Criterion Systems
Cloud Security Engineer (Administrator)
Criterion Systems, Washington, District of Columbia, us, 20022
Overview:
At Criterion Systems, we developed a different kind of businessa company whose real value is a reputation for excellence built upon the collective skills, talents, perspectives, and backgrounds of its people. By accepting a position with Criterion Systems, you will join a group of professionals with a collaborative mindset where we share ideas and foster professional development to accomplish our goals. In addition to our great culture, we also offer competitive compensation and benefit packages, company-sponsored team building events, and advancement opportunities. To find out more about how Criterion can help you take your career to the next level please visit our website: www.criterion-sys.com.
Criterion Systems is a Military/Veteran Friendly Company therefore we encourage Veterans to apply. Responsibilities: We are seeking a mission-focused
Cloud Security Administrator
to support and contribute to our government customers success in Washington D.C.! As a Cloud Security Administrator, you will support cloud systems engineering, administration, and maintenance for a high-visibility Executive Branch customer. Your focus will be on access control and data protection, enterprise DNS management, and security auditing. This role requires in-depth knowledge of cloud security practices, DNS management, identity and access management (IAM), and security compliance auditing. This role is hybrid and requires 3 days a week on-site in Washington, DC. Duties, Tasks & Responsibilities Access Control and Data Protection:
Oversee privileged access administration, including the creation and implementation of standard guidance and workflows for granting administrative access to users. Validate accesses and roles, ensuring compliance with Government policies. Support cloud federation efforts by implementing and administering IAM controls, including SSO, token management, and API permissions. Manage identity and access management federation for new cloud applications, facilitating the transition from Microsoft ADFS to Entra ID. Facilitate the setup and enrollment of authorized customers in Microsoft COI/firewall policy exceptions for cloud applications.
DNS Records Management:
Provide technical expertise in DNS and related security standards, including DNSSEC, DMARC, DKIM, and SPF. Draft and execute processes for DNS management, including YAML file configuration, code commits, pull requests, and peer reviews. Conduct regular audits of DNS records, reviewing and updating GitHub access controls and permissions to ensure record consistency and accuracy. Maintain Infrastructure as Code (IaC) capabilities within a GitHub environment, using tools such as OctoDNS for automated DNS records management
Security Auditing:
Conduct regular audits to measure compliance across the cloud application portfolio. Audit access, privileges, and entitlements to ensure alignment with least privilege principles and to identify unauthorized access or privilege escalations. Audit application security policies, ensuring universal application and timely remediation of vulnerabilities. Prepare detailed reports of audit findings and compliance gaps, providing recommendations for remediation and presenting remediation plans to leadership within 30 days of each audit. Track remediation progress and provide updates through internal status reports and formal Quarterly Executive Security Reviews.
Implement continuous improvement efforts based on audit results, industry trends, and Government feedback to enhance security auditing processes and maintain alignment with evolving security threats.
Qualifications: Required Experience, Education, Skills & Technologies Active DoD TS/SCI Clearance Bachelors degree in Engineering, Computer Science, or related field (or additional 4 years of experience in lieu of degree). DoD 8570 IAT II Certification or higher 7+ years of experience including cloud security administration, incident response, IAM, and DNS management. Strong proficiency in DNS including DNSSEC, DMARC, DKIM, SPF Experience using GitHub; experience using OctoDNS for DNS management strongly preferred Knowledge of SSO and cloud authentication mechanisms Experience supporting and/or participating in cloud application security assessments Excellent written and verbal communication skills, with the ability to produce detailed reports and documentation. Security Clearance Level Minimum TS/SCI Certification DoD 8570 IAT II Certification or higher (e.g., Security+, CCNA Security, CySA+, GICSP, GSEC, CND, SSCP) https://public.cyber.mil/cw/cwmp/dod-approved-8570-baseline-certifications Work Schedule Full-time hybrid, on-site 3 days/week Benefits Offered Medical, Dental, Vision, Life Insurance, Short-Term Disability, Long-Term Disability, 401(k) match, Tuition/Training Assistance, Parental Leave, Paid Time Off, and Holidays. Criterion Systems, LLC and its subsidiaries are committed to equal employment opportunity and non-discrimination at all levels of our organization. We believe in treating all applicants and employees fairly and make employment decisions without regard to any individuals protected status: race, ethnicity, color, national origin, ancestry, religion, creed, sex/gender, gender identity/gender expression, sexual orientation, physical and mental disability, marital/parental status, pregnancy (including childbirth, lactation, and related medical conditions), age, genetic information (including characteristics and testing), military and veteran status, or any other characteristic protected by law. For our complete EEO/AA and Pay Transparency statement, please visit
https://careers-criterion-sys.icims.com/.
