Lead Cybersecurity Specialist/Analyst
Company: Criterion Systems, Inc
Location: Washington
Posted on: March 1, 2025
Job Description:
OverviewAt Criterion Systems, we developed a different kind of
business-a company whose real value is a reputation for excellence
built upon the collective skills, talents, perspectives, and
backgrounds of its people. By accepting a position with Criterion
Systems, you will join a group of professionals with a
collaborative mindset where we share ideas and foster professional
development to accomplish our goals. In addition to our great
culture, we also offer competitive compensation and benefit
packages, company-sponsored team building events, and advancement
opportunities. Criterion Systems is a Military/Veteran Friendly
Company therefore we encourage Veterans to apply.ResponsibilitiesWe
are seeking a mission-focused Lead Cybersecurity Specialist to
support and contribute to our government customer's success at the
U.S. Department of Transportation (DOT) Headquarters in Washington,
DC.The position is hybrid on-site/telework.The individual shall
support and provide assistance in Cybersecurity and IT security
compliance of the DOT Maritime Administration (MARAD) IT
cybersecurity program.Duties, Tasks & Responsibilities
- Develop and maintain MARAD's Information System's core security
and privacy documentation, in accordance with each phase of the
System Development Life Cycle (SDLC) with standardized templates,
baseline management with supporting checklists and technical
guides, and policies. This includes:
- Working with stakeholders to create or update Privacy Threshold
Analyses (PTAs) and other privacy docs, FIPS 199 Security
Categorization document, control selection listing, System Security
Plan (SSP), Information System Configuration Management Plan, and
Account Management Plan.
- Develop information system contingency plans, including
Business Impact Analysis (BIA), in accordance with NIST SP 800-34
Revision (Current), Guide to Test, Training and Exercise Programs
for Information Technology Plans and Capabilities and ensure
contingency plan test exercises results are documented in an
after-action report, and Lessons Learned corrective actions are
captured for updating information in the Information Systems
Contingency Plan (ISCP).
- Developing and maintaining Inventory of Information System
Interconnections and review, develop/update Interconnection
Security Agreements and MOUs in accordance with NIST 800-47.
- Providing security support and evaluation to development teams
to develop core and privacy documentation, integrating information
assurance/security throughout the System Life Cycle Development of
major and minor application releases.
- Support security in the system engineering process, supporting
Risk Management Framework (RMF) task(s) in accordance with NIST
Special Publication 800-37, and the DOD Risk Management Framework,
including supporting security assessments and other audits
requests, Information System Continuous Monitoring (ISCM),
Contingency Planning, incident handling risk analysis and
mitigation IT security baseline compliance and security (Role-based
and Awareness) training, in accordance with supporting DOT policy
and guidelines and NIST standards.
- The individual shall provide ongoing recommendations for
mitigation of all threats and risks affecting the MARAD
environment.
- The individual shall assist in the mitigation/remediation
process, following corrective action plans approved by MARAD
leadership i.e. Contracting Officer (CO), Contracting Officer's
Representative (COR), and/or Task Area COR.
- The individual shall provide support in tracking and ongoing
evaluation of weaknesses, vulnerabilities identified by Nessus and
other security scan tools, identifying critical and high weaknesses
via insecure application development techniques, cloud
environments, networked enclaves, and provide remediation or
corrective actions to improve the MARAD security posture.
- The individual shall maintain a current MARAD information
system endpoint inventory that will include but is not limited to,
all MARAD network ranges, assets, groups, and custom groups within
the DOT's Continuous Diagnostic and Mitigation (CDM) tool suite
i.e. BigFix, Nessus and other. The individual shall evaluate
endpoints migration to and from the operational environment to
ensure inventory accuracy and security tool suites are installed in
accordance with approved baseline.
- The individual shall support MARAD's SDLC and DevSecOps
implementation. Individual shall maintain architecture diagrams,
process and standard operation procedures documentation, and the
integration and management of static code vulnerability detection
applications into the process. Individual shall evaluate
applications including Websites with applicable tool suite(s) and
techniques to provide recommendation and track approved remediation
pertaining.
- The individual shall manage MARAD's Information System's core
documentation, in accordance with each phase of the system
engineering process/SDLC with standardized templates, baseline
management with supporting checklists and technical guides,
including but not limited to the DOT Security Authorization and
Continuous Monitoring Guide, Weakness Guide and other DOT
procedures.
- The individual shall assist the System Owner, Information
Owner, and ISSM in recording all known security weaknesses of
assigned information systems in the Plans of Action and Milestones
(POA&M's) in accordance with DOT policy, guides and
procedures.QualificationsRequired Experience, Education, Skills &
Technologies
- US Citizenship and ability to obtain a public trust.
- Must have at least 6 years total information system and network
security experience.
- Must have at least 4 years of experience with the federal
government creating and maintaining IT Authorization to Operate
(ATO) packages and RMF documentation for operational systems and
interfacing/coordinating with the System Owners (SO), Business
Owners, System Maintainers, and Developers.
- Bachelor's Degree in relevant field or 4 years of equivalent
work experience in lieu of degree.
- Have the ability to go onsite in DC 2 times a week.
