Overview

At Criterion Systems, we developed a different kind of business—a company whose real value is a reputation for excellence built upon the collective skills, talents, perspectives, and backgrounds of its people. By accepting a position with Criterion Systems, you will join a group of professionals with a collaborative mindset where we share ideas and foster professional development to accomplish our goals. In addition to our great culture, we also offer competitive compensation and benefit packages, company-sponsored team building events, and advancement opportunities. To find out more about how Criterion can help you take your career to the next level please visit our website: www.criterion-sys.com. Criterion Systems is a Military/Veteran Friendly Company therefore we encourage Veterans to apply.

Responsibilities

We are seeking a Senior Information Systems Security Specialist to support our Department of Transportation (DoT) customer in Washington, DC! This is a hybrid remote position, you will be expected to be on-site 2 days/week min.

Duties, Tasks & Responsibilities

• Develop and maintain Information System’s core and privacy documentation, in accordance with each phase of the System Development Life Cycle (SDLC).
• Work with stakeholders to create or update and update Privacy Threshold Analyses (PTAs and other privacy docs, FIPS 199 Security Categorization document, control selection listing, System Security Plan (SSP), Information System Configuration Management Plan, and Account Management Plan.
• Develop information system contingency plans, including Business Impact Analysis (BIA), in accordance with NIST SP 800-34 Revision (Current), Guide to Test, Training and Exercise Programs for Information Technology Plans and Capabilities and ensure contingency plan test exercises results are documented in an after-action report, and Lessons Learned corrective actions are captured for updating information in the Information Systems Contingency Plan (ISCP).
• Conduct Account Management review: review privilege user account logs; identifying inactivity account greater than 30 days; identifying suspicious account; creating incident if account is created without approval; contacting SOC to report security incident.
• Develop and maintain inventory of Information System Interconnections and review, develop / update Interconnection Security Agreements and MOUs in accordance with NIST 800-47.
• Ensure the DOT enterprise information security management system, Cyber Security Assessment and Management (CSAM), accurately contains required information and supporting artifacts.
• Provide project support and coordination with functional teams to gather documentation and support draft responses for audits or evaluations.
• Assist in recording all known security weaknesses of assigned information systems in the Plans of Action and Milestones (POA&M’s) in accordance with DOT policy, guides and procedures.
• Work with customers to assess needs, resolve problems, satisfy expectations; knows products and services.
• Understand domain structures, network protocols, user authentication, digital signatures, firewall and security best practices.
• Provide guidance in the design of new application and database configurations and connectivity.
• Administer cybersecurity systems and provide technical recommendation to maintain and improve mission functionality.
• Plan, execute and develop report for application, network (internal or external) vulnerability analysis and provides technical recommendations to maintain and improve mission functionality.

Qualifications

Required Experience, Education, Skills & Technologies

• Bachelor's degree with at least 8 years total information system and network security experience 
• 4 years of additional experience in lieu of degree
• 6 years of experience with a government customer creating and maintaining IT Authorization to Operate (ATO) packages for new systems and interfacing/coordinating with the System Owners (SO), Business Owners, System Maintainers, and Developers

• Advanced knowledge of Federal Cybersecurity and Privacy Laws, Regulations, Policies, Procedures and implementation standards

• Demonstrated competence in information assurance, cybersecurity, privacy policies disciplines, methodologies including but not limited to National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), NIST Cybersecurity Framework (CSF), FedRAMP and applying Security and Privacy concepts, methodologies, principles, procedures and using industry-standard IT security tools.

• Ability to conduct dynamic web application security testing, both manual testing and utilizing application security tools to discover exploitable vulnerabilities.

• Vulnerability application and database security assessment, scanning and results interpretation.

• Understand the FISMA assessment and accreditation process.

Preferred Experience, Education, Skills & Technologies

• ITILv3
• Certified Data Privacy Solution Engineer (CSDPE)
• Certified in Risk and Information Systems Control (CRISC) or CompTIA Advanced Security Practitioner Study (CASP)
• Certified INformation Privacy Professional (CIPP)
• Certified Cloud Security Professional (CCSK) and other Cloud Certification as appropriate

• Additional Experience

  • Experience with security analysis of security controls for systems in the cloud
  • Experience developing privacy documentation such as PTAs, PCMs, and PIAs
  • Ability to multitasks; will be expected to work with developers and business owners to develop core documentation for a new system while working with the system owner and infrastructure/ops teams to update a system in production.

Security Clearance Level

• Public Trust

Certification

Must possess the following verifiable and current Industry Certifications or be able to obtain certification within 6 months of hire date:

• Certified Information Systems Security Professional (CISSP) or similiar type certification
• Certified of Cloud Security Knowledge (CCSK), Azure Certified or other Cloud Certification

Work Schedule

• Full-time hybrid remote 2-3 days/week
• Tuesdays are core days when required to be onsite in Washington, DC.

Benefits Offered

• Medical, Dental, Vision, Life Insurance, Short-Term Disability, Long-Term Disability, 401(k) match, Tuition/Training Assistance, Parental Leave, Paid Time Off, and Holidays.

Criterion Systems, LLC and its subsidiaries are committed to equal employment opportunity and non-discrimination at all levels of our organization. We believe in treating all applicants and employees fairly and make employment decisions without regard to any individual’s protected status: race, ethnicity, color, national origin, ancestry, religion, creed, sex/gender, gender identity/gender expression, sexual orientation, physical and mental disability, marital/parental status, pregnancy (including childbirth, lactation, and related medical conditions), age, genetic information (including characteristics and testing), military and veteran status, or any other characteristic protected by law. For our complete EEO/AA and Pay Transparency statement, please visit https://careers-criterion-sys.icims.com/.