CACI is currently looking for outstanding IT candidates to join our TSA IT Management, Performance Analysis, and Collaborative Technologies (IMPACT) team in the National Capital Region (NCR) and throughout the United States.
CACI will provide a variety of IT services through IMPACT including cyber security, identity and access management, risk management, cloud integration and engineering, field support services, service desk, application deployment and optimization, and operations center support services.
CACI will support TSA in both classified and unclassified IT operational environments increasing availability and security for a variety of applications and systems. IMPACT services will integrate with the broader DHS mission and enhance existing Department-wide IT capabilities.
- Provides support to plan, coordinate, and implement the organization's information security.
- Provides support for facilitating and helping agencies identify their current security infrastructure and define future programs, design and implementation of security related to IT systems.
- Oversees the efforts of security staff to design, develop, engineer
- and implement solutions to security requirements.
- Responsible for the implementation and development of the DHS IT security. Gathers and organizes technical information about an organization's mission goals and needs, existing security products, and ongoing programs in the MLS arena.
- Performs risk analyses which also includes risk assessment.
- support to plan, coordinate, and implement the organization's information security.
- Provides support for facilitating and helping agencies identify their current security infrastructure and define future programs, design and implementation
- of security related to IT systems.
- A working knowledge of several of the following areas is required: understanding of business security practices and procedures; knowledge of current security tools available; hardware/software security implementation; different communication protocols; encryption techniques/tools; familiarity with commercial products, and current Internet/EC technology.
- Ability to serve as Information System Security Officer.
Provides daily supervision and direction to staff.
- Review information systems for compliance with applicable NIST, DHS, and TSA directives and guidance, and make recommendations to the customer;
- Provide IS security advice and guidance in accordance with applicable NIST, DHS, and TSA directives and guidance to Government and industry partners for the protection of data at all classification levels
- Provide IS technical guidance and support in preparing responses for USG approval to A&A questions asked by Government and industry partners;
- Evaluate and recommend approval, disapproval, or waiver(s) for IS processing national security data at industry and/or Government facilities;
- Support Security's development and implementation of directives and guidance for Information Assurance, Information Technology, and Information Management policies;
- Provide input to for consideration in the promulgation of future security policy; The Candidate shall support and/or conduct site visits and assessments to inspect and verify IS reports and plans at industrial and Government locations as approved by the Government, and provide a written report for review and approval by the USG;
- Prepare reports and memoranda, to include, but not limited to: Memoranda for the Record (MFR), Memoranda of Agreement (MOA), Authorization To Proceed, and status and technical briefs for review and approval by A1:V443
- Update data and maintain Government-provided databases with current information about Government and industry IS status and representative contact information.
- Prepare, review, and record notification and status messages to indicate A&A state of systems to system owner or programs in a USG approved format.
- Ensure that appropriate IS security requirements including applicable NIST, DHS, and TSA directives and guidance are addressed and applied and that appropriate documentation is prepared by the system owners or programs. The
documentation will be contained in the Security Assessment Package, including, but not limited to the Concept of Operations (CONOPS) Plan, System Security Plans, System Requirements Traceability Matrix, Risk Management Matrix, Test Results, interface control documents, requests for changes, test plans, and other related program security documentation;
- Track completion of the Security Assessment Package and report status;
- Support the preparation of the Security Assessment Report (SAR). The SAR contents include, but is not limited to the, Summary of Assessment results and Authorization Recommendation;
- Review, coordinate, and respond to IS security issues as requested by the Government;
- Perform short term (less than 10%) CONUS and OCONUS travel to conduct site security inspections when approved by the Government;
Demonstrated knowledge and experience implementing, monitoring, and upgrading security technology and administrative controls necessary to safeguard computer information data and systems Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits as well as have strong background in troubleshooting of operational issues and incident handling
Responsible for ensuring Information technology meets audit mandates as well as Compliance mandates Responsible for administration of security tools to maintain security controls, including firewalls, intrusion detection systems, NAC, SIEM, and data loss prevention technologies
Ability to obtain Secret clearance
Must have Associate's Degree or higher and/or 5-15 years of experience (Typically requires Bachelors Degree and
12-15 years of related experience)
5+ years' specific experience in security administration experience in a large, complex environment. Enterprise class security products such as such as web proxy, reverse proxy, load balancing, IDS/IPS, DLP, Firewall, IPsec/SSL VPN, WAN/LAN, wireless and remote connectivity Infrastructure security, including windows, Unix/Linux, desktop/laptop, and mobile security, hands-on experience in packet capturing and analyzing log, as well as knowledge on cryptography and PKI. Compliance frameworks and requirements such as NIST, PCI, HIPAA, HITECH, SOX etc. Knowledge on threat landscape, security threat and vulnerability management, and security monitoring and analytics