• You create, build, test, deliver and support infrastructure, automation, and employees tooling • Architect and maintain a Zero Trust corporate infrastructure • You lead infrastructure changes, evolve system design and foster good engineering practices • Hands On: Design and deploy a unified detection and response pipeline using Security as a Code approach • Security Policy Management: Create, implement, manage, and enforce security policies and procedures • Security Assessment & Monitoring: Drive continuous threat modeling and automated vulnerability management

• Implement, configure, and optimize IBM QRadar SIEM solutions within enterprise environments • Integrate and manage log sources including firewalls, endpoints, servers, and network devices • Develop and maintain custom correlation rules, alerts, dashboards, and reports • Track and analyze security events to identify potential threats and suspicious activities • Support incident investigation and response using QRadar analytics and threat intelligence • Conduct SIEM tuning to reduce false positives and improve detection accuracy • Document system configurations, architecture, and operational procedures • Offer knowledge transfer and guidance to internal security and SOC teams

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description This position requires an active Public Trust clearance or the ability to obtain a Public Trust clearance to be considered. The right candidate will be a driven cybersecurity leader with a deep commitment to privacy and public service. Recognized for exceptional communication and interpersonal skills, working with and influencing executive, technical, and mission stakeholders to align priorities and drive outcomes. Lead complex, cross-functional cybersecurity teams and vendor ecosystems with clarity and accountability, delivering measurable results. Able to translate complex toolsets and requirements into actionable roadmaps, ensuring disciplined execution and high integrity program delivery. Responsibilities - Lead NSF’s enterprise cybersecurity and privacy program; set objectives, coach for performance, ensure cross-training and continuity; maintain an adaptive posture with rigorous analysis and implementation. - Govern to NIST RMF (SP 800-37), FISMA, OMB guidance, NIST SP 800-series (including privacy controls), CISA BODs, and FedRAMP; own FISMA IG maturity targets and drive quarterly improvements with metrics-based reporting. - Develop and maintain cybersecurity and privacy policies, plans, procedures, standards, operational guides; establish and manage a documentation and knowledge repository. - Drive risk-based management and security-focused configuration management across infrastructure and applications; maintain risk registers, executive dashboards, and remediation plans. - Privacy Program Management: Partner with SAOP (Senior Agency Official for Privacy) to lead oversight; conduct privacy control assessments (NIST SP 800-53 Rev. 5 privacy, OMB memos); maintain a privacy risk register; embed privacy risk in enterprise reporting; deliver compliance reporting and corrective actions. - Assessment and Authorization/Continuous Monitoring: Lead A&A/Ongoing Authorization; plan and execute assessments aligned to NIST SP 800-53/53A, 800-171/172; manage evidence, weakness analysis, POA&Ms, and durable closure; mature Continuous Monitoring and DHS CDM integrations, dashboards, automated reporting, and alert fidelity. - SIEM (Security Information and Event Management) Monitoring and Audit Logging: Oversee Splunk operations; enforce audit logging standards, log source coverage (infrastructure, applications, cloud), retention/integrity, and compliance mapping; tune detections and dashboards. - Zero Trust and Modernization: Execute NSF’s Zero Trust plan across identity, devices, networks, applications/workloads, and data; implement comprehensive monitoring, risk-based access, automation; conduct red/blue team testing; advance data-centric security, DLP, and protection of sensitive/PII; plan for post-quantum cryptography transitions. - Identity and Account Management: Own enterprise IAM governance—joiner/mover/leaver automation, identity proofing, MFA and conditional access, ABAC (Attribute-Based Access Control)/RBAC (Role-Based Access Control) design, federation, lifecycle monitoring metrics; enforce least privilege, just-in-time/just-enough access. - Privileged Access Management: Lead CyberArk operations for vaulting, credential rotation, session monitoring/recording, access brokering; integrate with IdP, ticketing, and automation to reduce risk and improve efficiency. - Application Security and DevSecOps: Establish secure SDLC standards, threat modeling, secure code reviews, SAST (Static Application Security Testing)/DAST (Dynamic Application Security Testing)/SCA(Software Composition Analysis) in CI/CD, developer training; enforce configuration management; track AppSec KPIs (coverage, defect density, remediation time). - Cloud and External Services Reviews: Conduct security reviews, analysis, and continuous monitoring of cloud/external services; validate FedRAMP inheritance and compensating controls; enforce CSPM