Criterion Systems, Inc.

Lead Information Assurance Analyst

Job Locations US-DC-Washington, DC
ID
2021-1974
Category
Information Technology
Type
Regular Full-Time

Overview

At Criterion Systems, we developed a different kind of business—a company whose real value is a reputation for excellence built upon the collective skills, talents, perspectives, and backgrounds of its people. By accepting a position with Criterion Systems, you will join a group of professionals with a collaborative mindset where we share ideas and foster professional development to accomplish our goals. In addition to our great culture, we also offer competitive compensation and benefit packages, company-sponsored team building events, and advancement opportunities. To find out more about how Criterion can help you take your career to the next level please visit our website:www.criterion-sys.com.

Responsibilities

The individual shall provide cyber security expertise and assist in the following areas, this will include but is not limited to, incident handling, vulnerability detection and remediation strategies, insecure application development techniques, cloud environments and services. 

  • The individual shall support the security portion of the Federal Highway Administration’s (FHWA’s) DevSecOps implementation to include architecture diagrams, process and SOP documentation, and the integration and management of static code vulnerability scanners into the process.
  • The individual shall maintain a current inventory that will include but is not limited to, all FHWA network ranges, assets, groups, and custom groups within the DOT CDM BigFix tool.
  • The individual shall provide Information Assurance support for operations, business and administrative such as: planning, organizing, managing, coordinating, and tracking (e.g., report management, cost/schedule/performance measurement, risk management, data management).
  • The individual shall maintain FHWA core system documentation, via standardized templates, technical guides and baseline management with supporting checklists. This will include but is not limited to the FHWA Cybersecurity Handbook and the FHWA Continuous Monitoring Risk Management Plan (CMRMP).
  • The individual shall provide project support and coordination with functional teams to gather documentation and draft responses for all audits or evaluations activities (i.e., FISMA, CFO, Office of Inspector General (OIG), General Accounting Office (GAO) audits, and other audits by OIG and DOT suspense dates).
  • The individual shall provide assistance support, track and report on any OIG or GAO audit identified Notice of Findings and Recommendations (NFR), data calls and other inquiries as directed.
  • The individual shall provide programmatic assistance and guidance to system owners, as requested.
  • The individual shall execute information system contingency plan testing in accordance with NIST SP 800-34 Revision (Current), Guide to Test, Training and Exercise Programs for Information Technology Plans and Capabilities, and ensure results are documented in an after-action report, and Lessons Learned corrective actions are captured for updating information in the ISCP.
  • The individual shall provide information system contingency training for personnel with contingency plan responsibilities focusing on familiarizing them with ISCP roles and teaching skills necessary to accomplish their roles in a system recovery capacity.

Qualifications

  • 5-8 years of relevant work experience
  • Bachelor’s Degree in relevant field or equivalent work experience in lieu of degree
  • Understanding of information assurance, cybersecurity, privacy policies disciplines, methodologies.
  • Understanding of Federal Information Security Modernization Act 2014 (FISMA)
  • Understanding of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)
  • Understanding of GSA FedRamp
  • Understanding of current Cloud Service technologies
  • Understanding of application development concepts and technologies with an emphasis on dynamic and static code application scanning tools, their outputs, and knowledge of remediation actions as listed in reports.

 

 

Criterion Systems, Inc. and its subsidiaries are committed to equal employment opportunity and non-discrimination at all levels of our organization.  We believe in treating all applicants and employees fairly and make employment decisions without regard to any individual’s protected status:  race, ethnicity, color, national origin, ancestry, religion, creed, sex/gender, gender identity/gender expression, sexual orientation, physical and mental disability, marital/parental status, pregnancy (including childbirth, lactation, and related medical conditions), age, genetic information (including characteristics and testing), military and veteran status, or any other characteristic protected by law. For our complete EEO/AA and Pay Transparency statement, please visit https://careers-criterion-sys.icims.com/.

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed