What You’ll Get to Do:

You will perform Information System Security Engineering support for various information systems throughout the system development lifecycle. You will have the opportunity to perform system hardening, prepare comprehensive assessment testing procedures, system vulnerability scanning and mitigation, system maintenance and configuration, documentation, and support the engineering team by providing direct input on the information system design to obtain and/or maintain a successful Authorization to Operate.

More About this Role:

• Execution of the Assessment & Authorization (A&A process in accordance with government requirements (e.g. ICD-503)

• Ensure that accreditation data is maintained within customer databases (e.g. SNOW)

• Conduct research in multiple areas, to include emerging technologies, vulnerability information, system hardening (e.g. STIGs), operating systems, application software and security tools

• Execute system configuration, and maintenance in support of the Security Engineering discipline

• Prepare comprehensive security assessment testing documentation to validate applied security controls in support of Assessment and Authorization (A&A) testing

• Provide technical guidance focused on information security architecture

• Generate security accreditation artifacts to include, but not limited to, Security Plans, Certification Test Plans, and Continuous Monitoring Plans

• Track and fulfill liens associated with A&A activities as documented in the Plan of Actions and Milestones

• Perform vulnerability assessments using standardized tools (Nessus, DISA STIGs) and configuration updates as required to comply with security requirements

• Perform guidance for hardening of operating systems, COTS product and OpenSource products as required to support compliance with security requirements

• Provide technical engineering services for the support of integrated security systems and solutions

• Assess and mitigate system security threats, risks, and vulnerabilities throughout the program life cycle. Contribute to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system operations

• Participate as a member of a security engineering team that designs, develops, implements, evaluates and/or integrates security architectures, systems or system components

• Support and interact with customers in the enforcement of the design of security throughout the system life cycle.

• Apply knowledge of IA policies and procedures disseminated by the customers organization.

• Track software delivery cycles for required updates and patching.

• Provide weekly security status emails

• Develop quarterly security status briefing charts and brief them at Program Management Reviews

Duties and Responsibilities:

• Track outstanding security findings and determine solutions

• Develop tasks/milestones to workoff POA&Ms and track them

• Coordinate A&A activities between program and external entities

• Generate program documentation to capture security status

You’ll Bring These Qualifications:

• An active TS/SCI clearance with polygraph is required

• Must have a current certification compliant with DoD 8570 IAM or IAT level 3 OR obtain certification within 6 months of hire and maintain certification throughout employment (e.g. CISSP)

• Bachelor’s degree in Computer Science, Information Assurance, Information Security System Engineering, or equivalent and five (5) years of directly related experience.

• Knowledge of ICD 503, CNSSI 1253, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-37, and security controls assessment criteria/procedures.

• Experience with implementing NIST 800-53 controls/ICD 503.

• Knowledge of the NRO environment and the ability to navigate projects through the RMF process to achieve IATT & ATO.

• Experience participating in Assessment and Authorization (A&A) process.

• Experience preparing systems security documentation (e.g., security plans, risk assessment reports, Plan of Actions and Milestones (POA&Ms), etc.).

• Experience with Continuous Monitoring, mitigating scan findings, maintaining Interconnections documentation.

• Vulnerability assessment scanning experience (Security Center/NESSUS)

• Experience working with engineers and system administrators to correct scan findings / system vulnerabilities.

• Experience with creation/use of Security Center Dashboards and reports.

• Excellent communication and interpersonal skills required.

• Must be able to efficiently manage time management and workload

• Ability to support a flexible schedule and work in a dynamic, real-time environment with rapidly changing priorities required.

Desired Certifications:

• Proficient in the use of Microsoft Application tools (i.e., Excel and Powerpoint).

• Experience with developing test plans for information systems.

• Demonstrated experience with Linux (Red Hat, CentOS)

• Experience with DevOps

• Familiarity with code quality and code analyzing security tools

• Experience with Amazon Web Services (AWS): Should have current or ability to obtain an Amazon Cloud certification, such as AWS Certified Solutions Architect – Associate or AWS Certified Security Specialty

• Audit log review: ability to query and perform analysis in Splunk.

• Experience within the Intelligence Community

What We Can Offer You:
- We’ve been named a Best Place to Work by the Washington Post.
- Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
- We offer competitive benefits and learning and development opportunities.
- We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities.
- For over 60 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.

Company Overview:

CACI is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other protected characteristic.

Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Learn morehere

The proposed salary range for this position is: