Cyber A&A Engineer (26-205)

Trace3Colorado Springs, CO
Onsite

About The Position

The Cyber A&A Engineer supports Assessment and Authorization (A&A) activities within the Risk Management Framework (RMF) by evaluating cybersecurity controls, identifying system vulnerabilities, and developing required artifacts to achieve and maintain system authorization. This role also performs functions aligned to an Information System Security Officer (ISSO), with a focus on cybersecurity policies, technologies, and compliance within DoD environments.

Requirements

  • Security engineering skills with working knowledge of cybersecurity technologies and DoD/Federal cybersecurity policies (e.g., DoDI 8500.01, NIST SP 800-53).
  • Experience with Enterprise Mission Assurance Support Service (eMASS).
  • Understanding of the Risk Management Framework (RMF) cybersecurity lifecycle, including: Controls and overlays, Development of testable requirements, Resilient architecture design, Configuration, execution, and scripting of audit tools, Vulnerability analysis and verification testing for compliance.
  • Knowledge of Software Assurance (SwA), including static and dynamic code analysis (e.g., Fortify, SonarQube).
  • Bachelors with 3+ or Master with 1+ Years of Experience
  • Top Secret DOD Clearance
  • IAT - Level II

Nice To Haves

  • Experience performing ISSO-related functions in a DoD or federal environment.
  • Windows and Red Hat Enterprise Linux (RHEL) system administration experience.
  • Experience working in virtual environments.
  • Experience working with Docker and containers.
  • Experience administering ACAS and ESS (formerly HBSS).
  • Experience using ConfigOS.

Responsibilities

  • Process and track DD Form 2875 user account forms and required training for privileged and non-privileged accounts.
  • Perform annual account validation and coordinate with system administrators on account creation, modification, and removal.
  • Assess systems and networks in virtual environments to identify deviations from approved configurations, enclave policy, or local policy.
  • Conduct compliance audits using passive tools (e.g., STIG Viewer, SCAP) and perform active vulnerability assessments using ACAS.
  • Execute Security Technical Implementation Guide (STIG) assessments and system hardening for Windows, Red Hat Enterprise Linux (RHEL), and networking equipment using ConfigOS.
  • Develop test plans for STIG checks and demonstrate expected outcomes.
  • Update Risk Management Framework (RMF) artifacts to track and remediate system hardening non-compliance.
  • Establish program control processes to mitigate risk and support system assessment and authorization.
  • Support compliance activities including analysis, coordination, certification testing, documentation, inspections, audits, and technology evaluation.
  • Assist in implementing government cybersecurity policies (e.g., NISPOM, NIST, DoD) and recommend process improvements.
  • Validate cybersecurity controls and recommend appropriate safeguards through vulnerability analysis.
  • Support program test milestones through pre-test preparation, participation, analysis of results, and artifact development for authorization activities.
  • Prepare and maintain authorization documentation including: Test Results (TR), Authorization Boundary Diagrams (ABD), Network topologies and flow diagrams, Hardware/software inventories, Ports, protocols, and services documentation, Plan of Actions and Milestones (POA&M).
  • Conduct periodic reviews of system audits and track corrective actions through closure.
  • Coordinate with program stakeholders to resolve deficiencies identified during RMF assessments.

Benefits

  • Comprehensive medical, dental and vision plans for you and your dependents
  • 401(k) Retirement Plan with Employer Match
  • 529 College Savings Plan
  • Health Savings Account
  • Life Insurance
  • Long-Term Disability
  • Competitive Compensation
  • Training and development programs
  • Major offices stocked with snacks and beverages
  • Collaborative and cool culture
  • Work-life balance and generous paid time off
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service