Cyber Security Analyst

$109,800 - $241,600/Yr

CACI International - Chantilly, VA

posted 4 months ago

Full-time - Mid Level
Chantilly, VA
Professional, Scientific, and Technical Services

About the position

As a member of the security team at CACI, you will play a crucial role in the identification and implementation of information assurance and cybersecurity requirements. The successful candidate will be expected to have extensive experience with the NIST Risk Management Framework (RMF), threat analysis, vulnerability management, and the accreditation and authorization processes. You will be responsible for shepherding projects through to Authority to Operate (ATO) approval, ensuring that all cybersecurity measures are effectively implemented and maintained. Our cybersecurity teams utilize proven solutions to manage, monitor, and respond to cyber threats in real-time. This includes conducting cyber assessments, event monitoring, incident response, and implementing preventative measures to isolate and mitigate potential cyber threats. In this role, you will assess technologies, processes, and practices designed to protect networks, devices, programs, and data from malicious attacks, damage, or unauthorized access. You will assist in delivering and maintaining security-compliant systems in accordance with Department of Defense (DoD) cybersecurity requirements. Your responsibilities will include overseeing security control implementation methodologies in the A&A process, fully supporting the Risk Management Framework process from start to finish, and maintaining thorough documentation of all artifacts. You will also support the development and assembly of A&A documentation such as System Security Plans, Security Assessment Plans, Contingency Plans, and Risk Assessment Plans. Additionally, you will brief stakeholders on the strategic plans and implementation of RMF and cybersecurity policies and procedures. Your role will involve reviewing the program's cybersecurity processes and security control implementations, analyzing vulnerability scan reports, assessing security threats, and assisting team members in developing and tracking remediation strategies. You will support vulnerability management and provide updates on remediation activities, assist with contingency planning, and conduct incident response training and exercises. Furthermore, you will review DoD Information Assurance Vulnerability Management (IAVM) alerts and collaborate with engineers, administrators, and developers to remediate identified issues. Communication of security regulations, policies, and requirements will be essential to ensure compliance, and you will ensure that teams comply with security and privacy awareness training requirements.

Responsibilities

  • Assess technologies, processes, and practices designed to protect networks, devices, programs, and data from malicious attacks, damage, or unauthorized access.
  • Assist in delivering and maintaining security-compliant systems in accordance with DoD cybersecurity requirements.
  • Oversee security control implementation methodologies in the A&A process.
  • Fully support the Risk Management Framework process end-to-end, and maintain thorough documentation of artifacts.
  • Support development and assembly of A&A documentation such as System Security Plans, Security Assessment Plans, Contingency Plans, and Risk Assessment Plans.
  • Brief stakeholders on the strategic plans and implementation of RMF and cybersecurity policies and procedures.
  • Review the program's cybersecurity processes and security control implementations.
  • Analyze vulnerability scan reports, assess security threats, and assist team members in developing and tracking remediation strategies.
  • Support vulnerability management and provide updates on remediation activities.
  • Assist with contingency planning and incident response training and exercises.
  • Review DoD Information Assurance Vulnerability Management (IAVM) alerts and work with engineers, administrators, and developers to remediate identified issues.
  • Communicate security regulations, policies, and requirements to ensure compliance.
  • Ensure teams comply with security and privacy awareness training requirements.

Requirements

  • 10+ years of demonstrated experience in the application of NIST RMF guidance, DISA STIGs, Privacy Act, or DoD regulations, instructions, manuals, checklists, and guides for cybersecurity.
  • Experience writing and reviewing RMF artifacts.
  • Understanding of information and networking security requirements for Federal government, Department of Defense, or intelligence community.
  • Experience using tools such as SonarQube, JFrog XRAY, eMASS, ACAS, WebInspect, Nessus, Static Code Analysis, Burp Suite, or similar tools.
  • Experience performing vulnerability management activities including analysis, preparing recommendations, or remediation.
  • Detail-oriented with sound judgment, able to review the work of others, and detect errors or needed modifications.
  • Excellent oral and written communication skills with the ability to communicate clearly and concisely to both technical and non-technical audiences.
  • Experience in monitoring and testing IT systems for vulnerabilities and indicators of compromise.
  • Experience in configuring or validating secure systems.
  • Active TS/SCI clearance.

Benefits

  • Healthcare benefits
  • Wellness programs
  • Financial benefits
  • Retirement plans
  • Family support programs
  • Continuing education opportunities
  • Flexible time off benefits

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service