CACI International Mid Information Security Specialist in Fort Gordon, Georgia
Mid Information Security Specialist
Job Category: Information Technology
Time Type: Full time
Minimum Clearance Required to Start: TS/SCI
Employee Type: Regular
Percentage of Travel Required: Up to 10%
Type of Travel: Local
What You’ll Get to Do:
As the selected Information System Security Engineer, you will serve as an information assurance analyst with Risk Management Framework (RMF) experience who has expertise in security assessment documentation to support DoD systems and efforts to achieve their Authorization to Operate (ATO). The scope of this position includes full life-cycle Assessment and Authorization (A&A) management through all 6 Steps of the RMF process in support of the Government ISSM. In this role, you’ll conduct security assessment, and information system security oversight activities in accordance with NIST 800.53 that support systems from the perspective RMF requirements. Review systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades. Maintain responsibility for managing cybersecurity risk from an organizational perspective. Prepare and review documentation, including Systems Security Plans (SSPs), risk assessment reports, certification and accreditation (C&A) packages, and plan of actions and milestones (POA&M). Prepare system security plan (SSP) in accordance with the applicable governing directive for systems and ensure all networks are maintained respective to SSPs. Review and validate security documentation to ensure necessary security controls are in place and operating as intended. Review and maintain vulnerability scanning tool compliance and reporting to ensure compliance with all applicable directives. Stay informed of any changes to security policies and landscape and ensure that any training or other activities are undertaken to maintain security posture and compliance. Update documentation and specifications of compliance requirements and control inheritance across system products and components.
More About the Role:
Provide cybersecurity analysis, with a focus on Assessment and Authorization (A&A), under the implementation of the Risk Management Framework (RMF)
In-depth reviewing of authorization packages and artifacts in the Enterprise Mission Assurance Support Service (eMASS) at RMF Steps 1, 2, and 5.
Track authorization to operate (ATO) statuses and authorizations with conditions, of the GETS System
Draft and review cybersecurity policy documents that affect the GETS system
Run and/or support A&A meetings and other working groups.
Review completed Assured Compliance Assessment Solution (ACAS) scans and Security Technical Implementation Guide (STIG) checklists submitted for RMF Step 5 Checkpoint and modification request package submissions.
Validate all findings from raw scans are documented
Analyze vulnerabilities in raw scans and determine if documented mitigations are appropriate.
Ensure all manual reviews are completed in STIG checklists, and that any not applicable (N/A) statements are appropriate.
Make determinations if there are risk posture changes when system modifications are requested for authorized systems.
Providing technical input for policies and procedures and maintaining accurate documentation on those policies/procedures.
Research and investigate problems, diagnose and provide resolution or viable solutions for hardware and software issues; appropriately escalating and reporting recommendations clearly and effectively to management and team.
Research and remediate vulnerabilities
You’ll Bring These Qualifications:
TS/SCI Security Clearance
BA/BS in related field and 4-6 years’ experience as an Information Assurance (IA) Analyst, ISSE, ISSO, or similar role in ATO package development, including generating security documentation for requirements, security control assessment, STIG and IAVM compliance, Standard Operating Procedures, test results, etc or 10-15 years’ experience
Must meet 8570 IAM Level II certification compliance such as: CISSP, CASP+CE, or CISM
Must have proven experience in Plan of Action and Milestones (PoA&M) process
Must have proven experience in information assurance risk management
Experience reviewing network topology diagrams and system architecture
Experience reviewing Assured Compliance Assessment Solution (ACAS) scans or other vulnerability scans (performing scans and hands on experience preferred)
Experience reviewing DISA Security Technical Implementation Guide (STIGs) (applying STIGs and hands on experience preferred)
What We Can Offer You:
We’ve been named a Best Place to Work by the Washington Post.
Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
We offer competitive benefits and learning and development opportunities.
We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities.
For over 55 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.
Company Overview: At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is an Equal Opportunity Employer – Females/Minorities/Protected Veterans/Individuals with Disabilities.