Chantilly, Virginia, USA
3 days ago
Security Control Assessor (SCA)
Security Control Assessor (SCA)

Job Category: Information Technology

Time Type: Full time

Minimum Clearance Required to Start: TS/SCI with Polygraph

Employee Type: Regular

Percentage of Travel Required: None

Type of Travel: None

* * *

CACI is seeking a Security Control Assessor (SCA) to join our team of talented Cybersecurity professionals in Reston, VA.  You will evaluate Government customer systems and other security standards and publications as well as Government customer defined security guidelines and regulations.  You will also determine the extent to which the assigned security controls are implemented correctly; operating as intended; and producing the desired outcome with respect to meeting the regulatory and or statutory security requirements for National Security Systems. 

Duties include but are not limited to:

Evaluate Government customer systems against NIST SP 800 53/53A R4, 30, 37 and 39, RMF and other security standards and publications as well as Government customer defined security guidelines and regulations utilizing the customer assessment tracking system.

Conduct a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by complex and diverse information systems to determine the overall effectiveness of the control implementation.

Function as an independent and unbiased advocate who provides evidence to validate the trustworthiness of the system for the designated Authorizing Official (AO).

Conduct hands-on security control testing, analyze Body of Evidence (BoE) documentation and test results, document risk and recommend countermeasures.

Provide an assessment of the severity of weakness or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities.

Conduct hands-on security testing leveraging commercial tools and custom developed scripts and procedures.

Execute vulnerability/compliance assessment tools and evaluate results for systems undergoing security assessment.

Participate in joint test teams with other customer organizations and or Government Agencies to complete security assessment and adjudication.

Coordinate with other program elements conducting security testing.

Actively participate in or lead technical exchange meetings and application review boards, documenting actions items/results of these events.

Brief management, as needed, on the status of action items and/or results of activities.

Prepare security assessment reports containing the results and findings form the assigned security control assessments.

Provide documentation to the customer which describes all identified system risks, planned test procedures taken and test results.

Provide enhancement capabilities and SOPs to assessment operations for execution and implementation.

Responsible for implementing and applying technologies, processes, and practices designed to protect networks, devices, programs, and data from malicious attack, damage, or unauthorized access.

Investigates network device and information security incidents to determine extent of compromise to national security information and automated information systems.

You’ll Bring These Qualifications

TS/SCI with Polygraph (active / in-scope)

15+ Years of relevant experience (Bachelor’s Degree in related field may be substituted for 5 years of relevant experience), or Bachelor’s Degree + 10 years of related experience.

4+ years of relative experience.  Additional experience may be considered in lieu of a degree

Familiarity with conducting security assessment in support of accreditation and or authorization (A&A) decisions.

Familiarity with National Institute of Standards and Technology (NIST) Cybersecurity Framework and National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) requirements.

Familiarity with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 and or 800-53A Revision 4 as well as 800-30, 37 and 39.

Familiarity with the Committee on National Security Systems (CNSS) Instruction No. 1253.

Knowledge of Federal laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge of cyber defense and vulnerability assessment tools, including open source tools, and their capabilities.

Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data.

These Qualifications Would Be Nice to Have

CompTIA Security+

GIAC Security Essentials (GSEC)

Certified Information Systems Security Professional (CISSP)

Knowledge of cyber threats and known vulnerabilities from alerts, advisories, errata, and bulletins.

Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

Skill in discerning the protection needs (i.e., security controls) of information systems and other computing environments

What we can offer you:

At CACI, our philosophy of employee development and advancement rests on a cultural foundation of providing unlimited and equal opportunity for growth, recognition, and rewards. We provide the environment, support and responsive, available management to nurture and stretch your abilities. We also offer a career mobility program to make it easy to build a dynamic career at CACI and offer flexible work schedule arrangements to support work/life balance.

CACI’s Flexible Time Off (FTO) plan allows employees to take vacation as needed, without a set number of minimum or maximum days, and is available day one of employment. 

CACI has been named one of Fortune magazine’s World’s Most Admired Companies for 2024!

CACI also has more than 20 Communities of Practice to share and gain skills and knowledge regarding various technologies and topics including SAP, Salesforce, Agile Development, and many more. The associated Learning Academies provide training and certifications to gain additional skills and build your brand.

We offer competitive benefits and learning and development opportunities.

We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities.

With over 25,000 employees worldwide, CACI has been named a Best Place to Work by the Washington Post.

For over 60 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.

-

______________________________________________________________________________

What You Can Expect:

 

A culture of integrity.

At CACI, we place character and innovation at the center of everything we do. As a valued team member, you’ll be part of a high-performing group dedicated to our customer’s missions and driven by a higher purpose – to ensure the safety of our nation.

 

An environment of trust.

CACI takes pride in fostering a diverse and accessible culture where every individual feels supported to chart their own path. You’ll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality.

 

A focus on continuous growth.

Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground — in your career and in our legacy.

 

Your potential is limitless. So is ours.

Learn more about CACI here.

______________________________________________________________________________

Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Learn more here.

The proposed salary range for this position is:

$109,800 - $241,600

CACI is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, age, national origin, disability, status as a protected veteran, or any other protected characteristic.
Confirm your E-mail: Send Email