Cyber Security Specialist

Successful candidate will Support the cybersecurity program to ensure compliance with the Department of Energy contract requirements, NIST standards, and organizational policies/procedures for both general support systems and industrial control systems. Key components of this position include: providing security engineering designs and implementation in all aspects of Information Assurance and Information Security (InfoSec); mitigating vulnerabilities and providing threat response; monitoring, configuring, and responding to alerts; providing configuration control; and planning and implementing security designs in hardware, software, data, and procedures.

Desired expertise and experience includes:

• Industrial Control System Security
• TCP/IP networks and protocols
• Intrusion detection / prevention systems, using tools such as Snort / Sourcefire / Cisco
• Network packet capture and network traffic analysis using tools such as WireShark
• Log analysis and correlation using tools such as Splunk

Responsibilities:

• Promotes responsible empowerment and the core values: safety, integrity, accountability, teamwork, excellence, and leadership
• Monitor and analyze alerts from Intrusion Detection/Prevention Systems (IDS/IPS), firewalls, anti-virus, and other tools/systems
• Responsible for Information Assurance and Information Security
• Responsible for the development, submission, and maintenance of various artifacts required to obtain Authority to Operate (ATO) for general and industrial networks
• Establishes, documents, and monitors the cybersecurity program and ensures compliance with all U.S. Department of Energy and business cybersecurity requirements
• Ensures that personnel with cybersecurity responsibilities are trained on cybersecurity requirements, operations, safeguards, and incident handling procedures
• Responsible for conducting site/system reviews, writing audit/review reports, reviewing findings and making recommendations to senior management
• Perform information security and vulnerability assessments and penetration testing
• Implement and maintain a security incident and event management plans
• Provide timely communication and reporting related to security events (real-time, trends), security incident management tracking and follow up
• Apply broad in-depth business and technical knowledge to establish technical direction and priorities
• Advise/mentor the development of service leaders/staff members
• Responsible for defining IT governance, risk and compliance program elements and the plan to monitor active IT compliance
• Develops and maintains policies, procedures, baselines and standards working closely with other managers within IT and across the business
• Develop, implement, and enhance audit and compliance tracking processes to ensure adherence to IT policies and guidelines as well as regulatory compliance
• Ability to identify and resolve technical security-related issues across multiple project boundaries
• Candidates must possess a working knowledge of cybersecurity policies and technical cybersecurity protection measures to identify and resolve technical security related issues
• Must be a self-driven and results-oriented individual capable of effectively working multiple tasks concurrently across a diverse program landscape. The ability to handle multiple priorities under deadlines is also required.
• Other job-related duties as assigned

Minimum Qualification Requirements (Education and Experience):

• Associates degree in Information Technology field (MIS, CIS, CS) or demonstrated an equivalent combination of education and experience.
• Minimum of 5 years of experience in a technical cybersecurity position
• Active Department of Energy Clearance

Job Type: Full-time