We have an exciting opportunity to join us in supporting one of our valued customers as an Information Security Analyst, Junior to work out of Colorado Springs, CO supporting Space Systems Command (SSC) Space Training Acquisition Organization (STAO).

*This position is onsite, with some telework available*

PAY: $95,000 - $115,000

JOB SUMMARY:

This position will support development of Modeling and Simulation (M&S) software used to conduct training of Space Operators or injection of space effects into multi-domain exercises. Software includes both cloud-based and server/desktop platforms. Effort will include designing, implementing, and maintaining security for a variety of cloud, virtual, and physical platforms.

The candidate will design, implement, operate, and monitor DevSecOps solutions using tools such as third party dependency vulnerability scanners, authentication proxies, firewalls, TLS encryption, role based access control, vulnerability scanners, patch and configuration management tools while restricting access to sensitive components such as worker nodes, Kubelet, Kubernetes Dashboard, and API servers. Critical to this effort, the candidate should be able to identify possible attack vectors, vulnerabilities, and proper configurations to mitigate risks to an acceptable level. Use agile management tools to track and manage projects. The candidate should be able to design elegant solutions, solve complex problems, integrate different components, incorporate test into design, and research solutions for collecting, storing, manipulating, and presenting information while embracing open architectures, software, and common standards.

ESSENTIAL DUTIES:

• Work efficiently and effectively from the office, at home, and/or remote locations in a hybrid fashion.
• Integrate security principles into the development and deployment of software/hardware solutions.
• Ensure continuous monitoring processes are installed and actively controlled.
• Participate in root cause analysis investigations.
• Establish DevSecOps processes to ensure permissions and configurations are appropriate.
• Cloud Infrastructure/Cloud Security/DevSecOps: Design, implement, and maintain security solutions/operations for a variety of cloud technologies. Design, implement, and maintain systems to perform scanning of source code, log collection and analysis, and security alerting.
• Support developers in DevSecOps design, implementation, and maintenance operations to include implementation of service mesh, access control, identity management, and container security.
• Systems Security: Work with developers to ensure virtual and physical systems are configured securely. Employ operating system and application vulnerability and secure configuration scanners (e.g., Nessus, SCAP Compliance Checker) anti-virus endpoint and management solutions, firewalls, secure DNS, and proxies.
• Plan and implement automated methods for securing, verifying, and resetting system security. Develop documentation to enable rapid adoption and utilization of standard architectures and to describe system architectures and data flow.
• Risk Management Framework (RMF): Designs and facilitates implementation of security controls IAW NIST SP 800-53 and SP 800-171. Documents hardware, software, system components, and data flow as required to complete RMF System Security Plans. Develop and maintain training plans, records, and training.
• Additional duties, as assigned

PREFFERED QUALIFICATIONS:

• Exposure to Web, Cloud and AWS development methods
• Familiarity with RMF and Cyber Maturity Model Certification (CMMC)
• Experience supporting DoD Contracts
• DevSecOps experience
• Cloud Development/Services Platforms: Microsoft Azure, AWS, Google Cloud
• Strong collaboration, problem solving, and communication skills
• Red Hat, Microsoft, VMWare, and cloud security certifications and/or experience
• Experience with Kubernetes, Docker, Git, NodeJS, and Red Hat

EDUCATION/CERTIFICATION:

• 0-3 years’ experience as a software developer, DevSecOps, systems security, Cyber Ops, engineer, web/cloud developer, or related field
• Bachelor’s Degree in Computer Science, Cyber Security, or similar field of study; additional years of experience may be substituted for a degree
• Current DoD 8570.01-M IAT Level 2 certification (e.g., CompTIA Security + or equivalent) or must obtain within six months of hire

REQUIRED CLEARANCE: Secret

TRAVEL: 10%

All USfalcon employees are required to show proof of vaccination status at time of hire to ensure compliance with EO14042, Ensuring Adequate COVID Safety Protocols for Federal Contractors (effective December 8, 2021).

In compliance with Colorado’s Equal Pay for Equal Work Act, USfalcon considers several factors when extending an offer, including but not limited to, the role and associated responsibilities as well as a candidate’s work experience, knowledge, skills, education, and training.

Benefits Offered: medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, EAP, parental leave, pet insurance, paid time off, and holidays.

About US: USfalcon has grown from our roots in 1984 to become a mid-tier professional services company supporting a diverse and global customer base of DoD and Federal Agencies. We have been excelling in diverse platforms for almost 30 years and continue to be an industry leader. If you thrive in an organization that values integrity, commitment, stewardship, and service, we want to meet you. We deliver core capabilities in Aviation, Space, Information Technology, and Business Operations and continue to grow and expand our competencies, contracts and customer base, adding to our long history of supporting customer and community needs. Learn more at www.usfalcon.com/history.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)