Systems Engineer Job Listing at SPA in Colorado Springs, CO (Job ID 2025-19598)

Description

Qualifications

About the Must Haves

• Active Top Secret (TS) clearance
• Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or related field (or equivalent experience)
• Possession of at least one of the following certifications:
  • Security Certifications: CISSP, Security+, CISM, CEH
  • Networking Certifications: CCNA, CCNP, Network+
• Minimum 7 years of experience in IT security, network administration, or IT support within a DoD environment
• Strong knowledge of RMF, NIST 800-53, NIST 800-171, CMMC, and DISA STIGs
• Experience with security tools such as SIEM, EDR, vulnerability scanners, and firewalls
• Hands-on experience with enterprise IT management tools (e.g., Active Directory, SCCM, Intune, Cisco, Palo Alto)
• Proficiency in Windows, Linux, and macOS environments
• Strong troubleshooting, documentation, and communication skills
• Ability to lift and transport IT equipment (up to 50 lbs.)

At SPA, we strive to deliver a robust total compensation package that will attract and retain the top talent.  Elements of the compensation package include competitive base pay and variable compensation opportunities.  

SPA provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.  

The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, etc.

Please note that the salary information shown below is a general guideline only.  Salaries are commensurate with experience and qualifications, as well as market and business considerations.  Colorado salary pay range:  165k - 200k

As a Systems Engineer at SPA, you will be responsible for securing, managing, and maintaining network operations, endpoints, and implement security procedures in alignment with Risk Management Framework (RMF), NIST 800-53, Cybersecurity Maturity Model Certification (CMMC), and compliant with other relevant Department of Defense (DoD) policies and standards.

Key responsibilities include but are not limited to the following:

• Cybersecurity & Compliance
  • Implement and enforce security policies in accordance with DoD cybersecurity frameworks, including RMF, NIST 800-53, NIST 800-171, and CMMC.
  • Support the development and maintenance of System Security Plans (SSP), Plan of Action and Milestones (POA&M), and Authority to Operate (ATO) documentation.
  • Conduct security assessments, risk analysis, vulnerability scanning, and remediation planning.
  • Manage access control policies, Multi-Factor Authentication (MFA), and Privileged Access Management (PAM) to safeguard IT assets.
  • Ensure compliance with DISA Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP) benchmarks.
  • Respond to cybersecurity incidents, conduct forensic analysis, and implement corrective measures.
  • Coordinate with DoD security stakeholders, auditors, and accreditation authorities to maintain system compliance.
  • Provide security awareness training and ensure adherence to secure system configurations.
• Endpoint & IT Support
  • Configure, image, and deploy desktops, laptops, mobile devices, and peripherals following DoD security guidelines.
  • Implement and manage endpoint security solutions, including encryption, Endpoint Detection and Response (EDR), and patch management.
  • Support end users with troubleshooting hardware, software, and network connectivity issues.
  • Manage enterprise endpoint management tools (e.g., Microsoft Intune, SCCM, JAMF) for policy enforcement and software distribution.
  • Maintain IT asset inventory, track hardware/software lifecycle, and ensure compliance with DoD asset management policies.
  • Automate endpoint deployment and maintenance using approved DoD tools and scripts.
• Network Engineering & Administration
  • Design, implement, and maintain secure network infrastructure in compliance with DoD requirements.
  • Configure and manage network devices (routers, switches, firewalls, VPNs, wireless access points) using DoD-approved configurations.
  • Monitor network performance, troubleshoot connectivity issues, and optimize bandwidth utilization.
  • Implement network segmentation, zero-trust architectures, and Intrusion Detection/Prevention Systems (IDS/IPS).
  • Ensure compliance with DISA STIGs, SCAP scans, and other DoD network security standards.
  • Conduct network security assessments, penetration testing, and vulnerability management.
  • Maintain up-to-date network diagrams, configurations, and security documentation.
  • Support disaster recovery and continuity of operations (COOP) planning for network infrastructure.

You will be expected to work on-site with the Government customer at an off-Base location in Colorado Springs, CO at least 4 days per week due to the fast pace, quick-turn nature of the job and the persistent need to access secure networks. Thus, residing in comfortable driving distance of Colorado Springs, CO should be considered.