CACI International Cyber Security Engineer in Chantilly, Virginia
CACI is seeking a Cyber Security Engineer in Chantilly, VA.
What You'll Get to Do:
Serve as Cyber Security Engineer with DIACAP and/or RMF experience who has deep expertise in security assessment documentation to support DoD systems and efforts to achieve their Authorization to Operate (ATO).
The scope of this position includes full life-cycle Assessment and Authorization (A&A) management through all 6 Steps of the RMF process in support of the Government ISSM.
In this role, you’ll support activities in accordance with NIST 800.53 that support systems from the perspective RMF requirements.
Review systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades.
Maintain responsibility for managing cybersecurity risk from an organizational perspective.
Prepare and review documentation, including Systems Security Plans (SSPs), risk assessment reports, certification and accreditation (C&A) packages, and plan of actions and milestones (POA&M).
Prepare system security plan (SSP) in accordance with the applicable governing directive for systems and ensure all networks are maintained respective to SSPs.
Review and validate security documentation to ensure necessary security controls are in place and operating as intended.
Review and maintain vulnerability scanning tool compliance and reporting to ensure compliance with all applicable directives.
Provide cybersecurity analysis, with a focus on Assessment and Authorization (A&A), under the implementation of the Risk Management Framework (RMF)
In-depth reviewing of authorization packages and artifacts in the Enterprise Mission Assurance Support Service (eMASS) at RMF Steps 1, 2, and 5.
Track authorization to operate (ATO) statuses and authorizations with conditions, of the MSC Business Systems
Draft and review cybersecurity policy documents that affect the MSC Business systems
Review completed Assured Compliance Assessment Solution (ACAS) scans and Security Technical Implementation Guide (STIG) checklists submitted for RMF Step 5 Checkpoint and modification request package submissions.
Validate all findings from raw scans are documented
Analyze vulnerabilities in raw scans and determine if documented mitigations are appropriate.
Ensure all manual reviews are completed in STIG checklists, and that any not applicable (N/A) statements are appropriate.
Make determinations if there are risk posture changes when system modifications are requested for authorized systems.
You'll Bring These Qualifications:
A Minimum of five (5) years’ experience as an Information Assurance (IA) Analyst, ISSE, ISSO, or similar role in ATO package development
Generating security documentation for requirements, security control assessment, STIG and IAVA compliance, Standard Operating Procedures, test results, etc.
Professional security certification such as: CCNA Security, CySA+, GICSP, GSEC, CompTIA Security+ CE, SSCP or higher
Experience putting together and/or reviewing Ports, Protocols, and Services (PPS)
Experience reviewing network topology diagrams and system architecture
Experience reviewing Assured Compliance Assessment Solution (ACAS) scans or other vulnerability scans (performing scans and hands on experience preferred)
Experience reviewing DISA Security Technical Implementation Guide (STIGs) (applying STIGs and hands on experience preferred)
Completed training in eMASS, however preferably hands on experience with categorizing information types, tailoring with CNSSI 1253/NIST SP 800-53 rev 4 security controls, managing artifacts and building or reviewing packages in eMASS
CISSP, CASP, or similar certificate is preferred
Active Secret Clearance
What We Can Offer You:
We’ve been named a Best Place to Work by the Washington Post.
Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
We offer competitive benefits and learning and development opportunities.
We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities.
For over 55 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.
CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is proud to provide dynamic careers for employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.