Senior Secure Configuration Management (SecCM) Specialist
About The Position
Criterion Systems is seeking an experienced Security Configuration Management Lead to manage and optimize security configuration management (SCM) processes at the U.S. National Science Foundation (NSF). This role involves coordinating across teams to ensure NSF systems remain secure, compliant with federal regulations, and align with cybersecurity best practices. This position will report to the Cybersecurity Oversight and Compliance Team Lead. The ideal candidate will have a strong background in IT security, configuration management, and federal environments, with expertise in customizing Security Technical Implementation Guides (STIGs) and Center for Internet Security (CIS) benchmarks using NASL (Nessus Attack Scripting Language) for integration with Tenable.sc and Nessus.
Requirements
- Bachelor’s degree in Cybersecurity, Information Technology, or related field, or equivalent experience.
- 7+ years in vulnerability management and/or secure configuration management.
- Hands‑on administration of Tenable Security Center (Tenable.sc) for credentialed scans.
- Proven experience customizing and troubleshooting STIG and CIS audit files.
- Deep knowledge of DISA STIGs, CIS Benchmarks, and federal configuration requirements.
- Strong hardening expertise across Windows, Linux, and network devices; database experience (e.g., MS SQL, PostgreSQL).
- Experience supporting RMF and continuous monitoring programs.
- Ability to analyze scan data, prioritize risk, and communicate clearly to technical and non‑technical stakeholders.
Nice To Haves
- Experience in federal government environments.
- Relevant certifications: Security+, CISSP, CEH, or Tenable certifications.
- Scripting skills (PowerShell, Bash, Python) to automate compliance validation and reporting.
- Familiarity with enterprise change and configuration management processes.
Responsibilities
- Lead enterprise Secure Configuration Management in alignment with NIST, DHS/CISA, and OMB requirements.
- Configure, manage, and optimize credentialed scans in Tenable Security Center (Dev environment) for OS, databases, network devices, applications, and cloud‑hosted systems.
- Customize and maintain DISA STIG and CIS audit files to align with NSF‑approved baselines and documented deviations.
- Validate findings, reduce false positives, and coordinate remediation with system owners and administrators.
- Develop, maintain, and govern secure configuration baselines for Windows, Linux, databases, network devices, and cloud platforms.
- Support RMF activities and control assessments for CM and RA domains (e.g., CM‑2, CM‑6, RA‑5); contribute to continuous monitoring.
- Produce metrics, dashboards, and executive reports that show configuration posture, risk trends, and remediation progress.
- Provide technical guidance and secure build standards; supply audit evidence, scan artifacts, and documentation.
- Maintain a master tracker of NSF baselines and deliver weekly status reports on baseline progress to management.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Number of Employees
501-1,000 employees
