Required Experience, Education, Skills & Technologies
- US Citizenship and ability to obtain a public trust
- Must have at least 6 years total information system and network security experience.
- Must have at least 4 years of experience with the federal government creating and maintaining IT Authorization to Operate (ATO) packages and RMF documentation for operational systems and interfacing/coordinating with the System Owners (SO), Business Owners, System Maintainers, and Developers.
- Bachelor’s Degree in relevant field or 4 years of equivalent work experience in lieu of degree
- Have the ability to go onsite in DC 2 times a week.
- Experience in maritime/vessel cybersecurity. Specifically, an understanding of marine operations and IT methods, techniques, and practices sufficient to select, recognize, adapt, and apply shipboard principles and practices
- Understanding of IT governance and management in the federal sector
- Expert level knowledge of Federal Cybersecurity and Privacy Laws, Regulations, Policies, Procedures, and implementation standards
- Understanding of information assurance, cybersecurity, privacy policies disciplines, methodologies including but not limited to National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), NIST Cybersecurity Framework (CSF)
- Understand the Federal Government's deployment of Information Security Continuous Monitoring (ISCM), the Continuous Diagnostics and Mitigation (CDM) Program, organizational phases and technologies.
- Ensure the DOT enterprise information security management system, Cyber Security Assessment and Management (CSAM), accurately contains required information and supporting artifacts.
- Provide project support and coordination with functional teams to gather documentation and support draft responses for audits or evaluations.
- Understanding of Identity, Credential and Access Management (ICAM) implementation.
- Ability to work with customers to assess needs, provide assistance, resolve problems, satisfy expectations; knows products and services.
- Understanding of the principles, methods, or tools for developing, scheduling, coordinating, and managing projects and resources, including monitoring work, and performance.
- Understanding of the principles, methods, and tools of quality assurance and quality control used to ensure a product fulfills functional requirements and standards.
- Proficient in Microsoft Office products: Word, Excel, PowerPoint, Visio, Teams, Power BI, Tableau, and SharePoint.
- Experience with managing Federal contracts projects and must have the ability to communicate effectively both orally and in writing
- Equivalent of IAM Level III certification in accordance with DoD 8570.01M, such as CISSP or CISM or ability to obtain it within 6 months
- Experience with Operational Technology cybersecurity controls and principles
- Ability to perform risk assessment and risk management
- Understand domain structures, network protocols, user authentication, digital signatures, firewall and security best practices.
- Ability and expertise to provide guidance in the design of new application and database configurations and connectivity.
- Ability to administer cybersecurity systems and provide technical recommendation to maintain and improve mission functionality.
- Ability to plan, execute and develop report for application, network (internal or external) vulnerability analysis and provides technical recommendations to maintain and improve mission functionality.
- Understand the FISMA assessment and accreditation process.
- Understand the DOD Risk Management Framework and Reporting process.
-
Understanding of the principles and methods to configure and /or administer:
- Network devices security devices such as network firewall, data loss prevention, network intrusion detection systems, and intrusion prevention systems.
- Operating Systems and systems services (Windows Server, Linux/ Unix, and Active Directory)
- Conduct dynamic web application security testing, both manual testing and utilizing application security tools to discover exploitable vulnerabilities.
- Vulnerability Application and database security assessment, scanning and results interpretation.
Additional Experience
- Must be comfortable communicating with system owners, business sponsors, and IT ops personnel to gather needed information to update system core ATO documentation.
- Experience developing privacy documentation such as PTAs, PCMs, and PIAs (desired)
- Must have the ability to multitask. Will be expected to work with developers and business owners to develop core documentation for a new system while working with the system owner and infrastructure/ops teams to update a system in production.
- Must have the ability to communicate effectively both orally and in writing.
Certifications:
- BS in Cybersecurity or related technical field
- Must possess the following verifiable and current Industry Certifications or be able to obtain certification within 6 months of hire date:
- Certified Information Systems Security Professional (CISSP) or similar type certification
- Desired certifications:
- ITILv3
- CASP
- Project Management Professional (PMP) or Certified Information Systems Manager (CISM)
Clearance: Must possess or be able to obtain a DOT Public Trust clearance
Benefits Offered
- Medical, Dental, Vision, Life Insurance, Short-Term Disability, Long-Term Disability, 401(k) match, Tuition/Training Assistance, Parental Leave, Paid Time Off, and Holidays.
Criterion Systems, LLC. and its subsidiaries are committed to equal employment opportunity and non-discrimination at all levels of our organization. We believe in treating all applicants and employees fairly and make employment decisions without regard to any individual’s protected status: race, ethnicity, color, national origin, ancestry, religion, creed, sex/gender, gender identity/gender expression, sexual orientation, physical and mental disability, marital/parental status, pregnancy (including childbirth, lactation, and related medical conditions), age, genetic information (including characteristics and testing), military and veteran status, or any other characteristic protected by law. For our complete EEO/AA and Pay Transparency statement, please visit https://careers-criterion-sys.icims.com/.