CACI International Inc
Saint Louis, MO 63118
What You'll Do:
You will provide support in security control assessment and continuous monitoring of the organization's information systems following ICD 503 standards and best practices. You will provide various levels of Information assurance by developing test plans and assessing or auditing information system security controls by applying best practices of NIST 800-37, 800-53, 800-53A, and CNSS 1253 guidance. You will conduct vulnerability scanning of information systems using government accepted scanning tools to ensure compliance and to identify security weaknesses and
You will review and analyze scanning results and provide recommendations concerning vulnerability mitigation efforts.
More About the Role:
Provide technical services for installation, operation, maintenance and authorization of hardware and software required for vulnerability scanning capabilities
Review system security body of evidence documentation for accuracy and completeness
Support development of Plan of Action and Milestones (POA&M) containing corrective actions required for unacceptable system and enterprise level risks
Provide support to configuration management and control processes to integrate security and risk management
Scan for network security compliance in accordance with DISA STIGs
Conduct security impact analyses of security controls based on proposed system changes
Support the preparation of security test plans, execute and assess the security control effectiveness using security control test procedures, and create Security Assessment Reports (SAR) based on assessment findings
Support vulnerability scanning activities for external audits (i.e. FISMA and CCRI)
Develop tools and methodologies for tracking and reporting on identified information system vulnerabilities
You'll Bring These Qualifications:
Must have a current certification compliant with DoD 8570 IAM or IAT level 3. OR must provide demonstrable progress to achieve a DoD 8570 compliant certification within 6 months of hire and maintain certification throughout employment
Typically has a University Degree (BA/BS) or equivalent experience and minimum 10 years of related work
These Qualifications Would be Nice to Have:
Experience with ICD 503 and working knowledge of Risk Management Frame work as outlined in NIST SP 800-37
Working knowledge of information system security controls and how to assess their effectiveness per NIST SP 800-53 and NIST SP 800-53A
Knowledgeable in continuous monitoring processes as outlined in NIST SP 800-137 appropriate for systems, leveraging existing tools, efforts, and incorporating new automation techniques
Knowledgeable in information system vulnerability analysis and management
Must have a thorough knowledge of IT including but not limited to network sub netting
Experienced in system testing methodologies that include: Penetration testing, Configuration analysis, Security best practices validation
Experienced in security testing and penetration tools that include: WASSP, SECSCN, Backtrack 5, Assured Compliance Assessment Solution (ACAS), Wireshark, Retina, Tripwire, HP Fortify Web Inspect, Network Discovery & Visual Analytics experience (i.e., IP Sonar, etc.), Red / Blue team assessment experience
Knowledgeable in cyber Incident handling
Experienced in using the XACTA application
Experience within the Intelligence Community.
What We Can Offer You:
- We've been named a Best Place to Work by the Washington Post.
- Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
- We offer competitive benefits and learning and development opportunities.
- We are mission-oriented and ever vigilant in aligning our solutions with the nation's highest priorities.
- For over 55 years, the principles of CACI's unique, character-based culture have been the driving force behind our success.
US-St. Louis-MO-ST LOUIS
CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is proud to provide dynamic careers for employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.
CACI International Inc
Website : http://www.caci.com
CACI provides information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. A member of the Fortune 1000 Largest Companies, the Russell 2000 Index, and the S&P SmallCap 600 Index, CACI provides dynamic careers for over 15,800 employees working in over 120 offices worldwide. Visit www.caci.com.