CACI is seeking an Information Systems Security Manager (ISSM) Cyber security professional to join our team supporting a Department of Defense (DoD) client. If you are looking for your next career challenge with a highly skilled development team, CACI would like to speak with you. In this role, you will be the Cyber Security and Security Technical Implementation Guidelines (STIG) subject matter expert. As a valued member of the team, you will work with the team to ensure that any network or application within the client's purview desiring connectivity to the client's cloud computing environment meets all security requirements and specifications according to DoD Instruction 8510.01 Department of Defense Risk Management Framework (RMF).
Manage extensive security evaluations of information systems and networks and the remediation of security control weaknesses, prepares evaluation reports, and presents recommendations.Conduct trade-off analyses of products for clients to determine optimal information security solutions. Maintain a high level of familiarity with the major Federal Government Information Security policy guidance and directives.Perform physical security tasks in accordance with the DoD 5200.1-R, Information Security Program Regulation, Administrative Instruction 26 Information Security Supplement to DoD 5200.1-R and Executive Order 12958 (as amended)-Provide ongoing security training to the client's on-site personnelEnsure the physical environment of the computers and their terminals are properly secured and meets all Operation Security (OPSEC) requirementsConduct structured walk-throughs based on Continuity of Operations Plans to ensure integrity of the network’s ability to reconstitute normal system functions including reinstallation of applications after a catastrophic failureMore About the Role
Coordinate Assess and Authorize (A&A), Configuration Management (CM), and Release Management requirements for the client's systems in accordance with DoD Instruction 8510.01 RMFEnsure each network or system is operated, maintained, and disposed of in accordance with DoD security policies and practices and System Security PlanEnsure application, system, environment, or organizational changes do not have an adverse effect on the security posture of the system security compliance and assessmentDetermine the extent a system change may affect the security posture of either the information system or the computing environment and ensuring the implementation of such change are documented in the Enterprise Mission Assurance Support Service (eMASS), System Security Plans, and site operating proceduresReview and approve Software Assessment Report (SwAR), including code and application scans, for the inclusion of web-based IT Products (Web Application Software) into accredited enclaves and verify the findings from completed code reviews have been addressed properly as to not pose a threat to the networkCoordinate corrective actions for information assurance (IA) incidents identified by the customer’s CSSP and ensure all security-related incidents are documented and reported to the AO and AODR. Capture incident metrics. Evaluate incidents for patterns to minimize future riskMonitor and validate vulnerability postures in Assured Compliance Assessment Solution (ACAS), and ensure all systems comply with DISA Security Technical Implementation Guidelines (STIG)s and with CSSP HBSS requirementsEnsure no physical or operational security procedure conflicts with information systems security measuresEnsure and approve Plan of Action and Milestones (POA&M) are in place for vulnerabilities that cannot be remedied at the time of the findingManage server and system/application IA requirements throughout the Software Development Lifecycle (SDLC)Coordinate with the client's government-appointed Activity Security Representative (ASR) to support physical security for the primary office locationYou’ll Bring These Qualifications
A DoD SECRET level clearance must be obtainable/maintainable (at minimum)A minimum of 10 years of full-time work experienceA Bachelor’s Degree in Computer Science, or related field from an accredited university, or a minimum of 5 years of current applicable experience in Cyber SecurityA minimum of 3 years of practical experience operating within RMF in DoD applicationsA minimum of 3 years monitoring system Federal Information Security Modernization Act (FISMA) compliance using available workflow toolsExperience in initial risk assessment activities and ability to assist Authorizing Official risk determination with risk acceptanceExperience as a subject matter expert of the DoD STIGs and DoD policies pertaining to DoD ITTrained in the use of the ACAS to include how to remedy Information Assurance Vulnerability Management (IAVM) findingsExperience using the DoD Enterprise Mission Assurance Support Service to achieve Authority to Operate for a DoD systemDemonstrate experience developing accreditation documentation in a DoD environment, including:Continuity PlanContingency PlanRisk AssessmentSystem Security PlanTrained in the use of ePolicy Orchestrator to manage DISA ESS, or operational knowledge of MDEAn understanding of the relationship between system controls and how they affect system securityA minimum of 10 years using eMASS as a system certification and accreditation tracking toolA minimum of 3 years of practical experience in a Azure PaaS/SaaS environmentDoD Manual 8140.03 level Advanced from the Foundational Qualification Options for the (722) ISSM work role including applicable certification(s) (e.g. CISSP, CISM) or be able to obtain within 6 months of starting positionThese Qualifications Would Be Nice to Have
Familiarity with National Institute of Standards (NIST) directivesCertified in the use of McAfee ePolicy Orchestrator to manage DISA HBSSExperience in initial risk assessment activities and ability to assist Authorizing Official risk determination with risk acceptanceOperational knowledge of GitHub Advanced Security scanning tools, to include reviewing results of custom software security scans-_____________________________________________________________________________
What You Can Expect:
A culture of integrity.
At CACI, we place character and innovation at the center of everything we do. As a valued team member, you’ll be part of a high-performing group dedicated to our customer’s missions and driven by a higher purpose – to ensure the safety of our nation.
An environment of trust.
CACI takes pride in fostering a diverse and accessible culture where every individual feels supported to chart their own path. You’ll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality.
A focus on continuous growth.
Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground — in your career and in our legacy.
Your potential is limitless. So is ours.
Learn more about CACI here.
_____________________________________________________________________________
Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Learn more here.
Since this position can be worked in more than one location, the range shown is the national average for the position.
The proposed salary range for this position is:
$82,100-$172,400CACI is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, age, national origin, disability, status as a protected veteran, or any other protected characteristic.