CACI International Information Systems Security Engineer (ISSE) in Lexington Park, Maryland
The Information Systems Security Engineering (ISSE) position supports a national security focused customer providing system security engineering services and/or product to ensure secure reliable and uninterrupted availability of customer developed and deployed systems and networks. The ISSE will support the Government to ensure core security engineering principles are implemented into assigned programs information systems architecture.
The ISSE RESPONSIBILITIES include, but are not limited to:
Perform analysis and evaluation to design, implement, test and field secure systems, networks, and architectures.
Develop, implement, and enforce information systems security policies ensuring system security requirements are addressed during all phases of the acquisition and Information System (IS) lifecycle.
Conduct certification and testing in accordance with the Risk Management Framework (RMF) and National Institute of Standards and Technology (NIST) policy; identify deficiencies and providing recommendations of risk mitigation to customer.
Support the Government to resolve conflicting system security engineering requirements.
Develop program technical publications such as Systems Engineering Plans (SEP), Technical Plans, Analyses and Reports, Risk Assessments, Security Concepts of Operations (SECONOP), Program Protection Plan, Anti-Tamper Plan, Cybersecurity Strategy, Technology Development Strategies, Test Plans, procedures and reports, System Security Plans and NAVAIR CYBERSAFE related documentation.
Liaison with Department of Defense (DoD), Intelligence Community (IC), Department of the Navy (DoN) and Naval Air Systems Command (NAVAIR) stakeholders.
Actively being used or within scope DoD TS/SCI clearance.
Ability to obtain a favorable Counter Intelligence (CI) Polygraph.
At least five (5) years of experience as an ISSE on programs and contracts of similar scope, type, and complexity within the Federal Government.
Expert technical knowledge in security engineering and IT systems engineering.
Experience with testing methods, automated tools, plans, and procedures for verification of compliance and vulnerability requirements.
Expert knowledge of security engineering, design concepts and principles.
Familiarity with System Life Cycle Development (SDLC) methodologies and the 800 series of Nation Institute of Standards and Technology (NIST) Special Publications (in particular 800-37, 800-39, 800-53, 800-53A, 800-94 and 800-115) and Committee National Security Systems Instruction (CNSSI) 1253.
Experience with modern networks, operating systems, databases, and virtual computing.
Extensive experience analyzing information technology and system risk in complex environments and articulating results to all levels of personnel.
Experience conducting information system security control assessments (SCAs) and applying standard auditing techniques during systems security control assessments, including the proper interpretation of the control requirements, determining if the artifacts provided are sufficient and recommending remedial action to Government customer to ensure compliance.
Knowledge of Department of Defense Architecture Framework (DoDAF) views facilitating integration and promoting interoperability across capabilities and among integrated architectures.
Knowledge of the policies and practices for Critical Program Information (CPI) mandates for technologies.
Knowledge of Commercial Solution for Classified (CSfC) within National Security Systems (NSS).
Extensive knowledge of Department of Defense, Department of Navy, and Intelligence Community policies, procedures, and guidelines for designing secure architectures.
Knowledgeable of DoD, DON, IC, and NAVAIR policy on the acquisition processes.
Ability to develop and interpret security architectures, data flow diagrams, engineering electrical/pinout drawings, and publications that depict the system(s) architecture.
Exceptional verbal and written communication skills, with the ability to collaborate across teams and organizations, including senior level management.
Proven ability to multi-task and deliver on-time with the highest quality.
Ability to be able to identify risk areas of non-compliance and propose solutions to design to full-fill operational requirements and meet cybersecurity requirements simultaneously.
Proficient in Microsoft Office tools. (Power Point, Word, Visio, etc.)
EDUCATION & EXPERIENCE:
Required - DoD 8570 IASAE level 2 compliance or higher certification required: ( CISSP, CISSP-ISSAP or CISSP-ISSEP)
Preferred: Certified Authorization Professional (CAP)
Preferred: Bachelor’s degree in Systems Security Engineering, Software Engineering, or Computer Science
Normal demands associated with an office environment. Ability to work on computer for long periods, and communicate with individuals by telephone, email and face to face. Some travel may be required.
CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. Join CACI, where you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. A Fortune magazine World's Most Admired Company in the IT Services industry, CACI is a member of the Fortune 1000 Largest Companies, the Russell 2000 Index, and the S&P SmallCap600 Index. CACI provides dynamic careers for over 20,000 employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.