DESCRIPTION: Veterans Benefits Management System (VBMS) Information Assurance (IA) and Assessment & Authorization (A&A) Support - Senior Information Security Systems Engineer. CACI is looking for an experienced Application Security Systems Engineer and National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) Subject Matter Expert (SME) to work in our Charleston, SC office. DUTIES AND RESPONSIBILITIES: - Senior Application Security Systems Engineer will lead and execute tasking in support of the Veterans Affairs (VA) Assessment & Authorization (A&A) process for the VBMS system. REQUIRED QUALIFICATIONS: - An expert understanding of J2EE, Spring Framework with Spring Security, AngularJS, and Maven as they are deployed in a large distributed enterprise environment, with working knowledge of additional programming languages such as Python, Ruby, or Bash. - An expert understanding of manually and dynamically reviewing source code in order to identify, verify, and make recommendations for remediation of security vulnerabilities in code. - A strong understanding of application security tools commonly used by the US Government and VA such as HPE Fortify, Portswigger Burpsuite, Smartbear SoapUI, and other open source security applications as needed. - A detailed understanding of the following security concepts: Quantitative Risk Assessment; Software Vulnerabilities and Weaknesses; Web Application security; Threat Modeling to include awareness and analysis of emergent threats; Network security. - Working experience in engineering instrumentation and security control implementations for the VBMS system, to ensure compliance with all VA 6500 security requirements, system software & configuration baselines, vulnerability management and evidence collection in support of A&A. - A familiarity of NIST RMF to ensure the integrity and on-time delivery of all phases of the VA A&A process from Categorize through Monitor, with a focus on aspects that entail application security. - A basic understanding of Service-Oriented Architectures to include web services, web applications, data models and information flow. - Significant written and verbal communication, including risk assessments, compliance analysis reports, executive summaries of cyber threats, formal and informational briefings to CACI and VA Enterprise Program Management Office (EPMO) professional staff. This will require collaboration with VBMS System Administrators, Architects and Developers on a regular basis. PREFERRED QUALIFICATIONS: - An understanding of COTS products such as Apache Web Server, Weblogic Application Server, Oracle Database, Java Runtime Environments, Docker, JWT, ESXI, and IBM Rational Tools. Experience with Agile and/or Scrum environments is a plus. - Experience analyzing and documenting compliance with established VA security policies and federal regulations. - Experience supporting secure change management by performing quantitative risk assessments for proposed changes to the production system. - Other duties as assigned. EDUCATION AND EXPERIENCE: - This job requires the ability to act independently. Additional, a qualified applicant will have a professional demeanor, good people skills, and the ability to excel in a multi-tasked and dynamic environment by prioritizing tasks and managing to a schedule. - 7-9 years related experience with Bachelor's Degree in Computer Science, Information Technology, Information Assurance, or Information Security, or 10+ years related experience without degree. Some experience in a Team Leadership or Management Role is desired. - At least one senior information security certification (e.g. CISSP, GIAC Certification, or equivalent) is required, a professional level technical certification (e.g. CCNP, RHCE, MCSE or equivalent) is strongly preferred. - US Citizenship and eligibility for a VA Moderate clearance is required for this position. PHYSICAL DEMANDS: Normal demands associated with an office environment. Ability to work on computer for long periods, and communicate with individuals by telephone, email and face to face. Some travel may be required.