You will perform security vulnerability assessments that are an integral part of our independent verification and validation process. You will perform vulnerability scanning, static source code analysis, reverse engineering, penetration testing, traffic analysis, documentation, reporting and analysis requirements.
More About this Role:
Perform comprehensive security assessments of identified and applied security controls. Provide summaries of initial assessments in Security Assessment Reports (SAR) that address the technical evaluation and results of assessment, identify weaknesses or deficiencies, and recommend corrective actions for risk mitigation.
Perform and assess the degree to which a system is compliant with operating system, network, and application security STIG reviews.
Perform host and network based security control assessments, determine residual security risks, prepare assessment test reports, prepare and assess test plans, and provide formal recommendations in support of authorization.
Review and analyze the findings that identify security issues on the system. You shall compile results and finding into a final Security Assessment Report, along with assessments and recommendations for remediation.
Conduct testing and scanning via modern techniques and scanning tools, including manually (software and hardware) used either remotely or locally on the systems to evaluate compliance and to identify security vulnerabilities, threats, risks, and gaps. You will review and analyze the findings that identify security issues on the system.
Scanning source code, auditing results with development and/or security teams and offering plans for remediation of vulnerabilities.
You’ll Bring These Qualifications:
University Degree BS or equivalent experience.
Knowledge and experience in security disciplines including, but not limited to, software security, operations security, administrative security, and communications security.
Knowledge of IA principles and organizational requirements that are relevant to confidentiality, integrity, availability, authentication, and non-repudiation.
Ability to develop best practices for processes and standards that will better the system.
Knowledge of security system design tools, methods, and techniques.
Knowledge of known vulnerabilities from alerts, advisories, and bulletins
These Qualifications Would be Nice to Have:
Working knowledge of information system security controls and how to assess their effectiveness per NIST SP 800-53 and NIST SP 800-53A.
Experienced in system testing methodologies that include: Penetration testing, Configuration analysis, Security best practices validation
Experienced in security testing and penetration tools that include: Covery, CodeSonar, Burp, Kali Linux, Metasploit, Nmap, Wireshark, Red / Blue team assessment experience.
There is no clearance requirement to begin employment. However, as a requirement of continued employment in this position you will be required to obtain a TS/SCI clearance.
What We can Offer You:
- We’ve been named a Best Place to Work by the Washington Post. - Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. - We offer competitive benefits and learning and development opportunities. - We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities. - For over 55 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.