ISSE (Information Systems Security Engineer)

Overview

At Criterion Systems, we developed a different kind of business—a company whose real value is a reputation for excellence built upon the collective skills, talents, perspectives, and backgrounds of its people. By accepting a position with Criterion Systems, you will join a group of professionals with a collaborative mindset where we share ideas and foster professional development to accomplish our goals. In addition to our great culture, we also offer competitive compensation and benefit packages, company-sponsored team building events, and advancement opportunities. To find out more about how Criterion can help you take your career to the next level please visit our website: www.criterion-sys.com. Criterion Systems is a Military/Veteran Friendly Company therefore we encourage Veterans to apply.

Responsibilities

We are seeking to hire an Information Systems Security Engineer (ISSE) to support our DOE customer in Las Vegas, Nevada. 

The primary responsibilities of the position are to utilize and configure existing cybersecurity tools to perform the monitoring, analysis, correlation and reporting of cybersecurity issues and incidents.   

Other responsibilities are to provide guidance and recommendations for new tools based on changes in threats, architecture, technological advances, or organization mission; implementation of new tools and modifications to architecture; updates, maintenance, and monitoring of cyber security tools; analyze changes, events, and other potential incidents for risk to the environment; event analysis, incident determination, and incident management.  This security engineer reports directly to leadership; must have strong verbal and written communication skills for presentations related to activities. 

Qualifications

Required Experience, Education, Skills & Technologies 

• US Citizenship (no dual citizenship permitted) 
• A bachelor’s degree from an accredited college or university emphasizing information systems management and/or security arena. Four years of technical work experience may be substituted for education requirements. One year of higher education can be substituted for one year of technical experience. 
• Five (5) years of related work experience with a preference in experience applying techniques used by cyber security personnel. 
• Strong system administration experience with Windows and Linux 
• Demonstrated capability to identify security risks throughout information system network structures to include the Operating Systems, hardware, and various data transfer protocols. 
• Experience with Security Information and Event Management tools, Log Management and Correlation tools, and Anti-virus/anti-malware tools.  
• Effective communication and presentation skills (i.e., ability to present ideas effectively in formal and informal situations in group and individual settings).   
• Strong planning, organizational, and time management skills (i.e., ability to effectively plan, organize, and prioritize work, and to control and follow up to assure work completion).  
• Demonstrated initiative (i.e. initiate appropriate action without being directed) and ability to work independently. 
• Strong interpersonal skills (e.g., ability to work effectively on teams, communicate effectively, work/interact effectively and amicably with people from diverse backgrounds and cultures and with diverse personal attributes). 
• Prior experience with web application scanning

Preferred Experience, Education, Skills & Technologies 

• Experience with forensics a plus 
• Experience with implementing, monitoring and maintaining the following technologies is preferred: 

• Windows Server Operating Systems 
• Red Hat Enterprise Linux 
• Tenable Security Center (Tenable.sc)/ACAS 
• Tripwire 
• Splunk 
• RedSeal 
• Qmulos/QAudit 
• BurpSuite 
• Qualys 
• Invicti
• HP WebInspect  
• CrowdStrike 
• Tanium 
• McAfee ePO 
• SourceFire IPS 

• Strong understanding of ACAS Guidance or configuration of Tenable.sc for refining scan processes and enabling credentialed scanning across various operating system types. 
• Strong understanding of DISA STIG's, NIST 800-53 Controls, developing or applying hardening guidelines 
• Experience with SCAP Tools and Configuration Control reviews and assessment 

• Ability to write Standard Operating Procedures "SOP’’ and train personnel. 
• Comfortable with Splunk queries and Splunk Dashboards to investigate anomalous activity or identify and troubleshoot issues. 
• Familiarity with eGRC Tools and Assessment and Authorization (A&A) 

Security Clearance Level 

• Ability to obtain a clearance OR an Active Top Secret Clearance, SSBI (Single Scope Background Investigation) with the ability to upgrade to a Department of Energy (DOE) "Q" Clearance, OR an active Q  (preference will be made for those candidates that have an active clearance). 

Work Schedule 

• On-site daily in Las Vegas, Nevada 

Benefits Offered 

• Medical, Dental, Vision, Life Insurance, Short-Term Disability, Long-Term Disability, 401(k) match, Tuition/Training Assistance, Parental Leave, Paid Time Off, and Holidays.  

Criterion Systems, LLC and its subsidiaries are committed to equal employment opportunity and non-discrimination at all levels of our organization. We believe in treating all applicants and employees fairly and make employment decisions without regard to any individual’s protected status:  race, ethnicity, color, national origin, ancestry, religion, creed, sex/gender, gender identity/gender expression, sexual orientation, physical and mental disability, marital/parental status, pregnancy (including childbirth, lactation, and related medical conditions), age, genetic information (including characteristics and testing), military and veteran status, or any other characteristic protected by law. For our complete EEO/AA and Pay Transparency statement, please visit https://careers-criterion-sys.icims.com/.