At Criterion Systems, we developed a different kind of businessa company whose real value is a reputation for excellence built upon the collective skills, talents, perspectives, and backgrounds of its people. By accepting a position with Criterion Systems, you will join a group of professionals with a collaborative mindset where we share ideas and foster professional development to accomplish our goals. In addition to our great culture, we also offer competitive compensation and benefit packages, company-sponsored team building events, and advancement opportunities. To find out more about how Criterion can help you take your career to the next level please visit our website: www.criterion-sys.com.
Criterion Systems is a Military/Veteran Friendly Company therefore we encourage Veterans to apply. Responsibilities: We are seeking a mission-focused
Cloud Security Administrator
to support and contribute to our government customers success in Washington D.C.! As a Cloud Security Administrator, you will support cloud systems engineering, administration, and maintenance for a high-visibility Executive Branch customer. Your focus will be on access control and data protection, enterprise DNS management, and security auditing. This role requires in-depth knowledge of cloud security practices, DNS management, identity and access management (IAM), and security compliance auditing. This role is hybrid and requires 3 days a week on-site in Washington, DC. Duties, Tasks & Responsibilities Access Control and Data Protection:
Oversee privileged access administration, including the creation and implementation of standard guidance and workflows for granting administrative access to users. Validate accesses and roles, ensuring compliance with Government policies. Support cloud federation efforts by implementing and administering IAM controls, including SSO, token management, and API permissions. Manage identity and access management federation for new cloud applications, facilitating the transition from Microsoft ADFS to Entra ID. Facilitate the setup and enrollment of authorized customers in Microsoft COI/firewall policy exceptions for cloud applications.
DNS Records Management:
Provide technical expertise in DNS and related security standards, including DNSSEC, DMARC, DKIM, and SPF. Draft and execute processes for DNS management, including YAML file configuration, code commits, pull requests, and peer reviews. Conduct regular audits of DNS records, reviewing and updating GitHub access controls and permissions to ensure record consistency and accuracy. Maintain Infrastructure as Code (IaC) capabilities within a GitHub environment, using tools such as OctoDNS for automated DNS records management
Security Auditing:
Conduct regular audits to measure compliance across the cloud application portfolio. Audit access, privileges, and entitlements to ensure alignment with least privilege principles and to identify unauthorized access or privilege escalations. Audit application security policies, ensuring universal application and timely remediation of vulnerabilities. Prepare detailed reports of audit findings and compliance gaps, providing recommendations for remediation and presenting remediation plans to leadership within 30 days of each audit. Track remediation progress and provide updates through internal status reports and formal Quarterly Executive Security Reviews.
Implement continuous improvement efforts based on audit results, industry trends, and Government feedback to enhance security auditing processes and maintain alignment with evolving security threats.
Qualifications: Required Experience, Education, Skills & Technologies Active DoD TS/SCI Clearance Bachelors degree in Engineering, Computer Science, or related field (or additional 4 years of experience in lieu of degree). DoD 8570 IAT II Certification or higher 7+ years of experience including cloud security administration, incident response, IAM, and DNS management. Strong proficiency in DNS including DNSSEC, DMARC, DKIM, SPF Experience using GitHub; experience using OctoDNS for DNS management strongly preferred Knowledge of SSO and cloud authentication mechanisms Experience supporting and/or participating in cloud application security assessments Excellent written and verbal communication skills, with the ability to produce detailed reports and documentation. Security Clearance Level Minimum TS/SCI Certification DoD 8570 IAT II Certification or higher (e.g., Security+, CCNA Security, CySA+, GICSP, GSEC, CND, SSCP) https://public.cyber.mil/cw/cwmp/dod-approved-8570-baseline-certifications Work Schedule Full-time hybrid, on-site 3 days/week Benefits Offered Medical, Dental, Vision, Life Insurance, Short-Term Disability, Long-Term Disability, 401(k) match, Tuition/Training Assistance, Parental Leave, Paid Time Off, and Holidays. Criterion Systems, LLC and its subsidiaries are committed to equal employment opportunity and non-discrimination at all levels of our organization. We believe in treating all applicants and employees fairly and make employment decisions without regard to any individuals protected status: race, ethnicity, color, national origin, ancestry, religion, creed, sex/gender, gender identity/gender expression, sexual orientation, physical and mental disability, marital/parental status, pregnancy (including childbirth, lactation, and related medical conditions), age, genetic information (including characteristics and testing), military and veteran status, or any other characteristic protected by law. For our complete EEO/AA and Pay Transparency statement, please visit
https://careers-criterion-sys.icims.com/.