Security Configuration Management Lead
Criterion Systems is seeking an experienced Security Configuration Management Lead to manage and optimize security configuration management (SCM) processes at the U.S. National Science Foundation (NSF). This role involves coordinating across teams to ensure NSF systems remain secure, compliant with federal regulations, and align with cybersecurity best practices. This position will report to the Cybersecurity Oversight and Compliance Team Lead.
The ideal candidate will have a strong background in IT security, configuration management, and federal environments, with expertise in customizing Security Technical Implementation Guides (STIGs) and Center for Internet Security (CIS) benchmarks using NASL (Nessus Attack Scripting Language) for integration with Tenable.sc and Nessus.
Key Responsibilities:
- Lead enterprise Secure Configuration Management in alignment with NIST, DHS/CISA, and OMB requirements.
- Configure, manage, and optimize credentialed scans in Tenable Security Center (Dev environment) for OS, databases, network devices, applications, and cloud‑hosted systems.
- Customize and maintain DISA STIG and CIS audit files to align with NSF‑approved baselines and documented deviations.
- Validate findings, reduce false positives, and coordinate remediation with system owners and administrators.
- Develop, maintain, and govern secure configuration baselines for Windows, Linux, databases, network devices, and cloud platforms.
- Support RMF activities and control assessments for CM and RA domains (e.g., CM‑2, CM‑6, RA‑
- Produce metrics, dashboards, and executive reports that show configuration posture, risk trends, and remediation progress.
- Provide technical guidance and secure build standards; supply audit evidence, scan artifacts, and documentation.
- Maintain a master tracker of NSF baselines and deliver weekly status reports on baseline progress to management.
Required qualifications:
- Bachelor’s degree in Cybersecurity, Information Technology, or related field, or equivalent experience.
- 7+ years in vulnerability management and/or secure configuration management.
- Hands‑on administration of Tenable Security Center (Tenable.sc) for credentialed scans.
- Proven experience customizing and troubleshooting STIG and CIS audit files.
- Deep knowledge of DISA STIGs, CIS Benchmarks, and federal configuration requirements.
- Strong hardening expertise across Windows, Linux, and network devices; database experience (e.g., MS SQL, PostgreSQL).
- Experience supporting RMF and continuous monitoring programs.
- Ability to analyze scan data, prioritize risk, and communicate clearly to technical and non‑technical stakeholders.
Preferred qualifications:
- Experience in federal government environments.
- Relevant certifications: Security+, CISSP, CEH, or Tenable certifications.
- Scripting skills (PowerShell, Bash, Python) to automate compliance validation and reporting.
- Familiarity with enterprise change and configuration management processes.
Key competencies:
- Deep technical knowledge of OS, database, and network hardening.
- Strong analytical and problem‑solving skills; bias for action.
- Ability to translate policy and control requirements into practical technical configurations.
- Clear, concise written and verbal communication for audit and executive audiences.
Work environment:
- Collaborative, mission‑driven team environment across federal and contractor personnel.
- Remote position; reports to the Cybersecurity Oversight and Compliance Team Lead at NSF (Alexandria, VA).
- Enterprise scope; frequent coordination with system owners, administrators, ISSOs, and other security stakeholders.
#LI-SM2 #AppC