IT & InfoSec Administrator (Colorado Springs)

Job Description: IT & InfoSec AdministratorIn this role, you will be the primary owner for day-to-day information technology operations, endpoint management, security tooling, and compliance execution. This position requires a hands-on, practical IT generalist who can support a growing technical team while helping mature Citra's cybersecurity program for government contracting.The successful candidate will help implement and maintain NIST SP 800-171 / CMMC-aligned controls, maintain the System Security Plan, and execute items in the Plan of Action and Milestones.Compensation Range: $125,000 - $150,000 base salary, plus equity. Total compensation will depend on experience and qualifications.Location: Colorado Springs, CO. Hybrid work schedules available but must reside in the local area or be willing to relocate.ResponsibilitiesServe as the primary IT administrator, supporting laptops, user accounts, SaaS applications, network equipment, endpoint security, cloud services, and on-premises Linux hardwareOwn and maintain core IT systems across a heterogeneous environment, including Linux servers, Windows and macOS endpoints, Microsoft 365 / SharePoint, identity and access management, endpoint management, device inventory, and security toolingImplement and maintain NIST SP 800-171 / CMMC-aligned controls in partnership with leadership, engineering, and external advisorsMaintain the System Security Plan and drive execution of POA&M items, including remediation tracking, evidence collection, and status updatesDeploy and manage endpoint baseline configurations including encryption, screen lock, firewall, automatic updates, application controls, USB restrictions, and EDR telemetrySupport onboarding, offboarding, access reviews, change control, incident response, vulnerability management, and audit readiness activitiesDocument IT procedures, administrative runbooks, security control evidence, and user-facing guidance appropriate for a small but growing technical companyQualificationsEducation: Bachelor's degree in Information Technology, Cybersecurity, Computer Science, Engineering, or a related technical discipline; equivalent hands-on experience will also be consideredExperience: 5–8 years of professional experience in IT administration, systems administration, cybersecurity operations, or a similar technical roleExperience administering heterogeneous IT environments including Linux servers, Windows and macOS endpoints, cloud services, identity and access management, endpoint management / MDM, and endpoint protection toolsWorking knowledge of NIST SP 800-171, CMMC, DFARS / government contracting cybersecurity expectations, or comparable security control frameworksExperience maintaining or contributing to a System Security Plan, POA&M, control matrix, audit evidence repository, or compliance documentation setFamiliarity with AWS, GitHub administration, logging / SIEM concepts, vulnerability management, backup / recovery, and incident response is strongly preferredThis position requires compliance with U.S. export control laws and regulations. Applicants must be U.S. citizens or lawful permanent residents as defined by 8 U.S.C. 1324b(a)(3) to meet the requirements of the International Traffic in Arms Regulations (ITAR) and/or Export Administration Regulations (EAR).