Cyber Security Specialist
CACI is currently looking for a Cybersecurity Specialist with agile methodology experience to join our BEAGLE (Border Enforcement Applications for Government Leading-Edge Information Technology) Agile Solution Factory (ASF) Team supporting Customs and Border Protection (CBP) client located in Northern Virginia! Join this passionate team of industry-leading individuals supporting the best practices in Agile Software Development for the Department of Homeland Security (DHS).
As a member of the BEAGLE ASF Team, you will support the men and women charged with safeguarding the American people and enhancing the Nation’s safety, security, and prosperity. CBP agents and officers are on the front lines, every day, protecting our national security by combining customs, immigration, border security, and agricultural protection into one coordinated and supportive activity.
ASF programs thrive in a culture of innovation and are constantly seeking individuals who can bring creative ideas to solve complex problems, both technical and procedural at the team and portfolio levels. The ability to be adaptable and to work constructively with a technically diverse and geographically separated team is crucial.
The Cybersecurity Specialist with both strong cybersecurity and network security delivery skills will need to have a deep technical understanding of Cybersecurity practices, delivering secure and reliable hardware and software solutions in short sprints. They will work as an integral part of a highly productive team of seasoned technical professionals who thrive on supporting our customer's mission and growth objectives– responsible for designing, developing, leading, and implementing secure application and infrastructure capabilities for a variety of legacy and modernized systems and applications.
They will work in close collaboration with software developers/engineers, quality assurance engineers, stakeholders, and end users within Agile Engineering processes. They must have a working knowledge of enterprise class information assurance requirements and network security and survivability.
They will also be responsible for supporting development of a spectrum of engineering artifacts that adequately, but succinctly captures system security requirements, application and network security design, and network security architecture. This position is responsible for ensuring that all assigned work activities are performed in a timely, secure, compliant and cost-effective manner while maintaining the highest quality of performance.
What you’ll get to do:
Serve as a Cybersecurity Team member responsible for the Information Assurance and Security of application, database, and enterprise network services. Responsible for activities associated with delivery of Cybersecurity policy implementation and network solutions associated with customer-defined systems and software projects;
basic responsibilities include:
Implement Cybersecurity Program strategyApply information security in accordance with National/DHS/CBP directives security policy including, but not limited to,, NIST SP 800-30, NIST 800-37, NIST 800-53a, NIST SP 800-61, NIST 800-171, DHS 4300A, CBP Handbook 1400-05DAssess entire system lifecycle requirements and network security impactsSupport creation of, and ensure approval for, Department of Homeland Security (DHS) Risk Management Framework (RMF) Assess and Authorize (A&
A) Process for development and sustainment projectsSupport program and customer management, and government Authorizing Official (AO) for all information security status, policies, and proceduresDocument DHS RMF Security Implementation Plan artifacts. Coordinate and assist development team with application artifact documentationAssist government personnel in preparing and presenting Information Assurance Compliance System (IACS) packages to the Control Assessor (SCA) Assess and analyze the current threat environmentEnhance – Implement Cybersecurity vulnerability/A&
A hardening testingOptimize – Cybersecurity development environment certificationArchitect &
Engineer security – develop security goals, capabilities, controls, and architectureDesign &
Implement security – vulnerability management, build security into developmentIntegrate &
Test Security – test patches and settings, document A&
A artifactsValidate &
Verify security – validate patch status and software control statusImplement security – apply patches and security settings, performance incident handling and remediationMaintain security posture – audit security settings, track security training, monitor threats, track reaccreditationEnable assurance for information security during all phases of agile software development and deploymentContinuously evaluate and recommend innovative proven best business practices and tools to enhance defense-in-depthIdentify, assess, and recommend zero-day cyber threat remediationAddress Cybersecurity issues to help maintain Continuity of Operations Plans (COOP)Perform information security vulnerability testing and mitigate any nonconformanceSupports reviews and audits of continuous system monitoring and contingency planning. Updates associated documentation as neededCreate and manage Plan of Action &
M)Implement and validate Security Technical Implementation Guide (STIG) requirements for all development and implementation projectsUnderstand and assist developers with static code analysis processesReport and help investigate security-related incidents and security violations as requested by the Computer Security Incident Response Center (CSIRC)Monitor and inspect for approved software usage and implementation of approved antivirus and other security related softwareDevelop and maintain security training programs are developed and maintainedManages experienced professionals who exercise latitude and independence in assignments, Leads, directs and reviews the work of a team who exercise latitude and independence in their assignments.Manages a team with a focus on policy, implementation of strategic initiatives and execution of day to day deliverables.Works to achieve, team objectives, operational plans with measurable contribution towards the achievement of results of the job function or completion of a project.
