At CACI, we don't just hire you for a job; we hire you for a career. CACI recruits, retains, and develops a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. We empower you to forge your path while providing you with the tools, guidance, and flexibility needed to accomplish your career goals. CACI has a clear, defined strategy that has guided our success for over fifty years.
Consider a career with CACI, where you will have the opportunity to make an immediate impact by providing the information technology and consulting solutions America needs to defeat global terrorism, secure our homeland and improve government services.
Duties and Responsibilities:
CACI has an immediate opening for an Information Assurance (IA) Professional to support a Government client. The candidate will serve as Delegated Authorizing Official Representative, which includes services and analytical support for assisting the government in identifying and assessing security risk and mission tradeoffs in support of security risk acceptance decisions. DAO Representatives serve as principal advisors on all matters, technical and otherwise, involving the security of his or her assigned information systems. This includes providing senior level analysis and review of security considerations in context of the government customer missions, interpreting Security Assessment Reports (SARs), risk assessment, and providing critical thinking in applying security controls to system design and risk determination.
The IA professional will understand and apply ICD 503, NIST Special Publication 800-53, and CNSSI 1253. The candidate will perform and provide risk tradeoff analysis to implement the policies, processes, models, assessments, and standards needed to recommend risk acceptance authorization for complex systems and mission enablement. They will document recommendations for authorization that will consist of detailed rationale for acceptance. The candidate will document rejections back to information system owners (ISOs) with detailed and constructive recommendations for correction, along with references to appropriate government regulations and explanations for why and desired specific outcome(s) of the corrections. In interfacing with programs on feedback, the candidate will speak with the ISO to ensure clear understanding of changes needed. Conversations may occur via phone, VTC, or in person and shall be documented.
The IA professional will provide technical guidance to ensure the safeguarding of the government customer's information systems with focus on risk analysis, and Federal and Agency policy compliance by conducting security risk assessments for each assigned Information System in relationship to the Agency/Enterprise Risk Assessment and by providing authorization recommendations for information systems including: Operational Authorization to Test (OATT), Authorization to Proceed (ATP), and Authorization to Operate (ATO).
The IA professional will provide direct technical support to the Agency Delegated Authorizing Official (DAO) to ensure that security considerations and risk tradeoffs are integrated throughout the engineering development and operations lifecycle of the system and that residual risk remains at an acceptable level for operation.
- Experience in risk and vulnerability analysis in all phases of IT system life cycle development
- Ability to understand security design and architecture to optimize security of information systems
- Demonstrated experience in integration of risk management including assessment with security control specification and implementation
- Demonstrated application of cybersecurity risk management frameworks to IT systems and operations and effective risk based decision making across multiple management levels and organizations
- Experience/skill in interpretation and application of written policy and regulation
- Experience in working with a federal information security program
- Working knowledge and experience of intelligence community and/or DOD information security policies; relevant federal and private standards and requirements (e.g., NIST, CNSS)
- Knowledge of DCID 6/3, ICD 503, CNSSI 1253, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-37, and security controls assessment criteria/procedures
- Knowledge of and ability to assess systems based on DoD Security Technical implementation Guide (STIG) compliance policy and processes including Security Readiness Review results interpretation
- Ability conduct qualitative and quantitative risk analysis
- Ability to understand and convey threats and impact of threats related to the results of a security assessment
- Ability to adhere to corporate policies and programs concerning information systems
- Ability to understand the general information technology infrastructure and system inter connections (servers, local area networks (LANs), storage area networks (SANs), virtualization, etc.)
- Experience with Microsoft and Linux Operating Systems
- Experience using common IT security tools, including those used for assessment and evaluation
- Experience with policy development and application in monitoring and analyzing data from information systems in support of active cybersecurity risk management
- Exceptional presentation, oral, and written communication skills
- Ability to ensure program needs are satisfied through interpersonal and trusted communication
- Ability as self-starter with the ability to actively contribute on multiple efforts simultaneously, and have experience with and interest in process improvement
- Ability remain focused, positive, and highly productive in a frequently changing and sometimes ambiguous environment
- Must have current TS/SCI and able to pass CI polygraph with 60 days of hire
- Certified 8570 IAM or IAT level 3, CISSP, CISM, CASP, CISA or GSLC certification (CISSP preferred)
- Knowledge of and experience using XACTA tool and associated workflows
- Ability to develop and improve risk management and continuous monitoring processes
- Ability to understand and analyze network security architectures
- Ability to establish and foster effective interpersonal relationships and trusted partnerships
- Ability to establish effective working relationships internally and externally to the agency
- Developed technical documentation and white papers
- Knowledge of virtualization technologies and virtual machine development and maintenance
- Knowledge of emerging security issues, risks, and vulnerabilities
- Skill in identifying gaps in technical capabilities and in talking to others to convey information effectively
- Experience within the Intelligence Community
EDUCATION & EXPERIENCE:
Typically requires a bachelor's degree or equivalent and 15 years of related experience. Master's degree or doctorate in field mathematics, telecommunications, electrical engineering, computer engineering, or computer science is preferred.
Level III 8570 Certification Required prior to start date.
Normal demands associated with an office environment. Ability to work on computer for long periods, and communicate with individuals by telephone, email and face to face. Some travel may be required.