) artifact documentation to ensure that non-compliant system hardening is tracked and remediated
• Establish strict program control processes to ensure risk mitigation and support obtaining system assessment and authorization
• Support of process, analysis, coordination, control certification test, compliance documentation, investigations, software research, hardware introduction and release, emerging technology research, inspections, and periodic audits
• Assist in implementing the required government policy (i.e., NISPOM. NIST. DoD), making recommendations on process tailoring, and participating in and documenting process activities
• Perform analyses to validate established cybersecurity controls and requirements and to recommend cybersecurity safeguards
• Support program test milestones through pre-test preparations, participating in the tests, analyzing the results, and preparing required artifacts supporting authorization
• Prepare artifacts such as Test Results (TR), Authorization Boundary Diagrams (ABD), Network Topologies, Flow-diagrams, Hardware and Software listings, Ports, Protocols, and Services Management documentation, supporting Assessment and Authorization activities and maintain the Plan of Actions and Milestones (POA&M)
• Periodically review each program support and operational system's audits and monitor corrective actions until all actions are closed
• Coordinate across the program to address identified deficiencies during RMF assessment activities
• Frequent internal and external customer contacts and represents the organization in providing solutions to difficult technical issues associated with specific projects

Required Qualifications

• Bachelors degree with at least 5 years of experience or an advanced degree with at least 3 years of experience or equivalent combination of education and experience
• IAT Level II/ IAM Level 1 DoD 8570 certification (Sec+ CE or equivalent)
• Experience with a wide application of principles, theories, and concepts in the field and provides solutions to a wide range of difficult problems with imaginative and thorough solutions
• Security engineering skills with a working knowledge of cybersecurity technology and DoD/Federal cybersecurity policy (i.e., DoDI 8500.01, NIST SP 800-53, etc.)
• Understanding and utilization of Enterprise Mission Assurance Support Service (eMASS)
• Understanding of RMF Cybersecurity Lifecycle to include identifying controls and overlays, generating testable requirements, identifying resilient architecture design, configuring, running, and scripting audit tools, providing analysis of vulnerability analyses, and conducting verification testing for compliance assessment
• Knowledge of Software Assurance (SwA) static and dynamic code analysis (e.g. Fortify/SonarQube)
• Excellent verbal and written communication skills, including ability to collaborate with cross-functional teams, and prepare and brief presentations to the customer as needed
• Self-starter with ability to work both independently and in a team environment

Preferred Qualifications

• Windows and Red Hat Enterprise Linux (RHEL) system administration skills
• Previous background working in a virtual environment
• Previous background working with dockers and containers
• Administer ACAS and ESS (formally HBSS)
• Previous experience with ConfigOS

Security Clearance

Candidates must currently have and be able to maintain a minimum DoD TOP SECRET level security clearance.

Salary Range

$82,000 - $161,000

Employees may be eligible for a discretionary bonus in addition to base pay. Annual bonuses are designed to reward individual contributions as well as allow employees to share in company results.

Benefits

QTEC Aerospace offers a variety of benefits including healthcare, dental, vision, life and disability insurance, 401(k) retirement plan, Company paid holidays and paid time off (PTO) for vacation and/or personal business. Employees may choose among the offered benefits to design the best benefits package to suit their individual or family needs.

Location

Colorado Springs, CO

It is the policy of QTEC, Inc. not to discriminate on the basis of gender, age, race, religion, disability, veteran status or any protected statuses and to take affirmative action to employ and advance in employment qualified individuals within the company.