Must be a U.S. Citizen with the ability to pass CBP background investigation, criteria will include:
3-year check for felony convictions
1-year check for illegal drug use
1-year check for misconduct such as theft or fraud
College degree (B.S., M.S.) in Information Assurance, Computer Science, Information Management Systems or a related discipline
minimum Security+ CE or equivalent, CISSP or CASP preferred
Demonstrated knowledge DHS 4300A, “Sensitive Systems Handbook”, and CBP Handbook 1400-05D, “Information Systems Security Policies and Procedures Handbook”
Demonstrated knowledge of NIST Information Technology Security Special Publications (SP) 800 series, with emphasis on NIST SP 800-37, “Guide for Applying the Risk Management Framework to Federal Information Systems” and NIST SP 800-53A, “Guide for Assessing the Security Controls in federal Information Systems”
Five (5+) years related technical experience
Apply information security in accordance with National/DHS/CBP directives security policy including, but not limited to,, NIST SP 800-30, NIST 800-37, NIST 800-53a, NIST SP 800-61, NIST 800-171, DHS 4300A, CBP Handbook 1400-05D
Support creation of, and ensure approval for, Department of Homeland Security (DHS) Risk Management Framework (RMF) Assess and Authorize (A&
A) Process for development and sustainment projects
Support program and customer management, and government Authorizing Official (AO) for all information security status, policies, and procedures
Document DHS RMF Security Implementation Plan artifacts. Coordinate and assist development team with application artifact documentation
Enable assurance for information security during all phases of agile software development and deployment
You’re good at:
Working knowledge of and ability to assist others in the use of information security provisioning and monitoring tools to support process improvementWorking knowledge of Federal Information Security Management Act (FISMA) reporting requirements and processesAbility to apply advanced principles, theories, and concepts, and contribute to the development of innovative IA principles and ideasExperience working on unusually complicated problems and providing solutions that are highly creative and ingenious, exhibiting ingenuity, creativity, and resourcefulnessExperience with continuous integration tools and environmentsExperience with scripting languages like Perl, VBScript, Ruby, etc.Experience with Computer Network Defense (CND) processes, procedures, and toolsActing independently to expose and resolve problemsDemonstrated experience with HP Fortify Software Security CenterDemonstrated experience with Assured Compliance Assessment Solution (ACAS)/Tenable Nessus Vulnerability ScannerDemonstrated experience with DISA Security Technical Implementation Guide (STIG) implementation and Security Content Automation Protocol (SCAP) tool usageDemonstrated familiarity and experience with Firewalls, Intrusion Prevention Systems, WebGateways, and/or enterprise Antivirus software technologiesDemonstrated experience using IACSDemonstrated ability to identify and manage riskUnderstanding all elements of the DHS and CBP Cybersecurity policies and requirementExcellent written and verbal communication skillsStrong collaboration skills and desire to work within a teamHighly responsible, team-oriented individual with very strong communication skills and work ethic;
What We Can Offer You:
We’ve been named a Best Place to Work by the Washington Post.Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.We offer competitive benefits and learning and development opportunities.We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities.For over 55 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.
CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is proud to provide dynamic careers for employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.