Criterion Systems, Inc. - Application Security Administrator
Overview:
At Criterion Systems, we developed a different kind of business—a company whose real value is a reputation for excellence built upon the collective skills, talents, perspectives, and backgrounds of its people. By accepting a position with Criterion Systems, you will join a group of professionals with a collaborative mindset where we share ideas and foster professional development to accomplish our goals. In addition to our great culture, we also offer competitive compensation and benefit packages, company-sponsored team building events, and advancement opportunities. To find out more about how Criterion can help you take your career to the next level please visit our website: www.criterion-sys.com.
Responsibilities: Criterion Systems is seeking a Data Security Analyst/Administrator to be part of a newly awarded contract. You will work with a dynamic team of professionals that are responsible for providing Cybersecurity support.
As an Application Security Administrator you will secure, monitor, and sustain the continuous security of our customer’s cloud based applications.
This includes:
- Automated code analysis
- Run scans and interpret results
- Enforce secure code scanning and analysis standards across the development pipeline
- Review, track, and audit findings and mitigations at planned cycles of the CI /CD, which may entail updating rules, plugins, and scan policies to exclude (suppress) false positive
- Review and validate security findings / code vulnerabilities, which incorporate open-source intelligence (OSINT) searches, cyber threat feeds to provide additional context for vulnerability reports
- Validate false positives
- Perform auditing for compliance to timely mitigation of security vulnerabilities
- Executing cloud application security monitoring
- Monitoring and assessing application security practices and controls:
- Review vendor health check/security assessment results
- Review application security policy settings/configurations and updates
- Monitor and report on progress of remediation activities
- Monitor and assess identity, credential, and access management (ICAM) practices and controls in accordance with current approved practices; recommend improvements as necessary
- For applications which allow for IP controlled access, review/validate IP range accesses (network access management controls)
- Enhancing vulnerability management practices to:
- Incorporate cyber threat intelligence into vulnerability reporting for cloud applications including patch status, CVE monitoring, plan of action and milestones (POA&M) status, code reviews, and OSINT
- Develop action plans based on threat data and track remediation
- Monitoring and assessing data protection practices and controls including:
- Review policies for data management, data access, data retention, data segmentation, and classification; validate execution of policies in accordance with approved plans
- Review data encryption plan and implementation
- Track SSL certificates and ensure they are updated prior to expiration
- Review data encryption changes
- Validate access to encrypted data is limited and review changes
- Audit encryption policy settings
- Monitoring and reporting on progress of remediation activities
- Adjusting monitoring practices as necessary to align to changes in use or functionality of application being monitored
- Auditing privileged and elevated access accounts
Qualifications:
Minimum Qualifications and Experience:
- BA/BS Degree in Information Technology, Cybersecurity, or a related field (6 years additional experience may be substituted for a degree)
- A minimum of 4-7 years experience
- U.S. Citizenship is required
- Must have an active TS/SCI clearance
- Experience performing automated code analysis
- Experience performing application security monitoring
- Excellent verbal and written communication skills
- Security+ CE or equivalent certification
Criterion Systems, Inc. is committed to equal employment opportunity and non-discrimination at all levels of our organization. We believe in treating all applicants and employees fairly and make employment decisions without regard to any individual’s protected status: race, ethnicity, color, national origin, ancestry, religion, creed, sex/gender, gender identity/gender expression, sexual orientation, physical and mental disability, marital/parental status, pregnancy (including childbirth, lactation, and related medical conditions), age, genetic information (including characteristics and testing), military and veteran status, or any other characteristic protected by law. For our complete EEO/AA and Pay Transparency statement, please visit https://careers-criterion-sys.icims.com/.
Apply: here