CACI International Information Security Specialist (SCA) in Springfield, Virginia
CACI has an opening for a Security Control Assessor (SCA) to support a Government client. The candidate will provide support in security control assessment and continuous monitoring of the organization's information systems following ICD 503 standards and best practices. The candidate will provide various levels of Information assurance by developing test plans and assessing or auditing information system security controls by applying best practices of NIST 800-37, 800-53, 800-53A, and CNSS 1253 guidance. The individual will conduct vulnerability scanning of information systems using government accepted scanning tools to ensure compliance and to identify security weaknesses and vulnerabilities. The individual will review and analyze scanning results and provide recommendations concerning vulnerability mitigation efforts.
P rovide technical services for installation, operation, maintenance and authorization of hardware and software required for vulnerability scanning capabilities.
Review system security body of evidence documentation for accuracy and completeness.
Support development of Plan of Action and Milestones (POA&M) containing corrective actions required for unacceptable system and enterprise level risks.
Provide support to configuration management and control processes to integrate security and risk management.
Scan for network security compliance in accordance with DISA STIGs.
Conduct security impact analyses of security controls based on proposed system changes.
Support the preparation of security test plans, execute and assess the security control effectiveness using security control test procedures, and create Security Assessment Reports (SAR) based on assessment findings.
Support vulnerability scanning activities for external audits (i.e. FISMA and CCRI).
Develop tools and methodologies for tracking and reporting on identified information system vulnerabilities.
The clearance level required is dependent on the type of clearance supported by our client.
Must have a current certification compliant with DoD 8570 IAM or IAT level 3. OR must provide demonstrable progress to achieve a DoD 8570 compliant certification within 90 days of hire and maintain certification throughout employment.
Typically requires bachelor's degree or equivalent and 3+ years of related experience.
Experience with ICD 503 and working knowledge of Risk Management Frame work as outlined in NIST SP 800-37.
Working knowledge of information system security controls and how to assess their effectiveness per NIST SP 800-53 and NIST SP 800-53A.
Knowledgeable in continuous monitoring processes as outlined in NIST SP 800-137 appropriate for systems, leveraging existing tools, efforts, and incorporating new automation techniques.
Knowledgeable in information system vulnerability analysis and management.
Must have a thorough knowledge of IT including but not limited to network sub netting.
Experienced in system testing methodologies that include:
Security best practices validation
Experienced in security testing and penetration tools that include:
Assured Compliance Assessment Solution (ACAS)
HP Fortify Web Inspect
Network Discovery & Visual Analytics experience (i.e., IP Sonar, etc.)
Red / Blue team assessment experience
Knowledgeable in cyber Incident handling.
Experienced in using the XACTA application.
Proficient in the use of Microsoft Application tools (i.e. Excel and Powerpoint).
Experience within the Intelligence Community.
EDUCATION & EXPERIENCE:
Typically requires a bachelor's degree or equivalent and 3+ years related experience.
Level 2 8570 certification is preferred and required within the first 6 months.
What We Can Offer You:
We’ve been named a Best Place to Work by the Washington Post.
Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
We offer competitive benefits and learning and development opportunities.
We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities.
For over 55 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.
CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is proud to provide dynamic careers for employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.