Cyber Security Analyst

About The Position

Requirements

• Must be a U.S. Citizen with an active DoD Secret clearance (at minimum)
• A Bachelor's Degree in Cyber Security, Information Technology, Information Security, or related field. Equivalent professional experience may be considered in lieu of degree.
• At least two years of relevant Cyber Security experience
• Experience and knowledge in DoD RMF, NIST Controls, and Authorization to Operate (ATO) processes
• Knowledge of cyber security concepts and tools, such as DISA STIGs and SCAP
• Minimum 2 years’ experience using the DoD Enterprise Mission Assurance Support Service (eMASS) as a system certification and accreditation tracking tool
• Fulfill DoD Manual 8140.03 level Intermediate from the Foundational Qualification Options for the (541) Vulnerability Assessment Analyst work role including applicable certification(s) (e.g._Security+)
• Experience with cloud implementations and environments

Nice To Haves

• Familiarity with National Institute of Standards (NIST) directives
• Experience implementing NIST 800-53 controls
• Familiarity with any of the following: FEDRAMP, DISA APL, DevSecOps, SIEM, Microsoft Defender for Cloud
• Familiarity with RMF 2.0 and Continuous ATO
• Experience working with Microsoft Azure environments
• Experience using vulnerability assessment tools as well as analyzing and interpreting assessment results
• Experience in initial risk assessment activities and ability to assist Authorizing Official risk determination with risk acceptance
• Experience with container technology
• Operational knowledge of GitHub Advanced Security scanning tools, to include reviewing results of custom software security scans
• Ability to apply principles, theories, and concepts while contributing to the development of new, innovative principles and ideas
• Good communication skills , both verbal and written
• Strong attention to detail

Responsibilities

• Work collaboratively with the ISSM, ISSO, stakeholders, and the team to support cybersecurity efforts (NIPR/SIPR)
• Create and manage RMF artifacts and the entire ATO lifecycle
• Conduct vulnerability assessments on technologies to verify system security and compliance and assist in remediation efforts
• Review and analyze GitHub and software vulnerability scans
• Utilize scripting and development tools to achieve cybersecurity compliance and reporting needs
• Ensure application, system, environment, or organizational changes do not have an adverse effect on the security posture of the system security compliance and assessment
• Manage security evaluations of information systems and networks and the remediation of security control weaknesses, prepare evaluation reports, and present recommendations
• Monitor and validate vulnerability postures in Microsoft Azure Defender for Cloud, Microsoft XDR and Microsoft Azure Policy and ensure all systems comply with DISA Security Technical Implementation Guidelines (STIG)s and with CSSP requirements
• Ensure and approve Plan of Action and Milestones (POA&M) are in place for vulnerabilities that cannot be remedied at the time of the finding

Benefits

• Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.