Required Experience, Education, Skills & Technologies
- US Citizenship and ability to obtain a public trust
- Must have at least 8 years total information system and network security experience.
- Must have at least 6 years of experience with the federal government creating and maintaining IT Authorization to Operate (ATO) packages and RMF documentation for operational systems and interfacing/coordinating with the System Owners (SO), Business Owners, System Maintainers, and Developers.
- Bachelor’s Degree in relevant field or 4 years of equivalent work experience in lieu of degree
- Have the ability to go onsite in DC 2 times a week.
- Experience in maritime/vessel cybersecurity. Specifically, an understanding of marine operations and IT methods, techniques, and practices sufficient to select, recognize, adapt, and apply shipboard principles and practices
- Understanding of IT governance and management in the federal sector
- Expert level knowledge of Federal Cybersecurity and Privacy Laws, Regulations, Policies, Procedures, and implementation standards
- Understanding of information assurance, cybersecurity, privacy policies disciplines, methodologies including but not limited to National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), NIST Cybersecurity Framework (CSF)
- Understand the Federal Government's deployment of Information Security Continuous Monitoring (ISCM), the Continuous Diagnostics and Mitigation (CDM) Program, organizational phases and technologies.
- Ensure the DOT enterprise information security management system, Cyber Security Assessment and Management (CSAM), accurately contains required information and supporting artifacts.
- Provide project support and coordination with functional teams to gather documentation and support draft responses for audits or evaluations.
- Understanding of Identity, Credential and Access Management (ICAM) implementation.
- Ability to work with customers to assess needs, provide assistance, resolve problems, satisfy expectations; knows products and services.
- Understanding of the principles, methods, or tools for developing, scheduling, coordinating, and managing projects and resources, including monitoring work, and performance.
- Understanding of the principles, methods, and tools of quality assurance and quality control used to ensure a product fulfills functional requirements and standards.
- Proficient in Microsoft Office products: Word, Excel, PowerPoint, Visio, Teams, Power BI, Tableau, and SharePoint.
- Experience with managing Federal contracts projects and must have the ability to communicate effectively both orally and in writing
- Equivalent of IAM Level III certification in accordance with DoD 8570.01M, such as CISSP or CISM or ability to obtain it within 6 months
- Experience with Operational Technology cybersecurity controls and principles
- Ability to perform risk assessment and risk management
- Understand domain structures, network protocols, user authentication, digital signatures, firewall and security best practices.
- Ability and expertise to provide guidance in the design of new application and database configurations and connectivity.
- Ability to administer cybersecurity systems and provide technical recommendation to maintain and improve mission functionality.
- Ability to plan, execute and develop report for application, network (internal or external) vulnerability analysis and provides technical recommendations to maintain and improve mission functionality.
- Understand the FISMA assessment and accreditation process.
- Understand the DOD Risk Management Framework and Reporting process.
- Understanding of the principles and methods to configure and /or administer:
- Network devices security devices such as network firewall, data loss prevention, network intrusion detection systems, and intrusion prevention systems.
- Operating Systems and systems services (Windows Server, Linux/ Unix, and Active Directory)
- Conduct dynamic web application security testing, both manual testing and utilizing application security tools to discover exploitable vulnerabilities.
- Vulnerability Application and database security assessment, scanning and results interpretation.
Additional Experience
- Must be comfortable communicating with system owners, business sponsors, and IT ops personnel to gather needed information to update system core ATO documentation.
- Experience developing privacy documentation such as PTAs, PCMs, and PIAs (desired)
- Must have the ability to multitask. Will be expected to work with developers and business owners to develop core documentation for a new system while working with the system owner and infrastructure/ops teams to update a system in production.
- Must have the ability to communicate effectively both orally and in writing.
Certifications:
- BS in Cybersecurity or related technical field
- Must possess the following verifiable and current Industry Certifications or be able to obtain certification within 6 months of hire date:
- Certified Information Systems Security Professional (CISSP) or similar type certification
- Desired certifications:
- ITILv3
- Project Management Professional (PMP) or Certified Information Systems Manager (CISM)
Clearance: Must possess or be able to obtain a DOT Public Trust clearance
Benefits Offered
- Medical, Dental, Vision, Life Insurance, Short-Term Disability, Long-Term Disability, 401(k) match, Tuition/Training Assistance, Parental Leave, Paid Time Off, and Holidays.
Criterion Systems, LLC. and its subsidiaries are committed to equal employment opportunity and non-discrimination at all levels of our organization. We believe in treating all applicants and employees fairly and make employment decisions without regard to any individual’s protected status: race, ethnicity, color, national origin, ancestry, religion, creed, sex/gender, gender identity/gender expression, sexual orientation, physical and mental disability, marital/parental status, pregnancy (including childbirth, lactation, and related medical conditions), age, genetic information (including characteristics and testing), military and veteran status, or any other characteristic protected by law.