Campus Pride Jobs

Criterion Systems is seeking a Senior Information Systems Security Specialist to support our Department of Transportation (DoT) customer.

Duties, Tasks and Responsibilities Once hired the person will provide support in the following areas:

- - Assess the current state of the Cybersecurity Program, identify areas for improvement, and execute approved recommendations. - Working with stakeholders to develop and maintainDOT Modals Information Systems core and privacy documentation, in accordance with each phase of the System Development Life Cycle (SDLC) with standardized templates, baseline management with supporting checklists and technical guides, and policies. - Provide Information system contingency training for personnel with contingency plan responsibilities focusing on familiarizing them with ISCP roles and teaching skills necessary to accomplish their roles in a system recovery capacity. - Provide security support and evaluation to DevOps teams to develop core and privacy documentation, integrating information assurance/security throughout the System Life Cycle Development of major and minor application releases. - Ensure the DOT enterprise information security management system, Cyber Security Assessment and Management (CSAM), accurately contains required information and supporting artifacts. - Assist DOT Modal in recording all known security weaknesses of assigned information systems in the Plans of Action and Milestones (POAandMs) in accordance with DOT policy, guides, and procedures. Develop POAandMs for observed control level deficiencies or gaps control implementation. - Develop and maintain Inventory of Information System Interconnections and review, develop / update Interconnection Security Agreements and MOUs in accordance with NIST 800-47. - Provide Support Security Control Assessments for (ATOs)/Continuous Monitoring. - Support Security Control Assessments for (ATOs)/Continuous Monitoring by providing response/supporting artifacts at the modal/program level to validate the implementation of controls per NIST/DOT requirements as needed. - Audit Support - Provide project support and coordination with functional teams to gather documentation and support draft responses for audits or evaluations. - Provide support, as directed by the DOT Modal Information System Security Manager (ISSM), to FRA Community concerning Cybersecurity policies, processes, and procedures; and - Perform other activities relating to DOT Modals Cybersecurity program as directed by the DOT Modal ISSM

• Continuous Diagnostics and Mitigation (CDM):

  Work with DOT Modal and DOT stake holders to implement a holistic CDM capabilities across the modal footprint.

  1. Analyze threats to identify gaps in current defensive posture.
  2. Ensure DOT Modals CDM capabilities utilize or tie into departmental CDM capabilities and solutions.
  3. Conduct scans and track IOCs and vulnerabilities and communicate those out to DOT and DOT Modal stake holders to include ISSOs, system owners, DOT SOC (when needed), and others.
  4. Configure and execute vulnerability scans enumerating vulnerabilities within DOT Modal FRA internal and external network.
  5. Assist in maintaining a current DOT Modal information system endpoint inventory that will include but is not limited to, all FRA network ranges, assets, groups, and custom groups within the DOTs Continuous Diagnostic and Mitigation (CDM) tool suite i.e. BigFix, Nessus and other. Be able to evaluate endpoints migration to and from the operational environment to ensure inventory accuracy and security tool suites are installed in accordance with the approved baseline.

Required Experience, Education, Skills and Technologies

- - US Citizenship - BS in Cybersecurity or related technical field - Ability to work at least one day a week onsite. - Must have at least 8 years total information system and network security experience. - Expertise in applying standards and guidance from National Institute of Standard Special Publications (NIST SP), Federal Information Processing Standards (FIPS), Federal Information Security Management Act (FISMA), Clinger-Cohen, Patriot Act, Office of Management and Budget (OMB) A-130, and related information system security guidance through ongoing examination and analysis of cybersecurity projects. - Expert level knowledge of Federal Privacy Laws, Regulations, Policies, Procedures, and implementation standards - Must understand the FISMA assessment and accreditation process and have at least 6 years of experience with the federal government creating and maintaining IT Authorization to Operate (ATO) packages for new systems and interfacing/coordinating with the System Owners (SO), Business Sponsors, System Maintainers, and Developers. - Experience with FedRAMP and security analysis of security controls for systems in the cloud. - Proficiency with enterprise cybersecurity tools such as: BigFix, Invicti, and Tenable Security Center. - Expertise in detecting, mitigating, and troubleshooting security threats to network infrastructure, verifying vulnerability mitigation, and managing security assessments. - Expertise in assessing current and emerging technologies, platforms, and applications to help ensure greater security and efficiencies. - Must be familiar with CDM capabilities (Network asset management, Identity and Access Management, Network Security Management, Data Protection Management), the tools that support them and how they are deployed within an enterprise. - Expert level experience with conducting dynamic web application security testing and database security assessment, scanning and results interpretation. - Expert level experience with enterprise security architecture methodologies, concepts, procedures, principles, and tools. - Understanding of the principles and security impacts of: - Domain structures - Network protocols, user authentication, digital signatures, network firewalls, network intrusion detection systems, and intrusion prevention systems. - Operating Systems and systems services (Windows Server, Linux/ Unix and Active Directory) - Must have 3 years of experience in contingency planning and backup and recovery best practices and application of NIST guidance in this area. This includes tabletop and functional tests. - Ability to work with customers to assess needs, resolve problems, satisfy expectations; knows products and services. - Understanding of the principles, methods, and tools of quality assurance and quality control used to ensure a product fulfills functional requirements and standards. - Ability to plan, execute and develop report for application, network (internal or external) vulnerability analysis and provides technical recommendations to maintain and improve mission functionality. - Ability to use security control and privacy control findings and status from assessment and develop POAandM for controls that should be put in place to remediate vulnerabilities. - Proficient in Microsoft Office products: Word, Excel, PowerPoint, Visio, Teams, Tableau, and SharePoint.

Security Clearance Level

• Public Trust

Certification

Must possess the following verifiable and current Cybersecurity-related certifications.

At least one:Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Authorization Professional (CAP) or CompTIA Advanced Securi