policies; perform vendor risk assessments; run quarterly posture reviews and remediation. - Operations, IR, and Forensics: Lead SOC operations and major incident response including after-hours surge; drive root cause analysis, lessons learned, corrective actions; direct IT forensics and eDiscovery with proper chain-of-custody and audit-ready evidence. - Continuity, Contingency, and Service Recovery: Direct BCP (Business Continuity Plans)/DR (Disaster Recovery) strategy with defined RTO (Recovery Time Objective)/RPO (Recovery Point Objective); run tabletop and failover exercises; manage dependency mapping, evidence capture, and corrective actions to meet restoration objectives. - Supply Chain Risk Management: Support ICT (Information and Communications Technology) SCRM (Supply Chain Risk Management) across development, acquisition, maintenance, and disposal; integrate NIST SP 800-161r1 practices, oversee ongoing monitoring and end-of-life disposal controls. - Infrastructure Asset Identification and Classification: Establish authoritative asset inventory and classification standards; integrate with CMDB and DHS CDM for visibility, control coverage, and risk reporting. - Independent Reviews and SCIF Support: Coordinate internal and third-party independent security reviews; support SCIF-related security operations and processes as required. - Tool Refresh and Maturation: Plan refresh cycles and maturity targets for SIEM (Splunk), EDR/XDR, vulnerability scanning, IAM/IdP, PAM (CyberArk), DLP, CSPM/CWPP, configuration management tools, and cloud-native services; measure efficacy and ROI; deprecate low-value tools. - Cybersecurity and Privacy Training: Own awareness and role-based training programs; coordinate content, track completion, measure effectiveness (e.g., phishing resilience), and drive continuous improvement. - Reporting and Deliverables: Deliver monthly/quarterly reports covering FISMA IG maturity, POA&M status/closure, CDM dashboards, SIEM coverage and detection efficacy, incident metrics (MTTD/MTTR), audit response packages, training metrics, continuity/DR test results, and executive risk dashboards. - Performs other job-related duties as assigned. Qualifications - 10+ years of cybersecurity leadership; 5+ years leading federal or large enterprise programs with multi-vendor teams. - Demonstrated privacy program leadership in federal environments; partnership with SAOP; execution of PIAs (Privacy Impact Assessments)/SORNs (Systems of Records Notices) and privacy control assessments. - Deep experience with NIST RMF, FISMA, OMB guidance, NIST SP 800-series (including 53/53A and privacy controls), CISA BODs, FedRAMP, DHS CDM. - Proven A&A/Ongoing Authorization leadership; strong continuous monitoring, assessment planning/execution, evidence management, POA&M remediation. - SIEM/Splunk expertise: detections, dashboards, content tuning, data onboarding, audit/log monitoring, and threat analytics. - IAM governance: IdP/IAM platforms (Azure AD/Entra, Okta, Ping), conditional access/MFA, lifecycle automation, ABAC/RBAC policy design, identity proofing, federation. - PAM/CyberArk: architecture and operations for vaulting, credential rotation, session recording, least privilege, JIT/JEA access, and workflow integrations. - Application Security/DevSecOps: secure SDLC, threat modeling, secure code reviews, CI/CD integrations; tooling such as GitLab/GitHub Actions, SonarQube, Veracode, Snyk; familiarity with NIST SSDF. - SOC leadership, incident response, forensics/eDiscovery; cloud security governance across major CSPs; CSPM/CWPP policy design and enforcement. - SCRM and vendor risk management implementing NIST SP 800-161r1; SBOM practices; lifecycle controls from acquisition through disposal. - BCP/DR planning and execution; defined RTO/RPO; exercise orchestration and evidence management. - Strong automation orientation; ability to write and evaluate code in PowerShell, Python, SQL, Java; familiarity with VBA. - Experience establishing authoritative asset inventories and CMDB/CDM integrations; audit logging standards and compliance mapping. - Bachelor’s in Cybersecurity, Information Assurance, Computer Science, Engineering, or related field; Master’s preferred. - Certifications preferred: CISSP, CISM, CRISC, CAP, CCSP, PMP. - Splunk certifications (e.g., Power User, Admin) and CyberArk certifications (Defender, Sentry, Guardian) preferred. - Privacy certification strongly preferred: CIPP/G or equivalent federal privacy leadership experience. - Must pass pre-employment qualifications of Cherokee Federal. Benefits - Estimated Starting Salary Range: $180,000 - $190,000 (Pay commensurate with experience). - Full-time benefits include Medical, Dental, Vision, 401K, and other possible benefits as provided. - Benefits are subject to change with or without notice. Company Description Criterion is a part of Cherokee Federal – the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner for more than 60 federal clients, Cherokee Federal LLCs are focused on building a brighter future, solving complex challenges, and serving the government’s mission with compassion and heart. To learn more about Criterion, visit cherokee-federal.com.