- Experience in maritime/vessel cybersecurity. Specifically, an
understanding of marine operations and IT methods, techniques, and
practices sufficient to select, recognize, adapt, and apply
shipboard principles and practices.
- Understanding of IT governance and management in the federal
sector.
- Expert level knowledge of Federal Cybersecurity and Privacy
Laws, Regulations, Policies, Procedures, and implementation
standards.
- Understanding of information assurance, cybersecurity, privacy
policies disciplines, methodologies including but not limited to
National Institute of Standards and Technology (NIST) Risk
Management Framework (RMF), NIST Cybersecurity Framework
(CSF).
- Understand the Federal Government's deployment of Information
Security Continuous Monitoring (ISCM), the Continuous Diagnostics
and Mitigation (CDM) Program, organizational phases and
technologies.
- Ensure the DOT enterprise information security management
system, Cyber Security Assessment and Management (CSAM), accurately
contains required information and supporting artifacts.
- Provide project support and coordination with functional teams
to gather documentation and support draft responses for audits or
evaluations.
- Understanding of Identity, Credential and Access Management
(ICAM) implementation.
- Ability to work with customers to assess needs, provide
assistance, resolve problems, satisfy expectations; knows products
and services.
- Understanding of the principles, methods, or tools for
developing, scheduling, coordinating, and managing projects and
resources, including monitoring work, and performance.
- Understanding of the principles, methods, and tools of quality
assurance and quality control used to ensure a product fulfills
functional requirements and standards.
- Proficient in Microsoft Office products: Word, Excel,
PowerPoint, Visio, Teams, Power BI, Tableau, and SharePoint.
- Experience with managing Federal contracts projects and must
have the ability to communicate effectively both orally and in
writing.
- Equivalent of IAM Level III certification in accordance with
DoD 8570.01M, such as CISSP or CISM or ability to obtain it within
6 months.
- Experience with Operational Technology cybersecurity controls
and principles.
- Ability to perform risk assessment and risk management.
- Understand domain structures, network protocols, user
authentication, digital signatures, firewall and security best
practices.
- Ability and expertise to provide guidance in the design of new
application and database configurations and connectivity.
- Ability to administer cybersecurity systems and provide
technical recommendation to maintain and improve mission
functionality.
- Ability to plan, execute and develop report for application,
network (internal or external) vulnerability analysis and provides
technical recommendations to maintain and improve mission
functionality.
- Understand the FISMA assessment and accreditation process.
- Understand the DOD Risk Management Framework and Reporting
process.
- Understanding of the principles and methods to configure and/or
administer:
- Network devices security devices such as network firewall, data
loss prevention, network intrusion detection systems, and intrusion
prevention systems.
- Operating Systems and systems services (Windows Server,
Linux/Unix, and Active Directory).
- Conduct dynamic web application security testing, both manual
testing and utilizing application security tools to discover
exploitable vulnerabilities.
- Vulnerability Application and database security assessment,
scanning and results interpretation.Additional Experience
- Must be comfortable communicating with system owners, business
sponsors, and IT ops personnel to gather needed information to
update system core ATO documentation.
- Experience developing privacy documentation such as PTAs, PCMs,
and PIAs (desired).
- Must have the ability to multitask. Will be expected to work
with developers and business owners to develop core documentation
for a new system while working with the system owner and
infrastructure/ops teams to update a system in production.
- Must have the ability to communicate effectively both orally
and in writing.Certifications:
- BS in Cybersecurity or related technical field.
- Must possess the following verifiable and current Industry
Certifications or be able to obtain certification within 6 months
of hire date:
- Certified Information Systems Security Professional (CISSP) or
similar type certification.
- Desired certifications:
- ITILv3.
- CASP.
- Project Management Professional (PMP) or Certified Information
Systems Manager (CISM).Clearance: Must possess or be able to obtain
a DOT Public Trust clearance.Pay RateThe projected compensation
range for this position is $130,000 - $150,000. Please note that
the salary information is a general guideline only. Criterion
Systems considers factors such as (but not limited to) scope and
responsibilities of the position, candidate's work experience,
education/training, key skills as well as market and business
considerations when extending an offer.Benefits Offered
- Medical, Dental, Vision, Life Insurance, Short-Term Disability,
Long-Term Disability, 401(k) match, Tuition/Training Assistance,
Parental Leave, Paid Time Off, and Holidays.Criterion Systems, LLC.
and its subsidiaries are committed to equal employment opportunity
and non-discrimination at all levels of our organization. We
believe in treating all applicants and employees fairly and make
employment decisions without regard to any individual's protected
status: race, ethnicity, color, national origin, ancestry,
religion, creed, sex/gender, gender identity/gender expression,
sexual orientation, physical and mental disability,
marital/parental status, pregnancy (including childbirth,
lactation, and related medical conditions), age, genetic
information (including characteristics and testing), military and
veteran status, or any other characteristic protected by law. For
our complete EEO/AA and Pay Transparency statement, please visit
.
#J-18808-Ljbffr
Keywords: Criterion Systems, Inc, Washington DC , Lead Cybersecurity Specialist/Analyst, Professions , Washington, DC
Didn't find what you're looking for? Search again!
Loading more jobs...