Security Auditor (partially remote)

Remote


At Criterion Systems, we developed a different kind of business—a company whose real value is a reputation for excellence built upon the collective skills, talents, perspectives, and backgrounds of its people. By accepting a position with Criterion Systems, you will join a group of professionals with a collaborative mindset where we share ideas and foster professional development to accomplish our goals. In addition to our great culture, we also offer competitive compensation and benefit packages, company-sponsored team building events, and advancement opportunities. To find out more about how Criterion can help you take your career to the next level please visit our website: www.criterion-sys.com.
 
Our staff provides cyber security support to the Department of Energy National Nuclear Security Administration.

Criterion Systems is seeking to hire a Security Auditor to support a government customer remotely for about 75% of the time and then travel the other 25% to onsite customer locations. The Security Auditor will provide support to the Department of Energy (DOE)/National Nuclear Security Administration (NNSA) contract and report to the Assessment Team Manager. The Security Auditor will assess systems using criteria defined by national policy and provide written reports on deficiencies and strengths in a site’s cyber security program for both classified and unclassified networks. Along with written communications, the Security Auditor must be able to effectively communicate verbally to an array of personnel within the site’s organizational structure.
 
Security Auditor responsibilities include:
•  A minimum of 25% travel to locations within the continental US.
•  Assess security controls using various techniques on information systems and compare results against national policy and local policy for deficiencies or best practices
•  Review core documentation provided by sites and compare with activities conducted in the field for deficiencies
•  Interview site personnel about site policies and operational activities
•  Effectively communicate assessment results to varying levels of site personnel
•  Produce written reports of assessment activities by deadline dates
•  Continuous process improvement and updating of policies and procedures

REQUIRED QUALIFICATIONS

  • US Citizenship
  • Active Department of Energy (DOE) “Q” Clearance OR Top Secret Security Clearance OR Secret with an SSBI investigation OR the ability to obtain a clearance
  • Bachelor’s degree or 4 years of working experience can be substituted for degree
  • Five (5+) years working in a cyber security operational role supporting cyber security activities in a mix of the following areas: 
  • -  Application development and security (preferred)
    -  Incident response
       -  Risk management Framework
          -  Continuous monitoring
         -  Vulnerability and patch management
         -  Network Monitoring or Intrusion Detection Systems
         -  Contingency Planning and Disaster Recovery
         -  Self-Assessment Activities
        -  Configuration Management
    •  Experience working with a mix of the following or similar type products: 
         -  Tenable Security Center or Nessus Professional 
         -  Cloud Solutions
         -  Core Impact Metasploit Pro
         -  Splunk
         -  Kali Distribution 
         -  Archer
    •  Ability to deal with adversarial situations with good communication and personal skills
    •  Ability to write technical reports for senior management on assessment activities
    •  Ability to work independently and with a team to meet strict deadlines
    •  Impeccable professionalism and adherence to security policies
    •  Knowledge of national policy documents 
         -  NNSA Policy (specifically supplemental directive)
         -  NIST SP 800-53
         -  DOD STIGs 
         -  FEDRAMP
    •  Familiarity with the following technologies:
         -  *NIX operating systems
         -  Windows Operating Systems
         -  Network Infrastructure devices such as
              o  Switches
              o  Routers
              o  Firewalls
              o  Proxy Servers
         -  Virtualization infrastructure
         -  Wireless technologies and hardware
    •  Candidate must be able to meet physical requirements of position such as climbing a ladder or squatting to evaluate technical equipment

DESIRED QUALIFICATIONS

  • One of the following: CEH, CYSA+ (formerly known as CSA+), CISA, GSNA, or CISSP
  • Penetration (Red Team) experience
  • DISA CCRI Certifications for: 
  •      -  Unix 
         -  Windows
         -  Network
         -  Traditional/Physical

Criterion Systems is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit https://criterion-sys.com/careers.


Benefits

Health

Criterion offers comprehensive health benefits including medical, dental, vision, life and disability insurance. Most of our plans are available at no cost for employee only coverage.

Time Off

Employees begin accruing PTO at 15 days per year and acquire more based on seniority. In addition to PTO, Criterion provides 10 holidays and bereavement, military, jury duty, and family medical leave.

Financial

  • Roth and Traditional 401(k) Plans with company matching contributions
  • Health Care and Dependent Care Flexible Spending Accounts
  • Health Savings Accounts
  • Commuter Benefits

Educational

All employees are eligible to use up to $3,000 annually for approved professional development, including trainings, memberships, seminars, and degree programs.

Employee Testimonials

Pets of Criterion

We love our furry friends!

Equal Employment Opportunity and Affirmative Action Employer

Criterion Systems, Inc. is committed to equal employment opportunity and non-discrimination at all levels of our organization. We believe in treating all applicants and employees fairly and make decisions without regard to an individual’s protected status: race/ethnicity, color, national origin, ancestry, sex/gender, gender identity/expression, sexual orientation, marital/parental status, pregnancy/childbirth or related conditions, religion, creed, age, disability, genetic information, veteran status, or any other protected status.

Know Your Rights

Applicants have rights under Federal Employment Laws: Family and Medical Leave Act | Equal Employment Opportunity | Employee Polygraph Protection Act. Criterion participates in E-Verify. Review Right to Work information.

Need an Accommodation?

Criterion is committed to Equal Employment Opportunity and providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for a position with Criterion and need special assistance or an accommodation to apply, please send an email with your request to recruiting@criterion-sys.com or call us at 703-942-5800. Determination on requests for reasonable accommodation are made on a case-by-case basis.