Security Control Assessor

About The Position

Requirements

• 5+ years of relevant experience
• US Citizenship required and hold DOD Secret or higher clearance.
• BA/BS or equivalent years of relevant experience
• CCNA Security, CySA+, GICSP, GSEC, Security + CE, CND, or SSCP.
• DoD 8570 IAT II certification:
• Intimate understanding of NIST RMF implementation guidance.
• Hands-on experience with using eMASS or similar Information Assurance tools.
• Experience analyzing vulnerability scans and STIG implementations.
• Knowledge/Familiarity with DoD 8500, DoD 8510, DHS 4300 A and B, NIST SP 800-18, 60, 70, 53, 53A, 137, IACS, CMRS, COAMS, JIMS, Swimlane, Governance, Risk, and Compliance, POA&M (i.e., Management, Assessment, etc.), ERS, FISMA, Knowledge Service, ACAS, Tanium, Power BI, Project/Program Management, TASKORD (i.e., FRAGO, CTO, etc.), and Data Calls (i.e., OIG Audit, etc.)

Nice To Haves

• Well-developed understanding of Systems Development Lifecycle (SDLC) and ideally the DHS Systems Engineering Lifecycle (SELC) process as it relates to Security Assessment and Authorization (SA&A).
• Relevant DOD, DHS or .gov Cyber Security Information Assurance focused experience with specific current hands-on experience researching, writing, and submitting complete documentation packages for new system authorizations.

Responsibilities

• Provide the United States Coast Guard (USCG) with tailored documentation to support their security authorization.
• Independent assessor for Risk Management Framework Steps 0 to 7.
• Plan and execute security control assessments for various information systems within the organization.
• Develop and maintain assessment procedures and methodologies aligned with NIST guidelines and other relevant frameworks.
• Analyze and evaluate the effectiveness of implemented security controls.
• Identify vulnerabilities, weaknesses, and potential risks in information systems and infrastructure.
• Prepare detailed Security Assessment Reports (SARs) documenting findings and recommendations.
• Collaborate with system owners, ISSOs, and other stakeholders throughout the assessment process.
• Verify the implementation of remediation actions and conduct follow-up assessments as needed.
• Provide expert advice on the development and maintenance of System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms).
• Stay current with evolving cybersecurity threats, technologies, and best practices.
• Validate security control implementation and provide test results.
• Hands-on experience in assessing RMF Step 4 and performing continuous monitoring.
• Examine security control weaknesses and determine if they are producing the desired intent.
• Deep understanding of Vulnerability Management practices.

Benefits

• Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
• We offer competitive compensation, benefits and learning and development opportunities.
• Our broad and competitive mix of benefits options is designed to support and protect employees and their families.
• At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.