Lead Cybersecurity Specialist/Analyst
$130,000 - $150,000/Yr
Criterion Systems - DC, DC
posted 1 day ago
Full-time - Mid Level
Hybrid - DC, DC
Professional, Scientific, and Technical Services
About the position
At Criterion Systems, we developed a different kind of business-a company whose real value is a reputation for excellence built upon the collective skills, talents, perspectives, and backgrounds of its people. By accepting a position with Criterion Systems, you will join a group of professionals with a collaborative mindset where we share ideas and foster professional development to accomplish our goals. In addition to our great culture, we also offer competitive compensation and benefit packages, company-sponsored team building events, and advancement opportunities. To find out more about how Criterion can help you take your career to the next level please visit our website: www.criterion-sys.com. Criterion Systems is a Military/Veteran Friendly Company therefore we encourage Veterans to apply.
Responsibilities
- Develop and maintain MARAD's Information System's core security and privacy documentation, in accordance with each phase of the System Development Life Cycle (SDLC) with standardized templates, baseline management with supporting checklists and technical guides, and policies.
- Work with stakeholders to create or update Privacy Threshold Analyses (PTAs) and other privacy documents, FIPS 199 Security Categorization document, control selection listing, System Security Plan (SSP), Information System Configuration Management Plan, and Account Management Plan.
- Develop information system contingency plans, including Business Impact Analysis (BIA), in accordance with NIST SP 800-34 Revision (Current), Guide to Test, Training and Exercise Programs for Information Technology Plans and Capabilities.
- Ensure contingency plan test exercises results are documented in an after-action report, and Lessons Learned corrective actions are captured for updating information in the Information Systems Contingency Plan (ISCP).
- Develop and maintain Inventory of Information System Interconnections and review, develop/update Interconnection Security Agreements and MOUs in accordance with NIST 800-47.
- Provide security support and evaluation to development teams to develop core and privacy documentation, integrating information assurance/security throughout the System Life Cycle Development of major and minor application releases.
- Support security in the system engineering process, supporting Risk Management Framework (RMF) task(s) in accordance with NIST Special Publication 800-37, and the DOD Risk Management Framework.
- Provide ongoing recommendations for mitigation of all threats and risks affecting the MARAD environment.
- Assist in the mitigation/remediation process, following corrective action plans approved by MARAD leadership.
- Track and evaluate weaknesses, vulnerabilities identified by Nessus and other security scan tools, and provide remediation or corrective actions to improve the MARAD security posture.
- Maintain a current MARAD information system endpoint inventory and ensure inventory accuracy and security tool suites are installed in accordance with approved baseline.
- Support MARAD's SDLC and DevSecOps implementation, maintain architecture diagrams, process and standard operation procedures documentation.
- Assist the System Owner, Information Owner, and ISSM in recording all known security weaknesses of assigned information systems in the Plans of Action and Milestones (POA&M's).
Requirements
- US Citizenship and ability to obtain a public trust.
- At least 6 years total information system and network security experience.
- At least 4 years of experience with the federal government creating and maintaining IT Authorization to Operate (ATO) packages and RMF documentation.
- Bachelor's Degree in relevant field or 4 years of equivalent work experience in lieu of degree.
- Ability to go onsite in DC 2 times a week.
- Experience in maritime/vessel cybersecurity.
- Understanding of IT governance and management in the federal sector.
- Expert level knowledge of Federal Cybersecurity and Privacy Laws, Regulations, Policies, Procedures, and implementation standards.
- Understanding of information assurance, cybersecurity, privacy policies disciplines, methodologies including NIST Risk Management Framework (RMF), NIST Cybersecurity Framework (CSF).
- Understanding of the Federal Government's deployment of Information Security Continuous Monitoring (ISCM).
- Proficient in Microsoft Office products: Word, Excel, PowerPoint, Visio, Teams, Power BI, Tableau, and SharePoint.
- Equivalent of IAM Level III certification in accordance with DoD 8570.01M, such as CISSP or CISM or ability to obtain it within 6 months.
Nice-to-haves
- Experience developing privacy documentation such as PTAs, PCMs, and PIAs.
- Experience with Operational Technology cybersecurity controls and principles.
- Desired certifications: ITILv3, CASP, Project Management Professional (PMP) or Certified Information Systems Manager (CISM).
Benefits
- Medical, Dental, Vision, Life Insurance, Short-Term Disability, Long-Term Disability, 401(k) match, Tuition/Training Assistance, Parental Leave, Paid Time Off, and Holidays.
