Cyber Security Analyst at Scientific Research Corporation

Cyber Security AnalystLocationUS-CO-Colorado SpringsID2025-10641CategoryCyber SecurityPosition TypeRegular Full-TimeApplication Open Date11/21/2025Application Deadline12/21/2025Salary StatementEstimated Starting Salary Range: USD $100,050.00/Yr. - USD $166,750.00/Yr. Salary to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, and alignment with market data.DescriptionSRC is searching for a well-rounded Mid-Level Cybersecurity Engineer to test, analyze, evaluate, validate, and verify cybersecurity requirements for Information Technology (IT) systems in support of the installation requirements for the United States Space Command (USSPACECOM) Command and Control Facilities (C2F). Work supporting USSPACECOM will be conducted at the government's facilities in Colorado Springs, CO. Duties & Responsibilities include:Evaluate information systems for compliance with Defense Information Security Agency (DISA) Security Technical Implementation Guideline (STIG), Security Requirements Guides (SRGs), and other applicable security measures needed to bring IS' into complianceConduct Nessus Tenable scans (ACAS) for STIG compliance checks and RMF package progression/completionReview Information Assurance Vulnerability Alerts (IAVA) for applicability and impact to USSPACECOM systemsDevelop and/or update Plans of Action and Milestones (POA&Ms) to document all known vulnerabilities to correct or mitigate risksAnalyze changes affecting the organization's accreditation efforts to ensure risk level and cybersecurity posture are socialized to applicable RMF action officers.Ensure that security, design & distribution actions are evaluated, validated, and implemented as requiredEnsuring that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s)Evaluating development efforts to ensure that baseline security safeguards are planned for and appropriately installedIdentifying alternative information security strategies to address organizational security objectives of cyber taskingsAssisting the Command-ISSM (C-ISSM) in preparing, distributing, and maintaining plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations and cybersecurity practicesReviewing & recommending policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policiesDeveloping, updating, and/or reviewing RMF Accreditation documentation to include, but not limited to, Security Plans, Implementation Plans, Test Plans, Test Results (ACAS, STIGs, etc.), POA&M, and Security Assessment Reports (SAR)Assessing system compliance against NIST and DoD security requirements to include the NIST 800-53 controls, and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)Coordinating with other system SMEs to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories#LI-LH1 Requirements1-2 years combined cybersecurity experience holding one or more of the following roles: ISSO, Cybersecurity Analysts, and/or Systems/Network Administrator.5+ years of experience working with Windows and/or Linux systems administration.Bachelor's Degree (e.g. Cybersecurity, Engineering, Computer Science, or related IT fields) and Active DoD 8570 Level II Certification (e.g. Security+ CE, CCNA, etc.)Desired Skills5+ years of eMASS and/or XACTA experienceSkilled in the use of Enterprise Mission Assurance Support Service (eMASS) and XACTAKnowledge of cybersecurity principles and DoD requirements (relevant to CIA SCRM/C-SCRM. RMF, AAA, etc.)Knowledge of IT security principles and methods (e.g., firewalls, demilitarized zones, encryption, zero trust)Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)Clearance InformationSRC IS A CONTRACTOR FOR THE U.S. GOVERNMENT. THIS POSITION WILL REQUIRE U.S. CITIZENSHIP AS WELL AS A U.S. GOVERNMENT SECURITY CLEARANCE AT THE TOP SECRET / SCI LEVEL Travel RequirementsNo Travel RequiredAbout UsScientific Research Corporation is an advanced information technology and engineering company that provides innovative products and services to government and private industry, as well as independent institutions. At the core of our capabilities is a seasoned team of highly skilled engineers and scientists with multidisciplinary backgrounds. This team is challenged daily to provide cutting edge technology solutions to our clients. SRC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with a company match, life insurance, vacation and sick paid time off accruals starting at 10 days of vacation and 5 days of sick leave annually, 11 paid holidays, tuition reimbursement, and a work environment that encourages excellence and more. For positions requiring a security clearance, selected applicants will be subject to a government security investigation and must meet eligibility requirements for access to classified information.EEOScientific Research Corporation is an equal opportunity employer that does not discriminate in employment.All qualified applicants will receive consideration for employment without regard to their race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other protected characteristic under federal, state or local law. Scientific Research Corporation endeavors to make www.scires.com accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact [email protected] for assistance. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.