Senior Cybersecurity Engineer Job Listing at SPA in Colorado Springs, CO (Job ID 2025-19801)

Description

Qualifications

Required Qualifications

• Active Dod TOP SECRET clearance with SCI eligibility
• Bachelor's degree and 10+ years of cybersecurity experience performing IAT Level II functions (threat, attacks, vulnerabilities, identification and access management, architecture and design, and risk management) and IAT Level II functions developing and implementing IA policies in coordination with IA inspections and reviews
• Experience with ITIPS, eMASS, FISMA, and/or DISA IASE
• IAM Level 2 Certification (CAP, CASP CE, CISM, CISSP or Associate, or CCNA Security)

Preferred Qualifications

• Experience with Xacta

At SPA, we strive to deliver a robust total compensation package that will attract and retain top talent.  Elements of the compensation package include competitive base pay and variable compensation opportunities.  

SPA provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.  The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, etc.

Please note that the salary information shown below is a general guideline only.  Salaries are commensurate with experience and qualifications, as well as market and business considerations. Colorado Pay Transparency Range: 100k-120k

Position Description

• Ensure that Cybersecurity requirements are effectively integrated into IS and components through purposeful security architecting, design, development, and configuration;
• Employ best practices when implementing security controls within an IS;
• Provide assessment and technical inputs to any system changes for all associated system enclaves;
• Perform FISMA required risk assessment of policies, procedures, supplemental plans addressing network, facilities and system security, security awareness training, testing  and evaluation of security controls, incident response plan, and continuity of operations plans;
• Evaluate requests for compliance and integration with all applicable cybersecurity policies, Notice to Airmen (NOTAMs), and Technical Change Orders (TCOs);
• Create/maintain a Government owned Cyber Schedule that captures all mission cybersecurity activities and actions; the schedule needs to be capable of showing a high-level view of all project/activity milestones, accomplishments, and discrete tasks including Authorization and Assessment activities for RMF packages, cyber assessments, and O&M Mods or depot sustainment cases that improve the systems cybersecurity postures;
• Provide IS and compliance documentation to include but not limited to the following:
  • Categorize ISs IAW Committee on National Security Systems Instruction (CNSSI) 1253
  • Initiate the security plan, register system with DoD Information Technology Investment Portfolio System (ITIPS) and Enterprise Mission Assurance Support System (eMASS) and select security controls for all computer enclaves IAW National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53
  • Identify common controls; develop monitoring strategy, and plan, review, and obtain approval IAW NIST SP 800-53 and CNSSI 1253
  • Implement and document control solutions consistent with DoD cybersecurity architectures IAW NIST SP 800-160 and NIST SP 800-18
  • Prepare the Plan of Action and Milestone (POA&M) and submit security authorization packages, to include all required artifacts to Authorizing Official (AO)

• Provide RMF training/education for program managers and integrated product team leads.