Job Location: Washington, DC
Job Detail:
At Criterion Systems, we developed a different kind of business—a company whose real value is a reputation for excellence built upon the collective skills, talents, perspectives, and backgrounds of its people. By accepting a position with Criterion Systems, you will join a group of professionals with a collaborative mindset where we share ideas and foster professional development to accomplish our goals. In addition to our great culture, we also offer competitive compensation and benefit packages, company-sponsored team building events, and advancement opportunities. To find out more about how Criterion can help you take your career to the next level please visit our website:www.criterion-sys.com.
Responsibilities:
Responsibilities include:
1. Develop and maintain a project plan and status reports to support activities to track project progress, risks, issues, and resolutions.
2. Provide cyber security expertise and assist with incident handling, vulnerability detection and remediation strategies, insecure application development techniques, cloud environments and services.
3. Provide support to the security portion of FHWA’s DevSecOps implementation to include architecture diagrams, process and SOP documentation, and the integration and management of static code vulnerability scanners into the process.
4. Maintain a current inventory that will include but is not limited to, all FHWA network ranges, assets, groups, and custom groups within the DOT CDM BigFix tool.
5. Maintain FHWA core system documentation, via standardized templates, technical guides and baseline management with supporting checklists including FHWA Cybersecurity Handbook and the FHWA Continuous Monitoring Risk Management Plan (CMRMP). Provide programmatic assistance and guidance to system owners.
6. Execute information system contingency plan (ISCP) testing and provide contingency training for personnel with ISCP roles necessary to accomplish their roles in a system recovery capacity.
Qualifications:
- US Citizenship
- Certified Information Systems Security Professional (CISSP);
- Certified of Cloud Security Knowledge (CCSK), Azure Certified or other Cloud Certification
- 7+ years of experience required with job responsibilities
- Bachelors Degree
- Ability to obain a public trust
- Experience with managing Federal contracts projects and must have the ability to communicate effectively both orally and in writing.
- Expert level knowledge of Federal Cybersecurity and Privacy Laws, Regulations, Policies, Procedures, and implementation standards
- Expert level of experience ensuring compliance with NIST SP 800-18, 800-37, 800-53 rev4, 53a rev4, 800-137, 800-30, 800- 60, FIPS 199 and 200, NIST SP 800- 34, NIST 800-66 rev 1.
- Understanding of the FISMA assessment and accreditation process.
- Understanding of the GSA FedRAMP process
- Understanding of current Cloud Service technologies
- Understanding of application development concepts and technologies with an emphasis on dynamic and static code application scanning tools, their outputs, and knowledge of remediation actions as listed in reports.
-
Expert level experience in applying the Federal Government’s deployment of Information Security Continuous Monitoring (ISCM) and the Continuous Diagnostics and Mitigation (CDM) Program technologies.
- Experience conducting and analyzing weekly and monthly vulnerability and compliance scans of Linux, Windows, and virtual environments with the vulnerability tools such as Nessus, Splunk, Netsparker, and BigFix.
- Vulnerability application and database security assessment, scanning and results interpretation.
- Understanding of Identity, Credential and Access Management (ICAM) implementation.
- Expert level experience with enterprise security architecture methodologies, concepts, procedures, principles, and tools.
- Understand domain structures, network protocols, user authentication, digital signatures, firewall and security best practices.
-
Understanding of the principles and security impacts of:
- Network devices security devices such as network firewall, data loss prevention, network intrusion detection systems, and intrusion prevention systems.
- Operating Systems and systems services (Windows Server, Linux/ Unix and Active Directory)
- Ability to plan, execute and develop report for application, network (internal or external) vulnerability analysis and provides technical recommendations to maintain and improve mission functionality.
- Must have 3 years of experience in contingency planning and backup and recovery best practices and application of NIST guidance in this area. This includes tabletop and functional tests.
- Ability to work with customers to assess needs, resolve problems, satisfy expectations; knows products and services.
- Experience conducting dynamic web application security testing, both manual testing and utilizing application security tools to discover exploitable vulnerabilities.
- Understanding of the principles, methods, or tools for developing, scheduling, coordinating, and managing projects and resources, including monitoring work, and performance.
- Understanding of the principles, methods, and tools of quality assurance and quality control used to ensure a product fulfills functional requirements and standards.
- Experience with security analysis of security controls for systems in the cloud
- Understanding of the principles, methods, and tools of quality assurance and quality control used to ensure a product fulfills functional requirements and standards.
- Proficient in Microsoft Office products: Word, Excel, PowerPoint, Visio, Teams, Power BI and SharePoint.
- Experience with Risk Management tools such as eMASS and CSAM
- Must be comfortable communicating with system owners, business sponsors, and IT ops personnel to gather needed information to develop/update system core ATO documentation and privacy documentation such as PTAs, PCMs, and PIAs.
- Must have the ability to multitasks. Will be expected to work with developers and business owners to develop core documentation for a new system while working with the system owner and infrastructure/ops teams to update a system in production.
- Must have the ability to communicate effectively both orally and in writing.
Criterion Systems, Inc. and its subsidiaries are committed to equal employment opportunity and non-discrimination at all levels of our organization. We believe in treating all applicants and employees fairly and make employment decisions without regard to any individual’s protected status: race, ethnicity, color, national origin, ancestry, religion, creed, sex/gender, gender identity/gender expression, sexual orientation, physical and mental disability, marital/parental status, pregnancy (including childbirth, lactation, and related medical conditions), age, genetic information (including characteristics and testing), military and veteran status, or any other characteristic protected by law. For our complete EEO/AA and Pay Transparency statement, please visit https://careers-criterion-sys.icims.com/.
Submit CV To All Data Science Job Consultants Across United States For Free
