POSITION SUMMARY: CACI has an immediate opening for an Information Assurance (IA) Professional to support a Government client. The candidate will perform security controls assessments that are an integral part of the Assessments and Authorizations process. The candidate will perform A&A scanning, comprehensive assessment testing, penetration testing, documentation, reporting and analysis requirements. This includes performing dedicated functions for all client missions involved with Assessments and Authorizations or compliance with applicable National Intelligence Community or Department of Defense information security guidance. The IA professional will perform comprehensive security assessments of identified and applied security controls; provide summaries of initial assessments in Security Assessment Reports (SAR) addressing the technical evaluation and results of assessment, identify weaknesses or deficiencies, and recommend corrective actions for risk mitigation. They will perform and assess the degree to which a system is compliant with operating systems, network, and application security STIG reviews. The IA professional will perform host and network based security control assessments, determine residual security risks, prepare assessment test reports, prepare and assess test plans, and provide formal recommendations in support of authorization. They will perform mobile device and mobile application security reviews and document results of such reviews. Provide testing support for evaluations and shall provide specific test plans and testing services tailored to security controls of the systems being tested. The tester will use client accepted tools and techniques, including but not limited to manual testing, web assessment software, vulnerability scanning, pen testing tools, and in house scripts as approved by the client. Test may be conducted either remotely or locally on the systems to ensure compliance and to identify security vulnerabilities, risks, threats, and gaps. The IA professional will assist with providing detailed test plans and conducting security testing of security controls specific to security boundaries, including Cross Domain Solutions (CDS). They will augment cyber penetration testing activities in the planning, execution, tracking, and reporting of Blue/Red Team Assessments consisting of identifying and exploiting vulnerabilities on client systems. In this role, they will coordinate and conduct Blue Team assessments to identify vulnerabilities and correct weaknesses in client networks. The Blue Team will work cooperatively with Key Components (KCs) to provide notification and make recommendations to mitigate those vulnerabilities and assist in corrective actions. Required Qualifications: - Must have current TS/SCI and able to pass polygraph with 60 days of hire - Working knowledge of NIST SP 800-53A, ICD 503, FISMA, DCID 6/3, relationships between IC and DoD policies for assessment and authorization - Skill in using network analysis tools to identify vulnerabilities - Skill in assessing the robustness of security systems and designs - Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes - Skill in developing and apply security system access controls - Skill in assessments of industry IT operating system, software database, or hardware - Skill in systems engineering, requirements analysis, system development, software development, or hardware development as applied to the information assurance or cyber security field - Ability to prepare the various types of security related documents - Ability to conduct vulnerability scans and recognize vulnerabilities in security systems - Ability to evaluate the trustworthiness of the supplier and/or product - Ability to evaluate the adequacy of security designs - Ability to establish effective working relationships internally and externally to the client organization - Must obtain appropriate (IAM or IAT level III - CISSP, CISM, CASP, CISA or GSLC certification (CISSP preferred)) 8570 Certification within 90 days of hire and maintain certification throughout employment Desired Qualifications: - Working knowledge of roles and procedures of red/blue team activities - Working knowledge of commercial or military software development methodologies, process, and standards - Working knowledge of web services protocols, including Simple Object Access Protocol (SOAP), Web Services Description Language (WSDL), and Universal Description, Discovery and Integration (UDDI) - Working knowledge of structured content tools and languages, and content management systems - Experience using XACTA - Developed technical documentation and white papers - Knowledge of virtualization technologies and virtual machine development and maintenance - Knowledge of emerging security issues, risks, and vulnerabilities - Skill in identifying gaps in technical capabilities and in talking to others to convey information effectively - Experience within the Intelligence Community - Certified 8570 IAM or IAT level 3, (CISSP, CISM, CASP, CISA or GSLC certification (CISSP preferred)) EDUCATION & EXPERIENCE: Typically requires a bachelor's degree or equivalent and 10 to 12 years related experience. Master's degree or doctorate in field mathematics, telecommunications, electrical engineering, computer engineering, or computer science is preferred. For this contract the following are required: - Minimum 10 years experience with graduate degree - 12 years experience with Bachelor's degree - 14 years without degree - 8570 Level III certification within 90 days of hire Master‘s degree or equivalent experience in Computer Science, Computer Engineer, Electrical Engineering, or Management Information Systems with emphasis in Information Technology/Information Assurance. Requires a minimum of 10 years‘ experience in systems engineering/analysis as applied to the cybersecurity, information assurance or related field; candidate must have experience with application of security controls to information systems. EDUCATION & EXPERIENCE: Typically a bachelor's degree or equivalent and 10 to 12 years related experience. Master's degree or doctorate in field mathematics, telecommunications, electrical engineering, computer engineering, computer science is preferred. PHYSICAL DEMANDS: Normal demands associated with an office environment. Ability to work on computer for long periods, and communicate with individuals by telephone, email and face to face. Some travel may be required.
US-St. Louis-MO-ST LOUIS