Risk Analyst jobs in Colorado Springs, CO

Quantum Research International, Inc. (Quantum) is a certified DoD Contractor providing services and products to US/Allied governments and industry in the following main areas: (1) Cybersecurity, High Performance Computing Systems, Cloud Services and Systems; (2) Space and Ground Support Systems; (3) Aviation Systems; (4) Missile Systems; (5) Artificial Intelligence/ Machine Learning Systems and Experimentation/Training; and (6) Audio Visual Systems and Services. Quantum's Corporate Office is in Huntsville, AL, but Quantum actively hires for positions nationwide and internationally. We pride ourselves on providing high quality support to the U.S. Government and our Nation's Warfighters. In addition to our corporate office, we have physical locations in Aberdeen; MD; Colorado Springs, CO; Orlando, FL; Crestview, FL, and Tupelo, MS.

Mission:

Quantum is seeking a Cybersecurity Risk Management Framework (RMF) Analyst to provide Cybersecurity subject matter expertise with government security procedures and policies and ensure compliance and quality control across multiple architectures and government systems. This position supports classified project development for a significant national security system. The Analyst supports the identification of system vulnerabilities during prototype development, determines security controls to mitigate or eliminate risk from the uncovered vulnerabilities, and prepares artifacts and documents to support government Authority to Operate (ATO) activities. This position is available immediately and the candidate will operate from facilities in the Aurora, CO area.

Responsibilities:

• Serves as a subject matter expert to advise for RMF packages, strategies, and technical components to ensure compliance of NIST 800-53 security controls. Assist in the implementation of the required government policy (i.e., NISPOM, NIST, DoD), making recommendations on process tailoring, participating in and documenting process activities.
• Assess solutions' architectural designs for compliance with NIST 800-53 and DOD related policies for on premise and cloud-based solutions; prepare assessment documentation.
• Develop security artifacts to support the IA program to include System Security Plans (SSP), Security Assessment Reports (SAR), Risk Assessment Reports (RAR), Security Control Traceability Matrix (SCTM), Plan of Action and Milestones (POA&M), System Design and Installation Procedures, System User Guides, Privileged User Guides, Security Test Procedures, and other documents as needed.
• Perform assessment of architectures, systems and networks within the environment and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy Achieved through passive evaluations such as compliance audits using STIG Viewer, SCAP Compliance Checker (SCC), and active evaluations through ConfigOS and ACAS/NESSUS
• Perform assessments of non-technical RMF artifacts and identify where those artifacts deviate from RMF control requirements.
• Establish strict program control processes to ensure mitigation of risks and supports obtaining assessment and authorization of systems. Includes support of process, analysis, coordination, control certification test, compliance documentation, as well as investigations, software research, hardware introduction and release, emerging technology research, inspections, and periodic audits.
• Perform analyses to validate established cybersecurity controls and requirements and to recommend cybersecurity safeguards.
• Periodically conduct a complete review of each program support and operational system's audits and monitor corrective actions until all actions are closed.
• Coordinate across the program to address identified deficiencies during RMF assessment activities.

Requirements:

• BS degree in relevant field of study (Computer Science, Engineering a plus)
• Active Secret clearance with the ability to obtain DoD Top Secret / SCI Clearance
• Security engineering skills with a working knowledge of cybersecurity technology and DoD/Federal cybersecurity policy (i.e., DoD 8500.01, NIST SP 800-53, etc.).
• Expertise in the Risk Management Framework (RMF)

Desired/Preferred Qualifications:

• Desired certifications: DoD 8570 Information Assurance Technical Level III Baseline Certification CASP
• Certified Information Systems Security Professional (CISSP)
• Security , CEH, AWS
• Knowledge of compliance standards to include NIST 80053 controls, RMF, 800-53, FEDRAMP, and emerging IC/DoD polices for Cyber Security with a particular focus on Cross Domain Solutions
• Basic understanding of Change Management best practices.

Salary Range: $130K - $160K. The salary range for this opportunity depends on relevant experience and qualifications.

Equal Opportunity Employer/Affirmative Action Employer M/F/D/V:
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity, or any other characteristic protected by law. *Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.