What You’ll Get to Do:
Are you looking for a role that will impact protecting our Homeland Security? Do you thrive in assisting large organizations to apply Risk Management Framework? And are you a leader who always rises to the occasion? If yes, please keep reading! As a Vulnerability Assessment and Authorization Security Specialist, you will be responsible for ensuring the Security and Privacy of innovative solutions, while working in a dynamic environment exposed to the latest technologies.
More About the Role:
The Vulnerability Assessment and Authorization Security Specialist will be responsible for the following:
Manage all Information Assurance activities, responsible for enabling the ongoing assessment and ongoing authorization of CDM solution utilizing Risk Management Framework (RMF) and automated Security Assessment and Authorization tools.
Implements Risk Management Framework policy and application across the CDM program.
Implements NIST Security Controls and Control Implementation methodologies to the SA&A process
Briefs senior level internal and external customers on the latest RMF policies and procedures as well as adherence on the program
Understand and support Privacy Compliance Activities to include the development of Privacy Impact Analysis (PIA), Privacy Threshold Analysis (PTA), and Statement of Record Notices (SORN)
Facilitates and monitors information assurance (IA) processes for new projects including the development of security authorization packages and the tracking of progress for all Security Control implementations and Plans of Action and Milestones (POA&M)
Development of all Security Authorization artifacts and documentation and assembling of Authorization packages
Responsible for administration and adherence of the Risk Management Plan
Responsible for implementing and applying technologies, processes, and practices designed to protect networks, devices, programs, and data from malicious attack, damage, or unauthorized access.
Manages the assessment and authorization of network devices as well as ensuring the robustness of information security incident, damage and threat assessment programs.
May provide intrusion support to high technology investigations in the form of network assessments.
Researches tools, techniques, countermeasures, and trends in computer and network vulnerabilities, data hiding and network and device security and encryption.
Performs duties in support of in-house and external customers.
Assesses integrated system solutions ensuring proprietary / confidential data and systems are protected in accordance with mandated standards.
Participates with the client in the strategic process to translate security and business requirements into authorization packages.
Validates secure systems and may test security products/systems to detect computer and information security weakness.
Assists in the generation of security architecture documentation.
Provides critical written and verbal analyses of previously generated security architecture documentation as a part of vulnerability and risk assessments.
Designs and implements plans of action and milestones to remediate findings from vulnerability and risk assessments.
Provides information assurance for digital information, ensuring its confidentiality, integrity, and availability.
Responsibilities include the development of authorization packages to operate IT systems at acceptable levels of risk, monitoring and testing of IT systems for vulnerabilities and indications of compromise, incident response and remediation, the development of appropriate policy, relevant user security awareness and training, and compliance with applicable government and other external standards.
Coordinate closely with the Quality Assurance Specialist in identifying and mitigating risk to meet established quality standards
You’ll Bring These Qualifications:
Intimate understanding of NIST RMF implementation guidance.
Well-developed understanding of Federal Civilian or DHS Security Assessment and Authorization (SA&A) processes
In-depth understanding of the relevance of NIST Security Controls and Control Implementation methodologies to the SA&A process
Can demonstrate understanding of critical documentation required in Security Authorization (SA) Packages
Ability to understand and support Privacy Compliance Activities to include the development of Privacy Impact Analysis (PIA), Privacy Threshold Analysis (PTA), and Statement of Record Notices (SORN)
These Qualifications Would be Nice to Have:
Well-developed understanding of Systems Development Lifecycle (SDLC) and ideally the DHS Systems Engineering Lifecycle (SELC) as it relates to Security Assessment and Authorization (SA&A)
Relevant DHS or .gov Cyber Security focused experience
Certified Information Systems Security Professional (CISSP), Certified Authorization Professional (CAP), Certified Information Security Manager (CISM), or Certified Information Privacy Professional (CIPP-US/G/M) certifications preferable.
Typically has a University Degree (BA/BS) or equivalent experience and minimum 10 years related work experience.
Ability to obtain Security Clearance
Able to obtain a DHS Entrance on Duty (EOD)
What We Can Offer You:
- We’ve been named a Best Place to Work by the Washington Post.
- Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
- We offer competitive benefits and learning and development opportunities.
- We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities.
- For over 55 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.
CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is proud to provide dynamic careers for employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.