Information Systems Security Manager (ISSM)/Cyber SecurityJob Category: Information TechnologyTime Type: Full timeMinimum Clearance Required to Start: NoneEmployee Type: RegularPercentage of Travel Required: Up to 10%Type of Travel: LocalCACI is seeking an Information Systems Security Manager (ISSM) Cyber security professional to join our team supporting a Department of Defense (DoD) client. If you are looking for your next career challenge with a highly skilled development team, CACI would like to speak with you. In this role, you will be the Cyber Security and Security Technical Implementation Guidelines (STIG) subject matter expert. As a valued member of the team, you will work with the team to ensure that any network or application within the client's purview desiring connectivity to the client's cloud computing environment meets all security requirements and specifications according to DoD Instruction 8510.01 Department of Defense Risk Management Framework (RMF).
Manage extensive security evaluations of information systems and networks and the remediation of security control weaknesses, prepares evaluation reports, and presents recommendations.
Conduct trade-off analyses of products for clients to determine optimal information securitysolutions.
Maintain a high level of familiarity with the major Federal Government Information Security policy guidance and directives.
Perform physical security tasks in accordance with the DoD 5200.1-R, Information Security Program Regulation, Administrative Instruction 26 Information Security Supplement to DoD 5200.1-R and Executive Order 12958 (as amended)-Provide ongoing security training to the client's on-site personnel
Ensure the physical environment of the computers and their terminals are properly secured and meets all Operation Security (OPSEC) requirements
Conduct structured walk-throughs based on Continuity of Operations Plans to ensure integrity of the network’s ability to reconstitute normal system functions including reinstallation of applications after a catastrophic failure
More About the Role
Coordinate Assess and Authorize (A&A), Configuration Management (CM), and Release Management requirements for the client's systems in accordance with DoD Instruction 8510.01 RMF
Ensure each network or system is operated, maintained, and disposed of in accordance with DoD security policies and practices and System Security Plan
Ensure application, system, environment, or organizational changes do not have an adverse effect on the security posture of the system security compliance and assessment
Determine the extent a system change may affect the security posture of either the information system or the computing environment and ensuring the implementation of such change are documented in the Enterprise Mission Assurance Support Service (eMASS), System Security Plans, and site operating procedures
Review and approve Software Assessment Report (SwAR), including code and application scans, for the inclusion of web-based IT Products (Web Application Software) into accredited enclaves and verify the findings from completed code reviews have been addressed properly as to not pose a threat to the network
Coordinate corrective actions for information assurance (IA) incidents identified by the customer’s CSSP and ensure all security-related incidents are documented and reported to the AO and AODR. Capture incident metrics. Evaluate incidents for patterns to minimize future risk
Monitor and validate vulnerability postures in Assured Compliance Assessment Solution (ACAS), and ensure all systems comply with DISA Security Technical Implementation Guidelines (STIG)s and with CSSP HBSS requirements
Ensure no physical or operational security procedure conflicts with information systems security measures
Ensure and approve Plan of Action and Milestones (POA&M) are in place for vulnerabilities that cannot be remedied at the time of the finding
Manage server and system/application IA requirements throughout the Software Development Lifecycle (SDLC)
Coordinate with the client's government-appointed Activity Security Representative (ASR) to support physical security for the primary office location
You’ll Bring These Qualifications
A DoD SECRET level clearance must be obtainable/maintainable (at minimum)
A minimum of 10 years of full-time work experience
A Bachelor’s Degree in Computer Science, or related field from an accredited university, or a minimum of 5 years of current applicable experience in Cyber Security
A minimum of 3 years of practical experience operating within RMF in DoD applications
A minimum of 3 years monitoring system Federal Information Security Modernization Act (FISMA) compliance using available workflow tools
Experience in initial risk assessment activities and ability to assist Authorizing Official risk determination with risk acceptance
Experience as a subject matter expert of the DoD STIGs and DoD policies pertaining to DoD IT
Trained in the use of the ACAS to include how to remedy Information Assurance Vulnerability Management (IAVM) findings
Experience using the DoD Enterprise Mission Assurance Support Service to achieve Authority to Operate for a DoD system
Demonstrate experience developing accreditation documentation in a DoD environment, including:
Continuity Plan
Contingency Plan
Risk Assessment
System Security Plan
Trained in the use of ePolicy Orchestrator to manage DISA ESS, or operational knowledge of MDE
An understanding of the relationship between system controls and how they affect system security
A minimum of 10 years using eMASS as a system certification and accreditation tracking tool
A minimum of 3 years of practical experience in a Azure PaaS/SaaS environment
DoD Manual 8140.03 level Advanced from the Foundational Qualification Options for the (722) ISSM work role including applicable certification(s) (e.g. CISSP, CISM) or be able to obtain within 6 months of starting position
These Qualifications Would Be Nice to Have
Familiarity with National Institute of Standards (NIST) directives
Certified in the use of McAfee ePolicy Orchestrator to manage DISA HBSS
Experience in initial risk assessment activities and ability to assist Authorizing Official risk determination with risk acceptance
Operational knowledge of GitHub Advanced Security scanning tools, to include reviewing results of custom software security scans
-What You Can Expect:A culture of integrity.At CACI, we place character and innovation at the center of everything we do. As a valued team member, you’ll be part of a high-performing group dedicated to our customer’s missions and driven by a higher purpose – to ensure the safety of our nation.An environment of trust.CACI takes pride in fostering a diverse and accessible culture where every individual feels supported to chart their own path. You’ll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality.A focus on continuous growth.Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground — in your career and in our legacy.Your potential is limitless. So is ours.Learn more about CACI here. (https://careers.caci.com/global/en/life-at-caci)Pay Range : There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Learn more here (https://careers.caci.com/global/en/employee-benefits) .Since this position can be worked in more than one location, the range shown is the national average for the position.The proposed salary range for this position is:$82,100-$172,400CACI is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, age, national origin, disability, status as a protected veteran, or any other protected characteristic.