Job Title: Cyber Security Compliance Engineer Job Category: Information Technology Time Type: Full time Minimum Clearance Required to Start: None Employee Type: Regular Percentage of Travel Required: None Type of Travel: None * * * The Opportunity: CACI's Corporate Enterprise Services Cyber Security Team is seeking a Cyber Security Compliance Engineer. As a member of the Cyber Security Team, you will work to create and maintain a DFARS compliant operating environment for CACI’s users by protecting network boundaries, designing hardened computer and network devices, and providing security services to protect highly sensitive data. Designs and implements remediation and milestones to mitigate findings from vulnerability and risk assessments. Provides information assurance for digital information, ensuring its confidentiality, integrity, and availability. Responsibilities include the granting of authorization to operate IT systems at acceptable levels of risk, testing and validation of IT systems for vulnerabilities and indicative of compromise, incident response and remediation. Will develop appropriate policy and compliant technology to meet or exceed applicable government and compliance requirements. Responsibilities: - Work with a broad range of internal teams to assess the security risk and compliance levels of their system(s) - Research trends in cybersecurity threats and NIST 800 standards in support of the CMMC standard - Creation of mitigation strategies and follow up with stakeholders to ensure risk levels are documented at the appropriate levels and follow through with report writing as appropriate - Work to create and a secure and compliant environment for CACI’s users by conducting assessments to determine risk and compliance levels of various systems and helping to develop mitigation strategies. - Possess a strong knowledge of technologies to actively monitor systems to actively monitors systems for attacks and intrusions - Use data aggregation and analysis techniques and tools to provide valuable insight into the security posture of CACI’s infrastructure - Work within CACI and third-parties to ensure that all technologies are designed with security in mind follow industry best practices and are compliant with applicable guidelines. - Ability to work in a team-centric environment - Analyze security reports and reviews and documents process documentation, and assess test results and remediation plans - Ability to work with internal and external stakeholders at all business levels - Strong presentation, written, and oral communication skills required - Performs duties in support of in-house and external customers. - Designs, develops, and recommends solutions ensuring proprietary/confidential data and systems are protected in accordance with mandated standards. - Participates with the client in the strategic design process to translate security and business requirements into technical designs. - Configures and validates secure systems, tests security products/systems to detect computer and information security weakness. - Generates security architecture documentation. - Provides critical written and verbal analyses of previously generated security architecture documentation and vulnerability and risk assessments. - Designs and implements plans of action and milestones to remediate findings from vulnerability and risk assessments. - Provides information assurance for digital information, ensuring its confidentiality, integrity, and availability. - Responsibilities include the granting of authorization to operate IT systems at acceptable levels of risk, monitoring and testing of IT systems for vulnerabilities and indicia of compromise, incident response and remediation, the development of appropriate policy, relevant user security awareness and training, and compliance with applicable government and other external standards. Qualifications: Required: - Bachelor's Degree and 1-2 years’ experience with Cyber Security or compliance - Ability to obtain a security clearance Desired: - CYSA+, CISSP, CEH, Security+ - Secret or Top-Secret clearance - Previous experience with the design or implementation of cybersecurity governance, risk, and compliance activities - Established and productive individual contributor - Works independently with little general supervision - Ability to work with internal and external stakeholders at all business levels - Strong presentation, written, and oral communication skills - Experience with DFARS, CMMC, NIST 800-series, ISO, SSDF, and other RMFs - What You Can Expect: A culture of integrity. At CACI, we place character and innovation at the center of everything we do. As a valued team member, you’ll be part of a high-performing group dedicated to our customer’s missions and driven by a higher purpose – to ensure the safety of our nation. An environment of trust. CACI values the unique contributions that every employee brings to our company and our customers - every day. You’ll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality. A focus on continuous growth. Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground — in your career and in our legacy. Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Since this position can be worked in more than one location, the range shown is the national average for the position. The proposed salary range for this position is: $53,100-$106,300 CACI is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic.

• Conduct day-to-day VMaaS activities, including vulnerability scanning, asset discovery, scan policy configuration, and reporting. • Independently conduct Attack Surface Control (ASC) engagements for a variety of clients. • Monitor automated penetration testing tooling to identify and validate security weaknesses. • Perform validation of vulnerability findings to eliminate false positives and determine actual risk. • Collaborate with the penetration testing team to conduct further deep-dive testing as needed. • Perform assessment and threat modeling against industry best practices to identify control weaknesses. • Perform root cause analysis on identified vulnerabilities and attack surface weaknesses to determine technical solutions to be presented to client along with recommendations for remediations. • Assist in defining, measuring, and quantifying business risk and vulnerability impacts to clients and their stakeholders.

