Security Control Assessor

About The Position

Requirements

• Experience: 5+ years of relevant experience.
• Clearance: US Citizenship required with DOD Secret or higher clearance.
• Education: BA/BS or equivalent years of relevant experience.
• Certifications: DoD 8570 IAT II certification (e.g., CCNA Security, CySA+, GICSP, GSEC, Security + CE, CND, or SSCP).
• NIST RMF: Intimate understanding of NIST RMF implementation guidance.
• Tools Experience: Hands-on experience with eMASS or similar Information Assurance tools.
• Analysis: Experience analyzing vulnerability scans and STIG implementations.
• Knowledge: Familiarity with DoD 8500, DoD 8510, DHS 4300 A and B, NIST SP 800 series, and other relevant frameworks and tools.

Nice To Haves

• SDLC & SELC: Well-developed understanding of Systems Development Lifecycle (SDLC) and the DHS Systems Engineering Lifecycle (SELC) process as it relates to Security Assessment and Authorization (SA&A).
• Documentation: Relevant DOD, DHS or .gov Cyber Security Information Assurance focused experience with hands-on experience in researching, writing, and submitting complete documentation packages for new system authorizations.

Responsibilities

• Tailored Documentation: Provide customized documentation to support the USCG’s security authorization.
• RMF Expert: Serve as an independent assessor for RMF Steps 0 to 7.
• Assessment Planning: Plan and execute comprehensive security control assessments for various information systems.
• Methodology Development: Create and maintain assessment procedures and methodologies in line with NIST guidelines and other relevant frameworks.
• Vulnerability Analysis: Identify and evaluate vulnerabilities, weaknesses, and potential risks in our information systems and infrastructure.
• Reporting: Prepare detailed Security Assessment Reports (SARs) with findings and recommendations.
• Collaboration: Work closely with system owners, ISSOs, and other stakeholders throughout the assessment process.
• Remediation Verification: Verify the implementation of remediation actions and conduct follow-up assessments.
• Advisory Role: Offer expert advice on developing and maintaining System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms).
• Continuous Learning: Stay ahead of the curve by keeping up-to-date with the latest cybersecurity threats, technologies, and best practices.
• Validation: Validate security control implementation and provide thorough test results.
• Continuous Monitoring: Hands-on experience in assessing RMF Step 4 and performing continuous monitoring.
• Intent Evaluation: Examine security control weaknesses to ensure they align with desired outcomes.
• Vulnerability Management: Deep understanding of Vulnerability Management practices.

Benefits

• Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.