CACI International Information Assurance Manager in Fort Gordon, Georgia
What You’ll Get to Do:
You will perform security controls assessments that are an integral part of the Assessments and Authorizations process for the GEOINT Enterprise TPED Services (GETS) located at Fort Gordon Georgia. You will perform A&A scanning, comprehensive assessment testing, penetration testing, documentation, reporting and analysis requirements. This includes performing dedicated functions for all GETS missions involved with Assessments and Authorizations or compliance with applicable National Intelligence Community, Department of Defense and Department of the Army information system security guidance.
More About the Role:
Perform comprehensive security assessments of identified and applied security controls for classified systems. Provide summaries of assessments in Security Assessment Reports (SAR) that address the technical evaluation and results of assessment, identify weaknesses or deficiencies, and recommend corrective actions for risk mitigation.
Perform and assess the degree to which a system is compliant with published policy from higher authorities, operating system, network, and application security STIG reviews.
Perform host and network based security control assessments, determine residual security risks, prepare assessment test reports, prepare and assess test plans, and provide formal recommendations in support of authorization.
Provide support to GETS at internal/external meetings, conferences, and technical exchange meetings, and working groups for all activities with regard to information security and risk management.
Provide testing support for evaluations and shall provide specific test plans and testing services tailored to security controls of the systems being tested. The tester will use GETS accepted tools and techniques, including but not limited to manual testing, web assessment software, vulnerability scanning, pen testing tools, and in house scripts as approved by GETS. Tests may be conducted either remotely or locally on the systems to ensure compliance and to identify security vulnerabilities, risks, threats and gaps.
Conduct testing and scanning using GETS accepted techniques and scanning tools to evaluate compliance and to identify security vulnerabilities, threats, risks, and gaps. You will review and analyze the findings that identify security issues on the system.
Maintain training and certification records for GETS staff personnel and privileged user IA awareness training records.
You’ll Bring These Qualifications:
Current CISSP(Certified Information System Security Professional, ISC2)
Bachelor's Degree and 10+ years of related work experience.
Knowledge and experience in security disciplines including, but not limited to, information systems security, operations security, administrative security, personnel security, physical security and communications security.
Expert knowledge of IA principles and organizational requirements that are relevant to confidentiality, integrity, availability, authentication, and non-repudiation.
Ability to develop best practices for processes and standards that will better the system.
Knowledgeable in cyber incident handling.
Experience testing and accrediting systems that include in-house software development and integration with open-source products.
Knowledge and experience in OWASP (Open Web Application Security Project) endorsed vulnerability assessment and mitigation strategies.
Knowledge of IT security principles and methods (e.g., firewalls, demilitarized zones, encryption).
Knowledge of network access, identity, and access management (e.g., public key infrastructure).
Knowledge of security system design tools, methods, and techniques.
Knowledge of relevant laws, policies, procedures, or governance as they relate to work that may impact critical infrastructure.
Knowledge of TCP/IP networking technologies, Windows Active Directory and LINUX account administration and folder permissions, patch management best practices on operating systems and applications, and known vulnerabilities associated with Windows and LINUX platforms.
Knowledge of OSI model and how specific devices and protocols interoperate, including knowledge of protocols, and services for common network traffic.
Knowledge of DoD/IC system security control requirements.
Knowledge and experience with XACTA application.
Knowledge of industry information security standards and protocols.
Knowledge of known vulnerabilities from alerts, advisories, and bulletins.
These Qualifications Would be Nice to Have:
Experience within the Intelligence Community.
Experienced in system testing methodologies that include: penetration testing, configuration analysis, security best practices validation.
Experienced in security testing and penetration tools that include: Assured Compliance Assessment Solution (ACAS), Wireshark, HP Fortify Web Inspect, Network Discovery & Visual Analytics experience (i.e., IP Sonar, etc., Red / Blue team assessment experience).
Proficient in the use of Microsoft Application tools (i.e. Excel and PowerPoint).
What We Can Offer You:
We’ve been named a Best Place to Work by the Washington Post.
Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
We offer competitive benefits and learning and development opportunities.
We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities.
For over 55 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.
CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is proud to provide dynamic careers for employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.