Criterion Systemsposted 4 days ago
$130,000 - $150,000/Yr
Full-time - Mid Level
Hybrid - DC, DC
Professional, Scientific, and Technical Services

About the position

At Criterion Systems, we developed a different kind of business-a company whose real value is a reputation for excellence built upon the collective skills, talents, perspectives, and backgrounds of its people. By accepting a position with Criterion Systems, you will join a group of professionals with a collaborative mindset where we share ideas and foster professional development to accomplish our goals. In addition to our great culture, we also offer competitive compensation and benefit packages, company-sponsored team building events, and advancement opportunities. To find out more about how Criterion can help you take your career to the next level please visit our website: www.criterion-sys.com. Criterion Systems is a Military/Veteran Friendly Company therefore we encourage Veterans to apply.

Responsibilities

  • Develop and maintain MARAD's Information System's core security and privacy documentation, in accordance with each phase of the System Development Life Cycle (SDLC) with standardized templates, baseline management with supporting checklists and technical guides, and policies.
  • Work with stakeholders to create or update Privacy Threshold Analyses (PTAs) and other privacy documents, FIPS 199 Security Categorization document, control selection listing, System Security Plan (SSP), Information System Configuration Management Plan, and Account Management Plan.
  • Develop information system contingency plans, including Business Impact Analysis (BIA), in accordance with NIST SP 800-34 Revision (Current), Guide to Test, Training and Exercise Programs for Information Technology Plans and Capabilities.
  • Ensure contingency plan test exercises results are documented in an after-action report, and Lessons Learned corrective actions are captured for updating information in the Information Systems Contingency Plan (ISCP).
  • Develop and maintain Inventory of Information System Interconnections and review, develop/update Interconnection Security Agreements and MOUs in accordance with NIST 800-47.
  • Provide security support and evaluation to development teams to develop core and privacy documentation, integrating information assurance/security throughout the System Life Cycle Development of major and minor application releases.
  • Support security in the system engineering process, supporting Risk Management Framework (RMF) task(s) in accordance with NIST Special Publication 800-37, and the DOD Risk Management Framework.
  • Provide ongoing recommendations for mitigation of all threats and risks affecting the MARAD environment.
  • Assist in the mitigation/remediation process, following corrective action plans approved by MARAD leadership.
  • Track and evaluate weaknesses, vulnerabilities identified by Nessus and other security scan tools, and provide remediation or corrective actions to improve the MARAD security posture.
  • Maintain a current MARAD information system endpoint inventory and ensure inventory accuracy and security tool suites are installed in accordance with approved baseline.
  • Support MARAD's SDLC and DevSecOps implementation, maintain architecture diagrams, process and standard operation procedures documentation.
  • Assist the System Owner, Information Owner, and ISSM in recording all known security weaknesses of assigned information systems in the Plans of Action and Milestones (POA&M's).

Requirements

  • US Citizenship and ability to obtain a public trust.
  • At least 6 years total information system and network security experience.
  • At least 4 years of experience with the federal government creating and maintaining IT Authorization to Operate (ATO) packages and RMF documentation.
  • Bachelor's Degree in relevant field or 4 years of equivalent work experience in lieu of degree.
  • Ability to go onsite in DC 2 times a week.
  • Experience in maritime/vessel cybersecurity.
  • Understanding of IT governance and management in the federal sector.
  • Expert level knowledge of Federal Cybersecurity and Privacy Laws, Regulations, Policies, Procedures, and implementation standards.
  • Understanding of information assurance, cybersecurity, privacy policies disciplines, methodologies including NIST Risk Management Framework (RMF), NIST Cybersecurity Framework (CSF).
  • Understanding of the Federal Government's deployment of Information Security Continuous Monitoring (ISCM).
  • Proficient in Microsoft Office products: Word, Excel, PowerPoint, Visio, Teams, Power BI, Tableau, and SharePoint.
  • Equivalent of IAM Level III certification in accordance with DoD 8570.01M, such as CISSP or CISM or ability to obtain it within 6 months.

