CACI International - Alexandria, VA

posted 5 months ago

Full-time - Mid Level
Alexandria, VA
Professional, Scientific, and Technical Services

About the position

CACI is seeking an Information Systems Security Manager (ISSM) Cyber security professional to join our team supporting a Department of Defense (DoD) client. In this role, you will be the Cyber Security and Security Technical Implementation Guidelines (STIG) subject matter expert. As a valued member of the team, you will work with the team to ensure that any network or application within the client's purview desiring connectivity to the client's cloud computing environment meets all security requirements and specifications according to DoD Instruction 8510.01 Department of Defense Risk Management Framework (RMF). You will manage extensive security evaluations of information systems and networks and the remediation of security control weaknesses, prepare evaluation reports, and present recommendations. Additionally, you will conduct trade-off analyses of products for clients to determine optimal information security solutions and maintain a high level of familiarity with the major Federal Government Information Security policy guidance and directives. Your responsibilities will also include performing physical security tasks in accordance with the DoD 5200.1-R, Information Security Program Regulation, Administrative Instruction 26 Information Security Supplement to DoD 5200.1-R and Executive Order 12958 (as amended). You will provide ongoing security training to the client's on-site personnel and ensure the physical environment of the computers and their terminals are properly secured and meet all Operation Security (OPSEC) requirements. Conducting structured walk-throughs based on Continuity of Operations Plans to ensure integrity of the network's ability to reconstitute normal system functions, including reinstallation of applications after a catastrophic failure, will also be part of your role. You will coordinate Assess and Authorize (A&A), Configuration Management (CM), and Release Management requirements for the client's systems in accordance with DoD Instruction 8510.01 RMF. It is essential to ensure each network or system is operated, maintained, and disposed of in accordance with DoD security policies and practices and System Security Plan. You will also need to ensure application, system, environment, or organizational changes do not adversely affect the security posture of the system security compliance and assessment. Furthermore, you will determine the extent a system change may affect the security posture of either the information system or the computing environment and ensure the implementation of such changes are documented in the Enterprise Mission Assurance Support Service (eMASS), System Security Plans, and site operating procedures.

Responsibilities

  • Serve as the Cyber Security and STIG subject matter expert for the team.
  • Ensure compliance with DoD Instruction 8510.01 RMF for network and application connectivity to the cloud.
  • Manage security evaluations of information systems and networks, and remediate security control weaknesses.
  • Prepare evaluation reports and present recommendations to stakeholders.
  • Conduct trade-off analyses of products to determine optimal information security solutions.
  • Maintain familiarity with Federal Government Information Security policy guidance and directives.
  • Perform physical security tasks in accordance with DoD regulations and directives.
  • Provide ongoing security training to on-site personnel.
  • Ensure the physical environment of computers and terminals meets OPSEC requirements.
  • Conduct structured walk-throughs based on Continuity of Operations Plans to ensure network integrity after failures.
  • Coordinate A&A, CM, and Release Management requirements for client systems.
  • Ensure compliance with DoD security policies and practices for system operation and maintenance.
  • Review and approve Software Assessment Reports for web-based IT products.
  • Coordinate corrective actions for IA incidents and document security-related incidents.
  • Monitor and validate vulnerability postures in ACAS and ensure compliance with DISA STIGs.
  • Manage server and system/application IA requirements throughout the SDLC.

Requirements

  • A DoD SECRET level clearance must be obtainable/maintainable (at minimum).
  • A minimum of 10 years of full-time work experience in Cyber Security.
  • A Bachelor's Degree in Computer Science or related field, or a minimum of 5 years of applicable experience.
  • A minimum of 3 years of practical experience operating within RMF in DoD applications.
  • A minimum of 3 years monitoring system FISMA compliance using available workflow tools.
  • Experience in initial risk assessment activities and assisting Authorizing Official risk determination.
  • Experience as a subject matter expert of the DoD STIGs and DoD policies.
  • Trained in the use of ACAS to remedy Information Assurance Vulnerability Management findings.
  • Experience using eMASS to achieve Authority to Operate for a DoD system.
  • Demonstrated experience developing accreditation documentation in a DoD environment.

Nice-to-haves

  • Familiarity with National Institute of Standards (NIST) directives.
  • Certified in the use of McAfee ePolicy Orchestrator to manage DISA HBSS.
  • Operational knowledge of GitHub Advanced Security scanning tools.

Benefits

  • Healthcare coverage
  • Wellness programs
  • Financial benefits
  • Retirement plans
  • Family support
  • Continuing education opportunities
  • Flexible time off benefits
Job Description Matching

Match and compare your resume to any job description

Start Matching
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service