Posted:
8/29/2024, 8:34:45 AM
Location(s):
Baltimore, Maryland, United States ⋅ Maryland, United States
Experience Level(s):
Senior
Field(s):
IT & Security
Workplace Type:
On-site
The Opportunity:
CACI is seeking a Security Controls Assessor’s Agent! Our customer is the one-stop maintenance and logistics provider to all of the US Coast Guard’s Cutters and Boats. Help them to meet their daily mission of keeping those Cutters and Boats operational for search and rescue, commercial waterways preservation, and border defense. Working directly for the Coast Guard’s Surface Security Controls Assessor (SCA), you will help assess and authorize platform information technology (PIT) installed on Cutters and Boats.
Responsibilities:
Under general supervision perform the roles and responsibilities of the Security Controls Assessor’s Agent (SCA-A).
Perform risk assessment analysis to support PIT security assessment and authorization
Review PIT designation requests and provide recommendations regarding risk assessment and impact levels
Review network information and topology contained in PIT designation requests and provide insights into risk for the system
Develop and review draft plans to assess PIT security controls; provide assessment plan improvement recommendations for SCA approval
Use assessment procedures defined in security assessment plan to assess PIT security controls
Document issues and findings from PIT security control assessments; provide recommendations for SCA approval.
Assess a selected subset of the technical, management, and operational security controls employed within and inherited by the PIT in accordance with the USCG SFLC defined monitoring strategy
Review new cybersecurity policy/regulations, analyze and provide recommendations on security controls to address gaps.
Provide subject matter expertise on security frameworks and requirements, using this knowledge to advise, support policy development, and conduct risk analysis.
Provide on-site cybersecurity consultation regarding security controls and the Risk Management Framework (RMF) process to system owners, system security engineers, ISSOs, and others.
Review and validate system categorizations and security control implementation including interacting with the system owner and ISSO to ensure compliance.
Assess security control implementations for all assigned PIT packages recommending approval or authorization to the Surface SCA and the Authorizing Official’s Designated Representative (AODR).
Prepare draft recommendation memos and draft approval memos for AODR and Authorizing Official (AO) signature
Qualifications:
Required:
Active Secret Clearance
6+ years of information assurance or cybersecurity experience including assessment and authorization (A&A) packages
Experience assessing Security Controls for IT
DoDI 8570 compliant IAM-III such as: Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), GIAC Security Leadership, or Certified Chief Information Security Officer (CCISO).
Working knowledge of DoDI 8510.01 and the companion online RMF KS as well as security control families, security controls, and assessment procedures.
Knowledge of DoD Cyber policies and NIST and of DoD STIGs and SRGs.
Expertise in the areas of vulnerability and risk management
Experience validating and/or assessing security controls and security plans including review of test documentation on assessment procedures and associated artifacts.
Clearly demonstrate your ability to convey complex cybersecurity data to a wide variety of audiences (colleagues, experts, novices, and new to the concepts) at all levels (leadership, management, and worker).
Excellent oral and written communication skills.
Desired:
Demonstrated experience using the Enterprise Mutual Assurance Support Service (eMASS)
Experience writing executive summary for an assessment
Experience generating Security Assessment Reports
Working knowledge of NIST SP 800-82r2 Guide to Industrial Control Systems (ICS) Security desired.
______________________________________________________________________________
What You Can Expect:
A culture of integrity.
At CACI, we place character and innovation at the center of everything we do. As a valued team member, you’ll be part of a high-performing group dedicated to our customer’s missions and driven by a higher purpose – to ensure the safety of our nation.
An environment of trust.
CACI takes pride in fostering a diverse and accessible culture where every individual feels supported to chart their own path. You’ll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality.
A focus on continuous growth.
Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground — in your career and in our legacy.
Your potential is limitless. So is ours.
______________________________________________________________________________
Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Learn more here.
The proposed salary range for this position is:
$78,700 - $165,300Website: https://caci.com/
Headquarter Location: Arlington, Virginia, United States
Employee Count: 10001+
Year Founded: 1962
IPO Status: Public
Industries: Software