SterlingVARecruiter Since 2001
the smart solution for Sterling jobs

Information Assurance Analyst

Company: CACI International Inc.
Location: Sterling
Posted on: June 12, 2021

Job Description:

Job Description

CACI seeks a talented Information Assurance (IA) Analyst to join our Advanced Solutions Group, within the National Security and Innovative Solutions Sector. We enable national security missions through creation and delivery of innovative, technology-centric solutions that provide decision advantage to our customers. Our client engagement processes, the way we collaborate, operate and deliver value provides an unparalleled opportunity to grow and advance.

This opportunity offers very rewarding and unique benefits, which equates to 50% of compensation on TOP of your base salary! The first part is a tax-qualified profit-sharing retirement plan, to which CACI annually contributes up to 25% of your base salary (not in excess of applicable IRS limits) to your retirement account. The second component consists of an Individual Benefit Account (IBA), which is used for premiums, medical reimbursements, dependent care, education and Paid Time Off (PTO) policy. Both components of the benefit package are paid for by CACI, in addition to your base salary and potential performance bonuses. We believe in a healthy home/work balance and our locations offer a wide variety of activities to balance with your work life.

What You'll Get to Do:

  • Navigate Accreditation and Authorization processes to ensure that the program deliverables receive Approvals To Operate.
  • Work with the customer IA representatives to complete Risk Management Framework activities and documentation.
  • The IA Analyst will work with program engineers, developers, DevOps, Infrastructure teams to ensure that products are compliant with security requirements and continuously monitor subsequent releases to maintain compliance.
  • The position will be the program's IA representative.
  • Coordinate with customer IA representatives
  • Characterize systems in accordance with the Risk Management Framework
  • Write documents to include System Security Plans, Security Test Procedures and Plan Of Actions & Milestones, SOPs
  • Provide technical requirements and solutions to program engineers
  • Provide technical justifications to tailor security requirements
  • Execute government-witnessed security test events
  • Use automated tools to provide vulnerability and compliance assessments (Nessus, SCC/SCAP, SAST, DAST)
  • Design, develop, and deploy out-of-the-box solutions and hosted on bare metal servers or virtualized environment
  • Develop DevOps/DevSecOps/AppSec process to support ASD STIG.
  • Work with program and technical staff in all aspects of daily work.
  • Fully engaged in the implementation of a DevOps/AppSec practices for supporting IT
  • Support information assurance process in a technical role by complying with technical controls, technical checklists etc.
  • Review IAVM notices and address with program engineers as required
  • Ensure regular patching of systems
  • Monitor software releases to ensure continued compliance and closure of POA&M items
  • Support corporate IA personnel in efforts related to assigned programs.
  • Position may require some travel to support security test events

You'll Bring These Qualifications:

  • Active TS//SCI
  • Bachelor's degree and a total of over 3 years of experience and a minimum of one year experience in the field of Information Assurance (IA) and/or Cybersecurity to include:
  • Experience in the following software development life cycle phases: initiation, acquisition/development, implementation, operations/maintenance, and disposition to incorporate the security steps needed to effectively incorporate security into a system during its development.
  • Experience supporting DoD or Intelligence Community acquisition program or projects that have resulted in Interim Authorization to Test (IATT) and/or Authorization to Operate (ATO).
  • Experience and application in the use of DoD-approved scanning tools to include, but not limited to, Nessus (Assured Compliance Assessment Solution ((ACAS)), Security Content Automation Protocol (SCAP) Compliance Checker (SCC), SCAP security configuration scanner, Security Technical Implementation Guidance (STIG) Viewer, and Network Mapper (nMAP).
  • Must possess security certification for the Information Assurance Technical (IAT) II in accordance with the Information Assurance Work Improvement Program, DoD 8570.1-M.
  • Experience with installing, running, reviewing results from DevSecOps tools (ie,, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST))
  • Must know Linux.
  • Thrive in an energetic, fast-paced environment - learn and become productive quickly and meet team goals, can-do attitude, able to do what it takes to deliver
  • Demonstrated ability to work as part of an integrated team, as well as independently
  • Strong interpersonal and relationship building skills conducive to team building
  • Familiarity with the secure configuration of Linux systems.
  • Knowledge of DoD RMF
  • Experience creating, updating, and managing projects in eMass
  • Certified in accordance with DoD 8570.1 IAT level II - (Security+, CISSP, or similar)
  • Experience operating ACAS/Nessus, SCC/SCAP/STIGs and interpreting resulting scans.

These Would Be Nice to Have:

  • Knowledge of DCID 6/3, ICD 503, CNSSI 1253, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-37, and security controls assessment criteria/procedures.
  • Familiarity with the secure configuration of Cisco devices
  • Familiarity with SSRDB and the process for vetting third party software products.
  • Familiarity with DISA STIGs
  • Possess an active relevant technical certification (Certified Information Systems Security Professional, Offensive Security Certified Professional, Global Information Assurance Certification, Cisco Certified Network Associate/ Cisco Certified Network Professional Security.
  • Experience with applying of National Institute of Standards (NIST) 800-64, Revision 2 - Security Considerations in the Systems Development Life Cycle.
  • Engineering and/or architecture experience with web applications, application stacks, web application firewalls, intrusion detection sensors, antimalware technologies, vulnerability scanning technologies, and advanced persistent threat (APT) prevention technologies.
  • Knowledgeable on cyber threats relative to the DoD and Intelligence Community industry.
  • Experience creating analytical reports for Leadership on complex security issues.
  • Experience designing secure networks, systems, and application architectures

What We Can Offer You:

  • We've been named a Best Place to Work by the Washington Post.
  • Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
  • We offer competitive benefits and learning and development opportunities.
  • We are mission-oriented and ever vigilant in aligning our solutions with the nation's highest priorities.
  • For over 55 years, the principles of CACI's unique, character-based culture have been the driving force behind our success

Job Location

US-Sterling-VA-VIRGINIA SUBURBAN

CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is proud to provide dynamic careers for employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.

Keywords: CACI International Inc., Sterling , Information Assurance Analyst, Other , Sterling, Virginia

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Log In or Create An Account

Get the latest Virginia jobs by following @recnetVA on Twitter!

Sterling RSS job feeds