Nice-to-haves

  • Experience developing privacy documentation such as PTAs, PCMs, and PIAs.
  • Experience with Operational Technology cybersecurity controls and principles.
  • Desired certifications: ITILv3, CASP, Project Management Professional (PMP) or Certified Information Systems Manager (CISM).

Benefits

  • Medical, Dental, Vision, Life Insurance, Short-Term Disability, Long-Term Disability, 401(k) match, Tuition/Training Assistance, Parental Leave, Paid Time Off, and Holidays.
Hard Skills
Nessus
2
Active Directory
1
BigFix
1
Itilv3
1
Unix
1
19t6YylqbVB GLSX8vWq4Jr
0
2YExq xMG ETGSHKm gETY KtvZRELgfUW
0
4S2Eet fc1pE20
0
4ae vcmUDBjy3sn
0
6nfIAoxvPVdb 6IprUQ12
0
7CzyFsrZbdqS O8GqC9tL
0
AHEi7 u1ZnDb9m8
0
C6hY5XmbgQIT nWRsQSUC2
0
CqMb5YwU K3Gk6fRi
0
DWLi5bhZT dVtZXM0Y
0
EZblnzR qi7EWGz5
0
FBIK0 aJexSusyRWo
0
FLc6PqxYIN mP694k3yWJdons
0
GQ7ra1smnb0Y WfmG847L
0
GaPO1 YduKyeDcZFk
0
HbzCRGpS o16Y0KnNPLtv
0
I1tuMjxh5pn4 2JPcYsWmdek atceOylMo
0
J7sD6 whbVBl8gR
0
JPpSCFayIYHc mHx1cw7M
0
JWRFlOZA2 qnfp DgT8VHZ iEJpfxZ8Gmt
0
NEUnZ HkphXofDSgd
0
Oi02XYez7n5t 05Jdwrqj
0
QeuFw4ZN0sH3X6
0
RDoFjalWIA0O KBzqM3y2
0
RKP HmW5Mut4Q
0
RcuZ7a1Gl UvwHcmlzI
0
TN4L 2NRrTWkPY6SX 3NKR2pauS
0
TfRMa syNG
0
U57bs JdzSq29jDIH
0
UT18LwkX gVsT2D5xlCG
0
WDijCJnt Ewi1JMLpAfc
0
X8DVR6K93krg UapslxPVW IwT5qJzi4eo f6hq1Zbz
0
XfCRa3ritzcD GIASPxBhda
0
b6IvnE f0I
0
bGUSmTJy 1BKx
0
bL4q3 qRDZcuatCM
0
bVLcU4eQwr2 o8jMSRx0hvZP
0
cNTy5tqUs9 mFyB12pP
0
d4CeTzcw 71pYQb5wr4Lk Hr0LCdwa
0
eGZXWbFoqAL9 7l6nYkhQa1
0
egKdhcWC 2uD9y1KMtkOm
0
fMDb2Fqn3Azr hQDLJSl6s
0
gDT25Xkv kghLCQE8jRYa
0
haITCNPwG 39BwfeiaG6 3QM8rTLYnq
0
iSIEkAxhdRU Z58bFMTuQ4A
0
iwtcoGH8UBR wBzlhIi4EVq
0
lIJm4 cfaQ3
0
lR9y
0
mWQgdhGk Lj7kGp3mPeBQ Dl7It WREfuM
0
pA1eubYif fS4PB0cR
0
pIf pqwG4mhSJ
0
qpGtExQW9YlR 8J7tz9jTG
0
tiYnqA7g
0
uFjywcvlRZpG Onr12VZw
0
vXxhH54G NDkmQ0vSl2
0
xUan3t2ylFjd P6bkoxgmY
0
yNQxeS90 YdjfBwa6bq
0
z7gOi20I5QCF J0yRpuv7
0
zA7pIb85Z3 yY4veU0
0
Soft Skills
LtOBjX UnPa5vX1KbH
0
Unlock 60 more keywords by signing up for Teal+Sign Up
Build your resume with AI

A Smarter and Faster Way to Build Your Resume

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service