Cybersecurity Analyst (MILSAT)

Systems Planning and Analysis Inc. (SPA) delivers highimpact technical solutions to complex national security issues. With over 50 years of business expertise and consistent growth we are known for continuous innovation for our government customers in both the US and abroad. Our exceptionally talented team is highly collaborative in spirit and practice producing Results that Matter. Come work with the best! We offer opportunity unique challenges and clearsighted commitment to the mission. SPA: Objective. Responsive. Trusted.

The Space and Intelligence Division provides professional services to the US Space Force Combatant Commands Intelligence Community and NASA. Our work spans all spacerelated mission areas including Remote Sensing Satellite Communication Positioning Navigation and Timing Services Command and Control Space Domain Awareness Space Superiority Launch and Infrastructure Cybersecurity and Exploration and Science. We provide architectural assessments systems engineering and integration software development and related cloud infrastructure support modeling and simulation test planning and execution cost estimating and analysis acquisition support cybersecurity and executive support. We are trusted partners developing approaches and concepts to anticipate emerging high priority needs assessing cuttingedge technologies and supporting capabilities for our National Defense. Our work encompasses all aspects of digital transformation digital engineering and digital program management across all spacerelated customers and classification levels.

The Space Systems Group part of the Space and Intel Division provides architectural engineering systems engineering agile software DevSecOps cybersecurity cloud/network/platform infrastructure support and program management services including acquisition management financial management cost estimating and risk management. We deliver timely and objective assessments and recommendations integrating technical operational programmatic policy and business analysis. We focus on our key clients in the Space community including the US Space Forces Space Systems Command one of the three designated Field Commands under the US Space Force. We work tirelessly to provide integrated solutions based on information and communications throughout the chain of command. We provide clear and consistent analysis of major weapon system programs and make recommendations aligned to strategic and leadership goals while balancing the ability to execute on time and on budget within the technical communities.

SPA has an immediate need for a Cybersecurity Analyst.

This is an exciting opportunity to support the United States Space Force (USSF) Military Satellite Communications (MILSATCOM) program. The Space Systems Command has the collective USSF mission responsibility for the development deployment maintenance and sustainment of space systems providing early missile warning capability; environmental sensing; precision navigation guidance and timing; nuclear event detection; space launch capability; national and military satellite communications capabilities; launch range and network systems; advanced systems; and technology development programs.

The successful candidate will work in close collaboration with the Information Systems Security Manager (ISSM) and Information Systems Owner (ISO) to ensure security posture is met and maintained develops security policies procedures plans and all other evidence of compliance with various security controls. This position is based at Schriever SFB in Colorado Springs.

Additional duties associated with this role include but are not limited to the following:

• Create and maintain RMF documentation to include Enterprise Mission Assurance Support Service (eMASS) and Information Technology Investment Portfolio Suite (ITIPS) database entries with System Security Plans (SSP) Security Assessment Reports (SAR) Plans of Action & Milestones (POA&M) all other artifacts and documentation tied to the NIST processes.
• Provide support to maintain a strong cybersecurity posture for the system until its disposal.
• Build maintain and track systems cybersecurity baselines via eMASS or equivalent IAW cybersecurity policies guidance and plans.
• Review assess create and update enclave documentation in eMASS and any Configuration Management (CM) system for the ISSM review and approval such as Security Plan Security Assessment Plan Category selection checklist control results and POA&Ms.
• Ensure accurate system documentation and configuration logs are maintained to reflect current and prior configuration baselines.
• Provide written evaluations portraying system progress on RMF compliance IAW cybersecurity guidance (one evaluation for each system per quarter).
• Maintain cybersecurity data for systems registered in the ITIPS IAW FISMA requirements.
• Conduct and/or report annual FISMA security reviews contingency test completion dates and validation of cybersecurity control compliance IAW cybersecurity guidance the organizational cybersecurity strategy and POA&M.
• Conduct annual control validations (ACVs) for all NC3 systems IAW AF Global Strike Command (AFGSC) cybersecurity guidance and for all nonNC3 systems in a similar manner but in accordance with SMC/ECP policies and schedule.
• Create and maintain mission common control packages and serve as the common control provider for each mission systems.
• Create and maintain AuthoritytoConnect (ATC) guest system packages in eMASS for nonUSSF systems connected to SMC/ECP systems.
• Ensure the required Cybersecurity functional activities and actions during the systems O&S phase are conducted IAW Cybersecurity related laws and regulations such as the National Cybersecurity Protection Act FISMA OMB A130 mandate and EO 13636.
• Improve Critical Infrastructure Cybersecurity and Resilience including policies standards special publications instructions and guidance from the DoD Military NIST CNSS Defense Information Systems Agency (DISA) and Department of the AF (DAF).
• Participate in the systems IPTs and sustainment contractor meetings/teleconferences change control boards (CCBs) and working groups (WGs) to ensure the continued alignment of cybersecurity requirements in the technical baselines the system security architecture information flows design and the security controls.
• Evaluate systems sources of changes such as Deficiency Reports (DRs) Problem Reports (PRs) Change Requests/Proposals (CRs/CPs) Request For Change (RFC) and AF Form 1067s.
• Determine security impacts of proposed or actual changes to the system environment threats and vulnerabilities and if any update all needed RMF artifacts to reflect the changes/revisions.
• Review and provide inputs to modification packages program/system documents and support agreements updates and communications and network infrastructure upgrades to ensure proper cybersecurity configuration modification management and planning support are implemented.
• Review systems test plans and test results and if necessary observe system testing for security control implementation IAW cybersecurity policies guidance and plan.
• Document all findings perform security impact analysis on any system change and appropriately prepare letters of assurance security impact letters and risk assessment letters to include exceptions deviations or waivers to cybersecurity requirements when applicable.
• Monitor and adhere to the systems A&A schedule deadlines IAW the Program Offices Cybersecurity Plan and IPTs schedule.
• Review annually and provide recommended updates to program cybersecurity policies and plans IAW cybersecurity guidance.
• Review and provide advice on RMF related memorandums of agreements/memorandums of understanding/service level agreements/interconnection service agreements (MOA/MOU/SLA/ISA) for RMF compliance IAW cybersecurity policies guidance and plans.
• Assist with the cybersecurity vulnerability management plan and risk assessment capability.
• Receive and review ACAS and SCC reports from the sustainment contractor for each system quarterly and characterize risk for each system semiannually.

Required Qualifications:

• Active DoD Secret clearance
• High school diploma with 3 years of experience including 1 year performing IAT level II or IAM level II functions;Associates degree can be substituted for 2 years of experience; Bachelors degree may be substituted for 4 years of experience
• Experience with DoD RMF functions and processes and/or DISA IASE
• Current Cybersecurity Certification per DoDI 8140.03 CompTIA Sec CySA or equivallent

Desired Qualifications:

• Experience with XACTA FISMA eMASS and/or ITIPS
• Bachelors degree
• TS/SCI Clearance

At SPA we strive to deliver a robust total compensation package that will attract and retain top talent. Elements of the compensation package include competitive base pay and variable compensation opportunities.

SPA provides eligible employees with an opportunity to enroll in a variety of benefit programs generally including health insurance flexible spending accounts health savings accounts retirement savings plans life and disability insurance programs and a number of programs that provide for both paid and unpaid time away from work.The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location date of hire etc.

Please note that the salary information shown below is a general guideline only. Salaries are commensurate with experience and qualifications as well as market and business Pay Transparency Range: 85k 95k.