Cyber A&A Engineer

At Auria, we believe in elevating people to achieve the extraordinary. We understand that the mission relies on each team member’s dedication and contributions and seek individuals with the desire to be part of something bigger and the courage to invest themselves in the outcomes. Location: Colorado Springs, CO Remote Status: On-Site Job Id: 13758-C2BMC # of Openings: 1 Aurais is looking to hire a Cyber A&A Engineer to support the C2BMC program. This role is on-site in Colorado Springs, CO. What You Can Expect to Do: Process and track DD Form 2875 user account forms and required training for privileged and non-privileged accounts, perform annual account validation, and work with the system administrator on the creation, modification, and removal of accounts. Conduct an assessment of systems and networks within a virtual environment to identify deviations from acceptable configurations, enclave policies, or local policies. This involves passive evaluations like compliance audits with STIG Viewer and SCAP, as well as active evaluations, including vulnerability assessments with ACAS. Perform Security Technical Implementation Guide (STIG) assessments and hardening for Windows, Red Hat Enterprise Linux (RHEL) systems, and networking equipment using ConfigOS. Develop test plans that reflect how STIG checks are implemented and that show the expected outcomes of those checks. Update Risk Management Framework (RMF) artifact documentation to ensure that non-compliant system hardening is tracked and remediated. Establish strict program control processes to ensure risk mitigation and support the assessment and authorization of systems. Support process, analysis, coordination, control certification testing, compliance documentation, investigations, software research, hardware introduction and release, emerging technology research, inspections, and periodic audits. Assist in implementing the required government policy (e.g., NISPOM, NIST, DoD), make recommendations on process tailoring, and participate in and document process activities. Perform analyses to validate established cybersecurity controls and requirements and to recommend cybersecurity safeguards. Support program test milestones through pre-test preparations, participating in the tests, analysis of the results, and preparation of required artifacts supporting authorization. Prepare artifacts such as Test Results (TR), Authorization Boundary Diagrams (ABD), Network Topologies, Flow Diagrams, Hardware and Software Listings, Ports, Protocols, Services Management documentation to support Assessment and Authorization activities, and maintain the Plan of Actions and Milestones (POA&M). Periodically conduct a comprehensive review of each program's support and operational system audits and monitor corrective actions until all actions are closed. Coordinate across the program to address identified deficiencies in RMF assessment activities. What The Team Requires: A Bachelor’s Degree in Computer Science, Chemical Engineering, Mechanical Engineering, Electrical Engineering, Engineering, Mathematics, Physics, or a related field from an accredited university, along with 5 years of experience; or a Master’s degree in a related field with 3 years of relevant work experience; or 9 years of relevant work experience may be considered as an alternative to a degree. Applicants must have a current, active DoD 8140 certification at IAT Level II / IAM Level I or higher (such as Security+ CE, CCNA‑Security, CySA+, CND, CGRC, CASP, CISM, CISSP for Associate, CCISO, etc.) at the time of application, which is required to start. The candidate is responsible for maintaining their DoD 8140 certification throughout the entire contract period. Applicants must have a current, active in-scope DoD‑issued Top Secret security clearance at the time of application, which is required to start. Security engineering skills with a working knowledge of cybersecurity technology and DoD/Federal cybersecurity policy (i.e., DoDI 8500.01, NIST SP 800‑53, etc.). Understanding and utilization of Enterprise Mission Assurance Support Service (eMASS). Understanding of the Risk Management Framework (RMF) Cybersecurity Lifecycle to include: Identifying controls and overlays, generating testable requirements, identifying resilient architecture design, configuring, running, and scripting audit tools, analyzing vulnerabilities, and conducting verification testing for compliance assessment. Knowledge of Software Assurance (SwA) static and dynamic code analysis (e.g., Fortify/SonarQube). What The Team Prefers: Windows and Red Hat Enterprise Linux (RHEL) system administration skills. Previous background working in a virtual environment. Previous background working with Docker and containers. Administer ACAS and ESS (formally HBSS). Previous experience with ConfigOS. Pay Transparency: The salary offered will be based on the selected candidate’s qualifications – skills, education & experience – and the position level. $115,000 – $125,000. Application Deadline: September 5, 2026. Equal Opportunity/Affirmative Action Employer: Auria is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, marital status, national origin, age, veteran status, disability, or any other protected class. As a proven leader in Engineering and Technology solutions for the Department of Defense and civil organizations, our teams provide leading expertise in Software and Systems Engineering, Cyber Solutions, and Specialized Mission Operations that advance critical missions. When you join Auria, you become part of a team with a deep sense of responsibility and purpose, fostering an environment of collaboration, support, and growth. #J-18808-Ljbffr