- Colorado Springs, CO, USA
- 89-110 per year Competitive salary based on experience, skill set ,knowledge and credentials
- Full Time
*Technical Benefit Pool* Extensive Options
Quantum Research International, Inc. (Quantum)
Quantum Research International, Inc. (Quantum) provides our national defense and federal civilian and industry customers with services and products in the following main areas: 1) Cybersecurity and Information Operations; 2) Space Operations and Control; 3) Aviation Systems; 4) Ground, Air and Missile Defense, and Fires Support Systems; 5) Intelligence Programs Support; 6) Experimentation and Test; 7) Program Management; and (8) Audio/Visual Technology Applications. Quantum's Corporate Office is located in Huntsville, AL, but Quantum actively hires for positions nationwide and internationally. We pride ourselves on providing high quality support to the U.S. Government and our Nation's Warfighters. In addition to our corporate office, we have physical locations in Aberdeen, MD; Colorado Springs, CO; Crestview FL, Orlando, FL and Tupelo, MS
Quantum is seeking a Cyber Security Engineer / Analyst to provide support as needed to the US Army Space and Missile Defense Command (USASMDC), Capability Development Integration Directorate (CDID) government personnel for efforts associated with innovations for Space, Near Space, Space Control, Missile Defense Capabilities and information operations to the Warfighter.
This work will occur inside of a SCIF and the work performed shall include:
- Perform assessment of systems and networks within the environment and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy Achieved through passive evaluations such as compliance audits using STIG Viewer, SCAP Compliance Checker (SCC), and active evaluations through ConfigOS and ACAS/NESSUS
- Perform assessments of non-technical RMF artifacts and identify where those artifacts deviate RMF control requirements
- Establish strict program control processes to ensure mitigation of risks and supports obtaining assessment and authorization of systems. Includes support of process, analysis, coordination, control certification test, compliance documentation, as well as investigations, software research, hardware introduction and release, emerging technology research, inspections, and periodic audits
- Assist in the implementation of the required government policy (i.e., NISPOM, NIST, DoD), making recommendations on process tailoring, participating in and documenting process activities
- Perform analyses to validate established cybersecurity controls and requirements and to recommend cybersecurity safeguards
- Perform static software application code scanning to identify and eliminate vulnerabilities.
- Prepare artifacts such as Test Results (TR), Authorization Boundary Diagrams (ABD), Network Topologies, Flow diagrams, Hardware and Software listings, Ports, Protocols, and Services Management documentation, supporting Assessment and Authorization activities and maintain the Plan of Actions and Milestones (POA&M)
- Periodically conduct a complete review of each program support and operational system's audits and monitor corrective actions until all actions are closed
- Coordinate across the program to address identified deficiencies during RMF assessment activities
- BS degree in relavant field of study (Computer Science, Engineering a plus)
- Active Secret clearance with the ability to obtain DoD Top Secret / SCI Clearance
- Security engineering skills with a working knowledge of cybersecurity technology and DoD/Federal cybersecurity policy (i.e., DoD 8500.01, NIST SP 800-53, etc.).
- Understanding and utilization of Enterprise Mission Assurance Support Service (eMASS).
- Familiarity in the Risk Management Framework (RMF)
- DoD 8570 Information Assurance Technical Level III Baseline Certification preferred.
- Certified Information Systems Security Professional (CISSP)
- Experience with Amazon Web Services and/or Microsoft Azure Cloud Services.
- Basic understanding of Group Policy and Change Management best practices
- Understanding IPv4, IPv6 and TCP/IP.
- Experience with Software Assurance (SwA) static and dynamic code analysis.
- Experience with McAfee ePolicy orchestrator (ePO).
- Must possess one or more of the following DoD 8570 Information Assurance Technical Level II Baseline Certifications:
Equal Opportunity Employer/Affirmative Action Employer M/F/D/V: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity, or any other characteristic protected by law. *Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.