Where You’ll Work Inspired by faith. Driven by innovation. Powered by humankindness. CommonSpirit Health is building a healthier future for all through its integrated health services. As one of the nation’s largest nonprofit Catholic healthcare organizations, CommonSpirit Health delivers more than 20 million patient encounters annually through more than 2,300 clinics, care sites and 137 hospital-based locations, in addition to its home-based services and virtual care offerings. CommonSpirit has more than 157,000 employees, 45,000 nurses and 25,000 physicians and advanced practice providers across 24 states and contributes more than $4.2 billion annually in charity care, community benefits and unreimbursed government programs. Together with our patients, physicians, partners, and communities, we are creating a more just, equitable, and innovative healthcare delivery system. Job Summary and Responsibilities This position is remote, but requires 50% travel and must be located in the Colorado Springs area. The Clinical Engineering Med Device Security Eng I mitigates medical device vulnerabilities and threats at a system level by developing and testing remediation instructions, and partnering with cross-functional teams to implement mitigation strategies. In the event of a security incident, this position leads remediation efforts and coordinates with cross-functional teams to return medical devices to service and to implement measures that will prevent future attacks. The Clinical Engineering Med Device Security Eng I has system level responsibilities to safeguard CommonSpirit's medical device environment to ensure device integrity and resilience by assessing, monitoring and responding to security vulnerabilities and threats. This role ensures that medical devices comply with relevant cybersecurity regulations, standards and guidelines. - Collaborate with cross-functional teams to implement mitigation strategies that address medical device security vulnerabilities and threats. - Develop and test medical device security patching and remediation instructions to mitigate risks while also maintaining the integrity of the devices to ensure device reliability and patient safety. - In the event of a security incident, lead system wide remediation efforts by coordinating with cross-functional teams to return the devices to service and to implement measures that will prevent future attacks. - Conduct comprehensive assessments of system wide medical devices to identify potential security risks and vulnerabilities by reviewing MDS2 forms, and obtaining information from medical device OEMs. - Ensure that medical devices comply with relevant cybersecurity regulations, standards and guidelines. - Resolve technical challenges and provide support to field technicians. The job summary and responsibilities listed above are designed to indicate the general nature of the work performed within this job. They are not designed to contain or be interpreted as a comprehensive inventory of all job responsibilities required of employees assigned to this job. Employees may be required to perform other duties as assigned. Job Requirements Required - Bachelors Other HTM, Computer Science, Technology, Business discipline or equivalent professional experience - Minimum of 2-4 years working in healthcare/IT Security, System Administration, Software Development or related field. - 1-2 years experience working in a healthcare/medical environment - Experience working with specialized medical equipment in a healthcare setting. - Experience with Cybersecurity and Infrastructure Security Agency (CISA), HIPAA/HITECH compliance standards. - Experience working with the software development life cycle or project management methodologies. Preferred - Certified Radiology Equipment Specialists (CRES) - Certified Biomedical Equipment Technician (CBET) - CompTIA A+ Certification - Certified Hthcare Tech Mgr (CHTM) - CompTIA Network +