CACI International Information System Security Engineer (ISSE) in Norfolk, Virginia
Information System Security Engineer (ISSE)
Job Category: Information Technology
Time Type: Full time
Minimum Clearance Required to Start: Secret
Employee Type: Regular
Percentage of Travel Required: None
Type of Travel: None
CACI is seeking a mid to advanced level Information System Security Engineer (ISSE) to join our project team at Naval Station Norfolk. You will work as an integral part of a highly productive team of seasoned technical professionals who thrive on supporting our customer's mission and objectives. You will have a key role supporting Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) and Risk Management Framework (RMF) assessment processes for all the customer’s current in service product releases. You will be primarily focused on software vulnerability issues detected in security scans. The selected candidate for this team will be recognized as a technical authority on software development and on remediation or mediation of vulnerability security risk in compliance with DoDI, DISA ASD STIG, NIST & RMF accreditation, testing and evaluation processes.
This is a hybrid role that can be mostly remote as team members are only required to be onsite once a week (or as required for meetings etc). This will require that you live within the local commuting distance (80 miles) to the Naval Station at Norfolk, VA.
What You’ll Get to Do:
You will apply your advanced development knowledge, experience and expertise in the Information Assurance disciplines of Cybersecurity Testing, Evaluation, Validation and Verification of traditional and non-traditional information systems. As a significant member of this team, you will be in a position of influence and leadership, working with Development Leads & Scrum Master teams on Navy engineering efforts and meeting strict standards. You should be confidant and comfortable enough to have your work products periodically checked by Navy Qualified Validator’s (NQV) and other stakeholders to ensure accuracy and validity. Additional duties may include:
Executing SAST & DAST scans with commercial software scanning tools, eMASSter POAM input & output, RMF Continuous Monitoring (CM) processes, the development of RMF artifacts (eMASS POAMS, Web Risk Assessment Report (WRA), etc.), and the implementation of Security/STIG Controls in coordination with development project teams.
Design and development of plans, processes, and procedures for Navy information systems of complex systems IAW Federal and DOD Cybersecurity requirements.
Provide leadership in, and execution of, security test and evaluation methods, practices, and techniques associated with the assessment of Navy information systems.
Provide expert evaluation, assessment, and recommendations for project/program policy in support of system design, acquisition, development, deployment and operations in diverse security environments IAW National and DOD requirements.
You’ll Bring These Qualifications:
Possess current DoD 8570 IAT Level 2 certification or higher, minimum Comptia Security+ required . (other certifications CSSLP, Micro Focus Fortify SCA, SSC, WI etc, a plus).
Active Secret Clearance or higher required.
Bachelor’s degree from a U. S. Department of Education accredited college or university
5 + year’s professional development experience in .NET, TSQL and PSQL
Advanced knowledge of DoD Information Assurance & Cybersecurity Software Development policies, procedures and practices, including multiple SAST and/or DAST completions using NIST SP 800-53 Security Controls and DISA ASD STIGS.
Advanced knowledge of Data Structures, Network Architecture, Software Architecture and/or related concepts.
Advanced knowledge of computers, networks, deployment environments (e.g., source code, data structures, programming techniques, data center, cloud, etc.), systems and application security threats and vulnerabilities.
Entry to advanced knowledge of and skill in using DoD tools and capabilities for software vulnerability scanning such as Micro Focus Fortify SCA, SSC & WI tools, WRA’s and compliance reporting (eMASS, eMASSter, Checkmarx, Sonarcube, Burp Suite Professional, ACAS, etc.).
Demonstrated skill and ability in planning, testing, evaluation of moderately complex operating systems (Windows and Linux), software development life cycle (SDLC), networking hardware. Scope includes the demonstrated ability to implement the appropriate level of test rigor to verify compliance of moderately complex systems
Ability to develop RMF artifacts (POAM’s. Web Inspect Web Risk Assessment Reports/scans), plan security assessment execution events, and report to cross-functional teams, IPT Leadership, Program Office personnel, and external Stakeholders.
Ability to advise team, project, and program leaders on applicable DOD/DON Security policy and guidelines for complex software systems.
Ability to lead a team’s security engineers to think logically and dynamically, while leading system security control assessments for certification, authorization, approval, risk analysis and risk-based decisions (RBD).
The NTCSS is the set of systems the Navy uses both ashore and afloat to handle supply chain and logistics management of ships, submarines, aviation squadrons, and intermediate maintenance activities. Installed at over 1,000 sites with 250,000 daily users, the system is essential to the smooth functioning of the Navy’s supply chain. Under this contract, CACI will continue to provide full life-cycle development and engineering support for business IT systems that manage supply, finance, personnel, and administration. As CACI modernizes the legacy systems, the Navy will be able to take full advantage of new software, hardware, and technology, while reducing cyber security vulnerabilities.
What We Can Offer You:
We’ve been named a Best Place to Work by the Washington Post.
Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
We offer competitive benefits and learning and development opportunities.
We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities.
For over 60 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.
Company Overview: At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is an Equal Opportunity Employer – Females/Minorities/Protected Veterans/Individuals with Disabilities.
Pay Range: The proposed salary range for this position is $54,900-$109,800. There are a host of factors that can influence final salary including, but not limited to, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, geographic location, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. Employment benefits include health and wellness programs, income protection, paid leave and retirement and savings.
As a federal contractor, CACI is subject to any federal vaccine mandates or other customer vaccination requirements. All new hires are required to report their vaccination status.