Registered User? - Login Here :    Email (User ID):    Passcode:        Forgot Password?

ISSE - Security Control Assessor - Springfield, VA 20598 - US

Job Posting Information
Employer : CACI
Job Title : ISSE - Security Control Assessor
Location : Springfield, VA 20598 - US
Reference Code : 95670
Job Type : Direct-Hire / Permanent Full-Time
Minimum Clearance Level : Top Secret / SCI
Date Modified : 05-16-2019
Salary : (not listed)
Additional Salary Information :
Career Level : Experienced (Non-Manager) 10+ Years of Experience
Education Level : Bachelors
 Save       Print       Email to Friend       Apply     
Job Description

At CACI, we don't just hire you for a job; we hire you for a career. CACI recruits, retains, and develops a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. We empower you to forge your path while providing you with the tools, guidance, and flexibility needed to accomplish your career goals. CACI has a clear, defined strategy that has guided our success for over fifty years.
Consider a career with CACI, where you will have the opportunity to make an immediate impact by providing the information technology and consulting solutions America needs to defeat global terrorism, secure our homeland and improve government services.

Duties and Responsibilities:

CACI has an immediate opening for a Security Control Assessor (SCA) to support a Government client. The candidate will provide information cyber assessment and authorization support, vulnerability management, and enhancing Information Security (IS) awareness ensuring proper IS resources and security controls are appropriately applied throughout the system/continual monitoring lifecycle. The candidate will provide various levels of Information assurance, including security control implementation guidance, patch management, compliancy assessment, vulnerability assessment/risk mitigation review, incident response, FISMA assessment, and Red & Blue team assessments. The individual will provide recommendations concerning safeguarding of information systems and will conduct a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls. The selected candidate will also develop various security documentation, including but not limited to security test reports and standard operating procedures to help system stakeholders and information system owners achieve compliance with established Information Assurance policies.

Qualifications and Responsibilities:

Typically requires a BS or BA in Computer Science, Information Technology, or related field and have 10 -12 years of related experience.

• Must have current TS/SCI and able to pass CI polygraph within 60 days of hire

• Working knowledge of ICD 503 process and procedures to include NIST SP 800-30, 800-37, 800-39, 800-47, 800-53/A, 800-60, 800-137, CNSSI-1253, CNSSI-4009, CNSSP-22 and FISMA compliancy requirements

• Communicate effectively (written and verbal) with all members of an organization and work in a diplomatic and professional demeanor

• Conduct security impact analyses of controls on proposed system changes

• Developed or reviewed systems security artifacts which includes SSAA, SSP, RMM, SRTM, CTP, CMP, DRP, SAP/SAR and POA&Ms

• Develop and assist in development of Plan of Action and Milestones (POA&M) containing corrective actions and milestones required for unacceptable risks and deficiencies.

• Perform vulnerability scanning of infrastructure, applications, and external penetration testing

• Conduct Incident Response testing to evaluate processes for detection, response, and reporting of security incidents

• Prepare report Security Assessment Reports containing findings and recommendations for remediation

• Provide configuration management and control processes to integrate security and risk management

• Implement a continuous monitoring strategy appropriate for systems, leveraging existing tools, efforts, and incorporating new automation techniques

• Provide A&A status updates/reports and briefings per customer’s required format

• Demonstrated ability to simultaneously manage and track multiple systems and/or programs involved in the A&A process

• Must obtain appropriate 8570 Certification within 90 days of hire and maintain certification throughout employment

Desired Qualifications:

• Current certification compliant with DoD 8570 IASAE level 2 or 3 (CISSP or equivalent).

• Working knowledge or experience with DIACAP, DCID 6/3 and ICD 503/RMF

• System Testing methodologies experience (includes: penetration testing, configuration analysis and security best practices validation) as well as experience with a variety of security testing and penetration testing tool sets (includes: WASSP, SECSCN, Backtrack 5, ACAS/Nessus (Security Center & Nessus Vulnerability Scanner), Wireshark, Retina & Tripwire, HP Fortify)

• Network Discovery & Visual Analytics experience (i.e., IP Sonar, etc.)

• Red / Blue team assessment experience

• Ability to develop automated tools using Java, Ajax, SQL, Perl and Python

• Cyber Incident handling

• Working knowledge of Forensic tools and analysis

• Experience using XACTA

• Experience within the Intelligence Community

Normal demands associated with an office environment. Ability to work on computer for long periods, and communicate with individuals by telephone, email and face to face. Some travel may be required.

Company Description:
CACI provides information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian clients. A member of the Fortune 1000 Largest Companies and the Russell 2000 Index, CACI provides dynamic careers for approximately 14,900 employees working in over 120 offices worldwide

CACI is an Equal Opportunity Employer M/F/D/V.