Reston, Virginia, USA
Security Control Assessor (SCA) – TS/SCI w/ Poly
Job Category: Information Technology
Time Type: Full time
Minimum Clearance Required to Start: TS/SCI with Polygraph
Employee Type: Regular
Percentage of Travel Required: None
Type of Travel: None
CACI is seeking a Security Control Assessor (SCA) to join our team of talented Cybersecurity professionals in Reston, VA. You will evaluate Government customer systems and other security standards and publications as well as Government customer defined security guidelines and regulations. You will also determine the extent to which the assigned security controls are implemented correctly; operating as intended; and producing the desired outcome with respect to meeting the regulatory and or statutory security requirements for National Security Systems. Invent your future and make a lasting impact at CACI!
Duties include but are not limited to:
Evaluate Government customer systems against NIST SP 800 53/53A R4, 30, 37 and 39, RMF and other security standards and publications as well as Government customer defined security guidelines and regulations utilizing the customer assessment tracking system.
Conduct a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by complex and diverse information systems to determine the overall effectiveness of the control implementation.
Function as an independent and unbiased advocate who provides evidence to validate the trustworthiness of the system for the designated Authorizing Official (AO).
Conduct hands-on security control testing, analyze Body of Evidence (BoE) documentation and test results, document risk and recommend countermeasures.
Provide an assessment of the severity of weakness or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities.
Conduct hands-on security testing leveraging commercial tools and custom developed scripts and procedures.
Execute vulnerability/compliance assessment tools and evaluate results for systems undergoing security assessment.
Participate in joint test teams with other customer organizations and or Government Agencies to complete security assessment and adjudication.
Coordinate with other program elements conducting security testing.
Actively participate in or lead technical exchange meetings and application review boards, documenting actions items/results of these events.
Brief management, as needed, on the status of action items and/or results of activities.
Prepare security assessment reports containing the results and findings form the assigned security control assessments.
Provide documentation to the customer which describes all identified system risks, planned test procedures taken and test results.
Provide enhancement capabilities and SOPs to assessment operations for execution and implementation.
Responsible for implementing and applying technologies, processes, and practices designed to protect networks, devices, programs, and data from malicious attack, damage, or unauthorized access.
Investigates network device and information security incidents to determine extent of compromise to national security information and automated information systems.
TS/SCI with Polygraph (active / in-scope)
4+ years of relative experience. Additional experience may be considered in lieu of a degree
Familiarity with conducting security assessment in support of accreditation and or authorization (A&A) decisions.
Familiarity with National Institute of Standards and Technology (NIST) Cybersecurity Framework and National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) requirements.
Familiarity with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 and or 800-53A Revision 4 as well as 800-30, 37 and 39.
Familiarity with the Committee on National Security Systems (CNSS) Instruction No. 1253.
Knowledge of Federal laws, regulations, policies, and ethics as they relate to cybersecurity.
Knowledge of cyber defense and vulnerability assessment tools, including open source tools, and their capabilities.
Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data.
GIAC Security Essentials (GSEC)
Certified Information Systems Security Professional (CISSP)
Knowledge of cyber threats and known vulnerabilities from alerts, advisories, errata, and bulletins.
Knowledge of computer networking concepts and protocols, and network security methodologies.
Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
Skill in discerning the protection needs (i.e., security controls) of information systems and other computing environments.
What we can offer you:
At CACI, our philosophy of employee development and advancement rests on a cultural foundation of providing unlimited and equal opportunity for growth, recognition, and rewards. We provide the environment, support and responsive, available management to nurture and stretch your abilities. We also offer a career mobility program to make it easy to build a dynamic career at CACI and offer flexible work schedule arrangements to support work/life balance.
CACI has been named one of Fortune magazine’s World’s Most Admired Companies for 2022
CACI also has more than 20 Communities of Practice to share and gain skills and knowledge regarding various technologies and topics including SAP, Salesforce, Agile Development, and many more. The associated Learning Academies provide training and certifications to gain additional skills and build your brand.
We offer competitive benefits and learning and development opportunities
We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities
With over 25,000 employees worldwide, CACI has been named a Best Place to Work by the Washington Post
For over 55 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success
Company Overview: At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other protected characteristic.
TS/SCI with Polygraph
CACI / Equal Opportunity Employer
JBCAC 281896 2023.07.16
Top Secret with Polygraph Required, CLZTS, CLZCI, — SKUUU, VA_RESTON VA_VIRGINIA ZC20191 ZC201Z