At CACI, we don't just hire you for a job; we hire you for a career. CACI recruits, retains, and develops a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. We empower you to forge your path while providing you with the tools, guidance, and flexibility needed to accomplish your career goals. CACI has a clear, defined strategy that has guided our success for over fifty years.
Consider a career with CACI, where you will have the opportunity to make an immediate impact by providing the information technology and consulting solutions America needs to defeat global terrorism, secure our homeland and improve government services.
CACI has an immediate opening for a Security Control Assessor (SCA) to support a Government client. The candidate will provide support in security control assessment and continuous monitoring of the organization's information systems following ICD 503 standards and best practices. The candidate will provide various levels of Information assurance by developing test plans and assessing or auditing security controls of systems by applying best practices of NIST 800-73, 800-53, 800-53A, and CNSS 1253 guidance. The individual will provide recommendations concerning safeguarding of information systems and will conduct a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls.
- Working knowledge of Security Controls and how to assess them per NIST SP 800-53 and NIST SP 800-53A
- Working knowledge of Risk Management Frame work as outlined in NIST SP 800-73
- Experience with ICD 503 and the Assessment and Authorization (A&A) process
- Implement a Continuous Monitoring strategy (per ICD 503) appropriate for systems, leveraging existing tools, efforts, and incorporating new automation techniques
- Support the preparation of the Security Assessment Report (SAR), Develop Test plans, Execute and Assess the Security Controls within the Test Plans
- Review Security Plan (SSP or SSA)
- Develop and assist in development of Plan of Action and Milestones (POA&M) containing corrective actions required for unacceptable risks
- Provide configuration management and control processes to integrate security and risk management
- Conduct security impact analyses of controls on proposed system changes
- Support FISMA and CCRI
- Must obtain appropriate 8570 Certification within 90 days of hire and maintain certification throughout employment
- Must have current TS/SCI and able to pass CI polygraph with 60 days of hire
EDUCATION & EXPERIENCE:
Typically requires a bachelor's degree or equivalent and 10 to 12 years related experience. Master's degree or doctorate in field mathematics, telecommunications, electrical engineering, computer engineering, or computer science is preferred.
* Current certification compliant with DoD 8570 IAM or IAT level 3. At minimum, Candidates must provide demonstrable progress to achieve a DoD 8570 compliant certification within 90 days of hire and maintain certification throughout employment.
* Working knowledge or experience with DIACAP, DCID 6/3 and ICD 503/RMF
* System Testing methodologies experience (includes but is not limited to: penetration testing, configuration analysis and security best practices validation) as well as experience with a variety of security testing and penetration testing tool sets (includes but is not limited to: WASSP, SECSCN, Backtrack 5, ACAS/Nessus (Security Center & Nessus Vulnerability Scanner), Wireshark, Retina & Tripwire)
- Network Discovery & Visual Analytics experience (i.e., IP Sonar, etc.)
- Red / Blue team assessment experience
- Cyber Incident handling
- Working knowledge of Forensic tools and analysis
- Experience using XACTA
- Experience within the Intelligence Community
Normal demands associated with an office environment. Ability to work on computer for long periods, and communicate with individuals by telephone, email and face to face. Some travel may be required.