Syniverse is the world’s most connected company. Whether we’re developing the technology that enables intelligent cars to safely react to traffic changes or freeing travelers to explore by keeping their devices online wherever they go, we believe in leading the world forward. Which is why we work with some of the world’s most recognized brands. Eight of the top 10 banks. Four of the top 5 global technology companies. Over 900 communications providers. And how we’re able to provide our incredible talent with an innovative culture and great benefits. Who We're Looking For The Cyber Security Incident Commander Deals with advanced, complex and ever-changing threats which could affect the Syniverse brand and/or business operations. Demonstrates advanced self-managed individual delivering against enterprise level cybersecurity programs. Drive delivery for the implementation, monitoring, and continuous improvement of Security Operations Center (SOC) Incident Handling & Response and Data Protection practices- Some of What You'll Do Scope of the Role: - Direct Reports: This is an individual contributor role with no direct reports Key Responsibilities - 50% Enforce cybersecurity and data protection efforts - Operate individual and or cross-functional team activities, providing leadership/guidance and consultation to Incident response analyst - Resolve security issues through addressing identified and confirmed security events, successful forensic reviews, remediation tracking, and cross function collaboration. Conduct required efforts against Incident Response ticketing queue and prioritize Critical and High severity efforts. - Provide communication and recommendations for attack surface reduction and counter adversary efforts to improve threat landscape. - Provide continuous efforts to identify and bolster incident response capabilities for the SOC. - 40% Metric and communication delivery - Operationalize core cybersecurity and data protection functions - Establish and Manage SOC Key Performance Indicators for reporting to leadership and executive audience - Establish and Manage Audit reports and evidence for compliance requirements. - Drive scheduled debriefs with Cyber leaders and stakeholders related to SOC current events. - Participate as the SOC SME in cybersecurity tool acquisition conversations and demo’s, to provide thorough collaboration and identification of potential value. - 10% Dedicated Incident commander - Strategic Leadership: Assume overall command of the incident, establishing a safe, centralized command structure. Establish incident objectives, define priorities, and develop the overall strategy. - Resource Management: Authorize the utilization and mobilization of personnel, equipment, and resources. - Communication & Coordination: Evaluate the situation, make critical decisions under pressure, and manage the incident. Serve as the primary point of contact, ensuring effective communication between teams, stakeholders, and external agencies. - Documentation: Ensure all actions are documented, and lead post-incident reviews or after-action reports. Experience, Education, and Certifications: - MS in Computer Science, Information Systems, Business or related field or equivalent work experience. - 10+ years' experience as a security practitioner. - Technology experience with the following - Vulnerability management tools, SIEM, advanced cyber security tools, Firewall and router configuration, switches, secure network architecture, VPNs, PKI, Portals, Cisco, network monitoring technologies, Solaris, AIX , HP-UX, Red Hat Linux, Checkpoint, IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Radius, F5, Nessus, security tools and facilities - Certification as a CISSP, CISA and/or CFE, or GIAC certification(s) (desired) Additional Requirements: - Advanced understanding of Cyber Security and Data Protection - Telecommunications and wireless industry knowledge - Advanced analytical and troubleshooting skills - Working knowledge of Project Management discipline and process - Organization, influence, leadership and facilitation skills - Advanced Knowledge of Security Policies/Practices - Moderate to Advanced Security Application knowledge - Advanced knowledge in SOC operations, Vulnerability Management, Incident Handling & Response and Data Protection practices - Advanced level of awareness of current attack vectors. Disclaimer Statement: The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. It is not designed to be utilized as a comprehensive list of all duties, responsibilities, and qualifications required of employees assigned to this job. - Why You Should Join Us Join us as we write a new chapter, guided by world-class leadership. Come be a part of an exciting and growing organization where we offer a competitive total compensation, flexible/remote work and with a leadership team committed to fostering an inclusive, collaborative, and transparent organizational culture. At Syniverse connectedness is at the core of our business. We believe diversity, equity, and inclusion among our employees is crucial to our success as a global company as we seek to recruit, develop, and retain the most talented people who want to help us connect the world. Know someone at Syniverse? Be sure to have them submit you as a referral prior to applying for this position.

• Conduct day-to-day VMaaS activities, including vulnerability scanning, asset discovery, scan policy configuration, and reporting. • Independently conduct Attack Surface Control (ASC) engagements for a variety of clients, including the use of automated tools and manual micro-penetration testing. • Monitor automated penetration testing tooling to identify and validate security weaknesses. • Perform validation of vulnerability findings to eliminate false positives and determine actual risk. • Collaborate with the penetration testing team to conduct further deep-dive testing as needed based on vulnerability discoveries.