Who is Trace3?
Trace3 is a leading Transformative IT Authority, providing unique technology solutions and consulting services to our clients. Equipped with elite engineering and dynamic innovation, we empower IT executives and their organizations to achieve competitive advantage through a process of Integrate, Automate, Innovate.
Our culture at Trace3 embodies the spirit of a startup with the advantage of a scalable business. Employees can grow their career and have fun while doing it!
Trace3 is headquartered in Irvine, California. We employ more than 1,200 people all over the United States. Our major field office locations include Denver, Indianapolis, Grand Rapids, Lexington, Los Angeles, Louisville, Texas, San Francisco.
Ready to discover the possibilities that live in technology?
Come Join Us!
Street-Smart - Thriving in Dynamic Times
We are flexible and resilient in a fast-changing environment. We continuously innovate and drive constructive change while keeping a focus on the "big picture." We exercise sound business judgment in making high-quality decisions in a timely and cost-effective manner. We are highly creative and can dig deep within ourselves to find positive solutions to different problems.
Juice - The "Stuff" it takes to be a Needle Mover
We get things done and drive results. We lead without a title, empowering others through a can-do attitude. We look forward to the goal, mentally mapping out every checkpoint on the pathway to success, and visualizing what the final destination looks and feels like.
Teamwork - Humble, Hungry and Smart
We are humble individuals who understand how our job impacts the company''s mission. We treat others with respect, admit mistakes, give credit where it's due and demonstrate transparency. We "bring the weather" by exhibiting positive leadership and solution-focused thinking. We hug people in their trials, struggles, and failures - not just their success. We appreciate the individuality of the people around us.
JOB SUMMARY:
The Cyber A&A Engineer supports Assessment and Authorization (A&A) activities within the Risk Management Framework (RMF) by evaluating cybersecurity controls, identifying system vulnerabilities, and developing required artifacts to achieve and maintain system authorization. This role also performs functions aligned to an Information System Security Officer (ISSO), with a focus on cybersecurity policies, technologies, and compliance within DoD environments.
SUMMARY OF ESSENTIAL JOB FUNCTIONS:
Process and track DD Form 2875 user account forms and required training for privileged and non-privileged accounts.
Perform annual account validation and coordinate with system administrators on account creation, modification, and removal.
Assess systems and networks in virtual environments to identify deviations from approved configurations, enclave policy, or local policy.
Conduct compliance audits using passive tools (e.g., STIG Viewer, SCAP) and perform active vulnerability assessments using ACAS.
Execute Security Technical Implementation Guide (STIG) assessments and system hardening for Windows, Red Hat Enterprise Linux (RHEL), and networking equipment using ConfigOS.
Develop test plans for STIG checks and demonstrate expected outcomes.
Update Risk Management Framework (RMF) artifacts to track and remediate system hardening non-compliance.
Establish program control processes to mitigate risk and support system assessment and authorization.
Support compliance activities including analysis, coordination, certification testing, documentation, inspections, audits, and technology evaluation.
Assist in implementing government cybersecurity policies (e.g., NISPOM, NIST, DoD) and recommend process improvements.
Validate cybersecurity controls and recommend appropriate safeguards through vulnerability analysis.
Support program test milestones through pre-test preparation, participation, analysis of results, and artifact development for authorization activities.
Prepare and maintain authorization documentation including:
Test Results (TR)
Authorization Boundary Diagrams (ABD)
Network topologies and flow diagrams
Hardware/software inventories
Ports, protocols, and services documentation
Plan of Actions and Milestones (POA&M)
Conduct periodic reviews of system audits and track corrective actions through closure.
Coordinate with program stakeholders to resolve deficiencies identified during RMF assessments.
REQUIRED SKILLS AND EXPERIENCE:
Security engineering skills with working knowledge of cybersecurity technologies and DoD/Federal cybersecurity policies (e.g., DoDI 8500.01, NIST SP 800-53).
Experience with Enterprise Mission Assurance Support Service (eMASS).
Understanding of the Risk Management Framework (RMF) cybersecurity lifecycle, including:
Controls and overlays
Development of testable requirements
Resilient architecture design
Configuration, execution, and scripting of audit tools
Vulnerability analysis and verification testing for compliance
Knowledge of Software Assurance (SwA), including static and dynamic code analysis (e.g., Fortify, SonarQube).
Preferred Qualifications
EDUCATION: Bachelors with 3+ or Master with 1+ Years of Experience
LOCATION: Full Time/ On-Site Schriever Base in Colorado Springs, CO
CLEARANCE REQUIRMENT: Top Secret
DOD 8570 REQUIREMENT: IAT - Level II
SALARY RANGE: $105,000 to $122,400
PHYSICAL DEMANDS:
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform these functions.
While performing the duties of this job, the employee is regularly required to:
WORK ENVIRONMENT:
This position is performed within a secure, classified workspace. Employees must comply with all applicable security protocols and access control procedures, including restrictions on personal electronic devices and the handling of sensitive information.
Actual salary will be based on a variety of factors, including location, experience, skill set, performance, licensure and certification, and business needs. The range for this position in other geographic locations may differ. Certain positions may also be eligible for variable incentive compensation, such as bonuses or commissions, that is not included in the base salary.
Estimated Pay Range
$105,000-$122,400 USD
The Perks
Our Commitment
At the core of Trace3''s DNA is our people. We are a diverse group of talented individuals who understand the importance of teamwork and demonstrating leadership, character, and passion in all that we do.
We're committed to fostering an inclusive workplace where everyone feels respected, valued, and empowered to grow. We recognize that embracing diversity drives innovation, improves outcomes, fosters collaboration, boosts teammate satisfaction, and builds a more inclusive culture.
As an equal opportunity employer, Trace3 bases all employment decisions based on individual qualifications, merit, and business requirements. We do not engage in discrimination on the basis of race, color, religion, sex (including gender identity, sexual orientation, and pregnancy), national origin, age (40 or older), disability, genetic information, or any other characteristic protected by federal, state, or local law.
Any demographic information provided is strictly voluntary, kept confidential in accordance with Equal Employment Opportunity (EEO) regulations, and will not be used in employment decisions, including hiring, promotions, or mentorship programs. We are committed to providing equal employment opportunities for all.
If you require a reasonable accommodation to complete the application process or participate in an interview, please email recruiting@trace3.com.