What You'll Get to Do:
CACI’s Agile Solution Factory (ASF) is hiring a Senior Cybersecurity Specialist for product teams based in Ashburn, VA or Colorado Springs, CO! Join this passionate team of industry-leading individuals supporting the Best Practices in Agile Software Development for the Department of Defense.
ASF programs thrive in a culture of innovation and are constantly seeking individuals who can bring creative ideas to solve complex problems, both technical and procedural at the team and portfolio levels. The ability to be adaptable and to work constructively with a technically diverse and geographically separated team is crucial.
The Senior Cybersecurity Specialist with both strong cybersecurity and network security delivery skills will need to have a deep technical understanding of Cybersecurity practices, delivering secure and reliable hardware and software solutions in short sprints. They will work as an integral part of a highly productive team of seasoned technical professionals who thrive on supporting our customer's mission and growth objectives– responsible for designing, developing, leading, and implementing secure application and infrastructure capabilities for a variety of legacy and modernized systems and applications.
They will work in close collaboration with software developers/engineers, quality assurance engineers, stakeholders, and end users within Agile Engineering processes. They must have a working knowledge of enterprise class information assurance requirements and network security and survivability.
They will also be responsible for supporting development of a spectrum of engineering artifacts that adequately, but succinctly captures system security requirements, application and network security design, and network security architecture. This position is responsible for ensuring that all assigned work activities are performed in a timely, secure, compliant and cost-effective manner while maintaining the highest quality of performance.
More About the Role:
Serves as a Cybersecurity Team member responsible for the Information Assurance and Security of application, database, and enterprise network services. Responsible for activities associated with delivery of Cybersecurity policy implementation and network solutions associated with customer-defined systems and software projects; basic responsibilities include
Apply information security in accordance with National/DoD/Army Directive security policy including, but not limited to, DODI 8500.01, DODI 8510.01, NIST SP 800-30, NIST 800-37, NIST 800-53a, NIST SP 800-61, NIST 800-171, AR 25-2, and AR 380-5
Assess entire system lifecycle requirements and network security impacts
Support creation of, and ensure approval for, Department of Defense (DOD) Risk Management Framework (RMF) Assess and Authorize (A&A) Process for development and sustainment projects
Support program and customer management, and government Authorizing Official (AO) for all information security status, policies, and procedures
Document DoD RMF Security Implementation Plan artifacts. Coordinate and assist development team with application artifact documentation
Assist government personnel in preparing and presenting Enterprise Mission Assurance Support System (eMASS) packages to the Control Assessor (SCA)Assess and analyze US-CERT, ACERT, and current threat environment;
Enhance – Implement Cybersecurity vulnerability/A&A hardening testing
Optimize – Cybersecurity development environment certification
Integrate & Test Security – test patches and settings, document A&A artifacts
Validate & Verify security – validate patch status and software control status
Implement security – apply patches and security settings, performance incident handling and remediation
Maintain security posture – audit security settings, track security training, monitor threats, track reaccreditation
Enable assurance for information security during all phases of agile software development and deployment
Continuously evaluate and recommend innovative proven best business practices and tools to enhance defense-in-depth
Identify, assess, and recommend zero-day cyber threat remediation
Address Cybersecurity issues to help maintain Continuity of Operations Plan (COOP)
Assist engineers with implementing and maintaining Common Access Card (CAC) and Public Key Infrastructure (PKI) functions into existing and future application development to ensure confidentiality, integrity, and availability to mission support
Perform information security vulnerability testing and mitigate any nonconformance
Create and manage Plan of Action & Milestones (POA&M)
Implement and validate Security Technical Implementation Guide (STIG) requirements for all development and implementation projects
Understand and assist developers with static code analysis processes
You will Bring These Qualifications:
Must be a U.S. Citizen, with or eligible for a Government security clearance
College degree (B.S., M.S.) in Information Assurance, Computer Science, Information Management Systems or a related discipline
Demonstrated knowledge of National/DoD/Army Directive security policies including, but not limited to, DODI 8500.01, DODI 8510.01, NIST SP 800-30, NIST 800-37, NIST 800-53a, NIST SP 800-61, NIST 800-171, AR 25-2, and AR 380-5
Demonstrated knowledge of DOD RMF accreditation implementation
Demonstrated experience with HP Fortify Software Security Center
Demonstrated experience with Assured Compliance Assessment Solution (ACAS)/Tenable Nessus Vulnerability Scanner
Demonstrated familiarity and experience with Firewalls, Intrusion Prevention Systems, WebGateways, and/or enterprise Antivirus software technologies
Demonstrated experience using eMASS
Experience with continuous integration tools and environments
Ability to identify and manage risk
Working knowledge of and ability to assist others in the use of information security provisioning and monitoring tools to support process improvement
Excellent written and verbal communication skills
Strong collaboration skills and desire to work within a team
Understanding of all elements of the DOD Cybersecurity policies and requirement
Highly responsible, team-oriented individual with very strong communication skills and work ethic; self-starter
6+ years related technical experience
These Qualifications Would be Nice to Have:
8570.01-M, IAT Level III: CISCO CCNP Security; (ISC)2's CISSP; ISACA CISA, GIAC Certified Incident Handler (GCIH), GIAC Certified Enterprise Defender (GCED); and/or CompTIA Advanced Security Practitioner (CASP)
Demonstrated knowledge and experience with ISO 27000 information security management principles
Ability to apply advanced principles, theories, and concepts, and contribute to the development of innovative IA principles and ideas
Experience working on unusually complicated problems and providing solutions that are highly creative and ingenious, exhibiting ingenuity, creativity, and resourcefulness
Experience with scripting languages such as Perl, VBScript, Ruby, etc.
Experience with Computer Network Defense (CND) processes, procedures, and tools
Acts independently to expose and resolve problems
What We Can Offer You:
- We’ve been named a Best Place to Work by the Washington Post.
- Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
- We offer competitive benefits and learning and development opportunities.
- We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities.
- For over 55 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.
CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is proud to provide dynamic careers for employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.