This opportunity offers very rewarding and unique benefits, which equates to 50% of compensation on TOP of your base salary! The first part is a tax-qualified profit-sharing retirement plan, to which CACI annually contributes up to 25% of your base salary (not in excess of applicable IRS limits) to your retirement account. The second component consists of an Individual Benefit Account (IBA), which is used for premiums, medical reimbursements, dependent care, education and Paid Time Off (PTO) policy. Both components of the benefit package are paid for by CACI, in addition to your base salary and potential performance bonuses. We believe in a healthy home/work balance and our locations offer a wide variety of activities to balance with your work life.
What You'll Get to Do:
You will perform Information System Security Engineering support for various information systems throughout the system development lifecycle. You will have the opportunity to assist in system hardening, prepare comprehensive assessment testing procedures, system scanning, documentation, and support the engineering team by providing direct input on the information system design in order to obtain a successful Authorization to Operate. Additionally, you will maintain some operational systems as the primary systems administrator.
Duties and Responsibilities:
Execution of the Assessment & Authorization (A&A process in accordance with government requirements (e.g. ICD-503).
Ensure that accreditation data is maintained within customer databases (e.g. Xacta).
Conduct research in multiple areas, to include emerging technologies, vulnerability information, system hardening (e.g. STIGs), operating systems, application software and security tools.
Prepare comprehensive security assessment testing documentation to validate applied security controls in support of Assessment and Authorization (A&A) testing.
Provide technical guidance focused on information security architecture.
Generate security accreditation artifacts to include, but not limited to Security Requirements Traceability Matrix, Security Plans, Certification Test Plans, and Continuous Monitoring Plans.
Perform vulnerability assessments using standardized tools (Nessus, DISA STIGs) and configuration updates as required to comply with security requirements.
Performing hardening of operating systems, COTS product and OpenSource products as required to support compliance with security requirements.
Provide technical engineering services for the support of integrated security systems and solutions
Assesses and mitigates system security threats, risks and vulnerabilities throughout the program life cycle. Contributes to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system operations.
Apply knowledge of IA policies and procedures disseminated by the customers organization
Perform day-to-day administration and maintenance of operational systems
You'll Bring These Qualifications:
10 years of related work experience and a Bachelor's degree in Computer Science, Information Assurance, Information Security System Engineering, or related discipline
An active TS/SCI clearance is required with BI date in last 3 years.
Must have a current certification compliant with DoD 8570 IAM or IAT level 3 OR obtain certification within 6 months of hire and maintain certification throughout employment.
Knowledge of IA principles and organizational requirements that are relevant to confidentiality, integrity, availability, authentication, and non-repudiation.
Ability to develop best practices for processes and standards that will better the system.
Knowledge of IT security principles and methods (e.g., firewalls, demilitarized zones, encryption).
Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).
Knowledge of security system design tools, methods, and techniques.
These Qualifications Would be Nice to Have:
Experience with ICD 503 and working knowledge of Risk Management Framework as outlined in NIST SP 800-37.
Working knowledge of information system security controls and how to assess their effectiveness per NIST SP 800-53 and NIST SP 800-53A.
Knowledgeable in continuous monitoring processes as outlined in NIST SP 800-137 appropriate for systems, leveraging existing tools, efforts, and incorporating new automation techniques.
Knowledgeable in information system vulnerability analysis and management.
Experienced in system testing methodologies that include: Penetration testing, Configuration analysis, Security best practices validation
Experienced in security testing and penetration tools such as: Backtrack, Assured Compliance Assessment Solution (ACAS), Wireshark, Retina, Tripwire
Experience with Security Content Automation Protocol (SCAP) or OpenSCAP scanning tools.
Experience managing McAfee ePolicy Orchestrator
Experience managing Windows Server Update Services (WSUS)
Experience maintaining COMSEC materials
Knowledgeable in Cyber Incident handling.
Experienced in using the XACTA application.
What We Can Offer You:
We've been named a Best Place to Work by the Washington Post.
Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
We offer competitive benefits and learning and development opportunities.
We are mission-oriented and ever vigilant in aligning our solutions with the nation's highest priorities.
For over 55 years, the principles of CACI's unique, character-based culture have been the driving force behind our success.
CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is proud to provide dynamic careers for employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.
Caci International Inc.