CACI International Information Security Specialist in Curtis Bay, Maryland
Be a part of the U.S Coast Guard Surface Forces Logistics Center team establishing cyber security services for all shipboard systems throughout the Fleet. Help prevent security incursions to shipboard information systems from limiting Cutter and Boat crews interdicting illicit drugs entering US ports, defending terrorist incursions to our ports and coastal waters, or maintaining coastal aids to navigation to keep our vital shipping lanes open.
What You'll Get to Do:
Under general supervision performs the roles and responsibilities of the Information System Security Officer (ISSO) for assigned shipboard hull, mechanical, and electrical (HM&E) information systems, also known as Platform Information Technology Systems (PITS) or Industrial Control Systems (ICS), and serves as the lead point-of-contact for all security-related matters to those systems.
Support the Chief, Electrical Systems Section (ESS) in facilitating the protection of U.S. Government Sensitive but Unclassified (SBU) information by ensuring applicable programs, procedures and policies are in place.
Perform an independent assessment on assigned shipboard systems to ensure all required system security controls are implemented, operating as intended, and producing desired outcomes.
Review existing policies, procedures and guidelines to ensure compliance with Department of Homeland Security (DHS) and USCG Information Assurance (IA) Policy.
Draft, or revise policy documentation for Government review and approval, and organizational implementation.
Coordinate with applicable cyber security entities for changes or modifications to hardware, software, or firmware of a shipboard system.
Support the performance of periodic reviews of security controls for responsible shipboard systems.
Prepare certification and accreditation (C&A) documentation for submission to the Authorizing Official (AO).
Maintain the C&A Host Base Security Systems (HBSS), Information Assurance Computer Systems (IACS)
Create and validate SFLC C&A accounts with DHS Trusted Agent (TA) Federal Information Systems Management Act (FISMA) and DHS Risk Management System (RMS).
Conduct vulnerability scans of assigned networks and databases.
Provide assistance in the remediation of vulnerabilities identified through network scans.
Maintain a tracking log for all Electronic Spillage activity.
Support IA strategic planning activities to evaluate enterprise services through the assessment of priorities and risk.
Create and maintain security-related documentation (System Design, System Security Plan, policies, security alerts, etc.)
Qualifications You'll Bring:
Requires a Bachelor's degree and five or more years of related experience; Bachelor's may be substituted for an Associate’s Degree and 10 years of experience
Minimum DoDI 8570 compliant IAT Level II (either Security+ CE, CCNA Security, GICSP, GSEC, or SSCP)
Ability to conduct risk assessment analysis to support Assessment and Authorization (A&A)
Ability to review and create network information and topologies
Thorough knowledge and understanding of software technologies, as well as the methods used in performing risk analysis
Experience with common operating systems and platforms (e.g. Windows, Linux, UNIX)
Must have the ability to verbally communicate technology-related issues and security-related issues to every level of the organization (end-users, IT staff, managers, vendors, contractors, etc.) including proficiency with MS Office products (e.g., PowerPoint)
Ability to consistently categorize, measure, and prioritize security risks, express them in the language of the business unit to make them easily digestible by system owners, and assist in their mitigation
Knowledge of the intricacies related to DoD Cyber policies and NIST and of DoD STIGs and SRGs
Expertise in the areas of vulnerability and risk management
Knowledge and experience of current and emerging information assurance security practices
Additional Nice to Have Qualifications:
Knowledge of DHS and USCG policies and procedures prescribed in DHS 4300A (Sensitive Security Handbook IT Security Program), USCG COMDTINST 5230.67 (Command, Control, Communications, Computers & Information Technology (C4&IT) (IA) Policy.
DoDI 8570 compliant IAM Level III (either CISM, CISSP, or GSLC) attainable within 12-months
Experience with creating and tracking POAMs and risk acceptance waivers
Basic understanding of electrical communication standards MODBUS
What We Can Offer You:
We’ve been named a Best Place to Work by the Washington Post.
Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
We offer competitive benefits and learning and development opportunities.
We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities.
For over 55 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.
CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is proud to provide dynamic careers for employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.