CACI International Information Security Engineer, Principal (ISSE) in Springfield, Virginia
At CACI, we don't just hire you for a job; we hire you for a career. CACI recruits, retains, and develops a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. We empower you to forge your path while providing you with the tools, guidance, and flexibility needed to accomplish your career goals. CACI has a clear, defined strategy that has guided our success for over fifty years.
Consider a career with CACI, where you will have the opportunity to make an immediate impact by providing the information technology and consulting solutions America needs to defeat global terrorism, secure our homeland and improve government services.
Duties and Responsibilities:
CACI has an immediate opening for an Information Assurance (IA) Professional to support a Government client. The candidate will provide ISSE services to information system owners as determined by the government customer. IS Security Engineering consists of applying the best practices and processes of capturing, refining, and assisting in prioritization of requirements based on risk, engineering principles, and mission requirements. ISSE produces purposeful security architecture, design development and a configuration information system that facilitate secure missions systems. The candidate will provide Information System Owners (ISOs) guidance, requirements understanding, and options to support technical security engineering and capability based security analysis of system security architectures, identify vulnerabilities, and provide suggested mitigation alternatives. They will participate in design, development, and implementation of information systems to ensure these systems are in compliance with required security features and safeguards.
The IA professional will propose categorization of information systems based on types of information processed, in conjunctions with DAO Representatives and ISOs. They will identify improved or equal security features and safeguards provided for system enhancements. The IA professional analyzes IA policies, procedures, and requirements and provides security recommendations for the operational functionality of systems or proposed capabilities in sufficient detail to support the development of interoperable, standard, and compatible systems. They will coordinate with appropriate Security Control Assessors (SCAs) early in engineering design phase for ongoing coordination, understating in development and application of security controls, and security tradeoffs and other decisions. The IA professional provides technical assistance to the government efforts to conduct cost/benefit analysis for security design decisions. They perform security engineering analysis and documentation reviews to validate government IA policies, procedures, and requirements are met. They provide technical guidance in security design reviews and analyze vendor documentation for government and commercial solutions. The IA professional oversees and reports compliance with system security plans on all government customer information stores, systems and networks on a regular (at least quarterly) basis and reviews audit logs for security significant issues and events and advises government PMs on a weekly basis. They provide network services engineering expertise in support of strategic defense of essential network infrastructures and operations against compromise by ensuring integrity and robustness of interconnections between networks of different security domains. They ensure information systems are designed, developed, and implemented with required security features and safeguards. They provide cross domain system security control guidance to developers.
Experience as subject matter expert with demonstrated competency in engineering related functional or cross-functional security areas (e.g., security engineering, IT operations security design, cybersecurity)
Experience in identifying technical gaps and providing solution recommendations
E xperience in providing and analyzing comprehensive security architecture artifacts
Working knowledge and experience in security disciplines including but not limited to, information systems security, operations security, administrative security, personnel security, physical security and communications security
Working knowledge of IA principles and organizational requirements that are relevant to confidentiality, integrity, availability, authentication, and non-repudiation
Working knowledge of DCID 6/3. ICD 503, CNSSI 1253, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-37, and security controls assessment criteria/procedures
Working knowledge of DoD/IC system security control requirements, roles, missions, and operational enterprise architecture
Working knowledge of IA architecture frameworks, including the IC IA Architecture Reference Model
Working knowledge of network security architecture concepts, including topology, protocols, components, and principles
Working knowledge of the System Development Lifecycle
Working knowledge of information security systems engineering principles and virtual machine technology
Working knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption)
Working knowledge of network access, identity, and access management (e.g., PKI)
Working knowledge, skills, and experience in Systems Engineering principles, requirements analysis, system development (software and hardware)
Skill in designing countermeasures to identified security risks
Skill in discerning the protection needs (i.e., security controls) of information systems and networks
Ability to evaluate the adequacy of security designs
Ability to develop and apply security system access controls
Ability to conduct audits or reviews of technical systems
Certified 8570 IAM or IAT level 3, CISSP, CISM, CASP, CISA or GSLC certification (CISSP preferred)
Working knowledge of IT supply chain security/risk management policies, requirements, and procedures
Working knowledge of system design tools, methods, and techniques, including automated system analysis and design tools
Working knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization guidelines) relating to system design
Working knowledge of Privacy Impact Assessments (PIA) and Personally Identifiable Information (PII)
Working knowledge and experience with XACTA, including understanding workflow
Skill in translating security requirements into functional requirements and options for developers
Skill in security control inheritance from enterprise security services and communicating these to developers
Skill in creating policies that reflect system security objectives
Skill in designing security controls based on IA principles and tenets
Skill in designing the integration of hardware and software solutions
Ability to use design modeling (e.g., unified modeling language)
Ability to conduct vulnerability scans and recognizing vulnerabilities in security systems
Ability to establish working relationships internally and externally to the Agency
Skill in identifying gaps in technical capabilities and in talking to others to convey information effectively
Experience within the Intelligence Community
EDUCATION & EXPERIENCE:
Typically requires a Master's degree and 12 years related experience or equivalent.
Level III 8570 Certification Required upon start date.
Normal demands associated with an office environment. Ability to work on computer for long periods, and communicate with individuals by telephone, email and face to face. Some travel may be required.
CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is proud to provide dynamic careers for employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.