CACI is looking for a mid-level Information Assurance professionals to support C&A/A&A efforts including testing, mitigation, and documenting of security plans. This individual will perform site assessments and security testing as required.
Duties and Responsibilities:
Provide Mitigation and Remediation recommendations in support of the RMF process for various control systems as required
Conduct in-depth analysis of IV&V/SCA, C&A/A&A, and functional/operational test results for accuracy, compliance, adherence to DoD and Federal IA technical and operational security requirements
Document residual risks by conducting a thorough review of all the vulnerabilities, architecture and defense in depth and provide the IA risk analysis and mitigation determination results for the Test Report
Maintain qualified validator status with Navy or other applicable DoN agency requirement
Work with system owners to develop specific site and system mitigation plans to achieve an overall reduction in residual risk
Develop all C&A documentation in accordance with DoD policies and procedures to ensure that accreditation packages are complete and system compliance is met for Designated Accrediting Authority or Authorizing Official (AO)
Maintain documentation for Plan of Action and Milestones
Validation Readiness Review (IAVRR) to determine if the system security is sufficiently mature to execute the IA certification test event
Develop associated DIACAP/RMF IA Artifacts to include the System Security Plan, System Design and Architecture, Contingency Plan/COOP Plan, Incident Response Plan, Audit Design, Change Control Board, Identification and Authentication, Physical and Environmental, and Remote Access artifacts
Assemble DIACAP/RMF Package (Scorecard, POA&M, RAR, certification documentation)
Provide guidance and support related to IT Contingency Planning
- 6 to 8 years of experience in Information Technology with 3 to 4 in Information Assurance
- Experience with Navy C&A/A&A
- Minimum DoD Secret Clearance
- Experience with IA tools including but not limited to -“ Assured Compliance Assessment Solution (ACAS), Host Based Security System (HBSS), System Center Configuration Manager (SCCM), Data at Rest (DAR), Data in Transit, Group Policy Objects (GPO), Central Logging and audit reduction analysis
- Bachelors degree in computer science, engineering, business, mathematics, or related field
- Knowledge of IA and C&A role throughout the software and system development lifecycle (SDLC)
- Excellent oral and written communication skills
- Experience and certification as a navy validator
EDUCATION & EXPERIENCE:
Typically requires a bachelor's degree or equivalent and seven to nine years of related experience.
Normal demands associated with an office environment. Ability to work on computer for long periods, and communicate with individuals by telephone, email and face to face. Some travel may be required.