Cyber Security Specialist
Successful candidate will Support the cybersecurity program to ensure compliance with the Department of Energy contract requirements, NIST standards, and organizational policies/procedures for both general support systems and industrial control systems. Key components of this position include: providing security engineering designs and implementation in all aspects of Information Assurance and Information Security (InfoSec); mitigating vulnerabilities and providing threat response; monitoring, configuring, and responding to alerts; providing configuration control; and planning and implementing security designs in hardware, software, data, and procedures.
Desired expertise and experience includes:
- Industrial Control System Security
- TCP/IP networks and protocols
- Intrusion detection / prevention systems, using tools such as Snort / Sourcefire / Cisco
- Network packet capture and network traffic analysis using tools such as WireShark
- Log analysis and correlation using tools such as Splunk
Responsibilities:
- Promotes responsible empowerment and the core values: safety, integrity, accountability, teamwork, excellence, and leadership
- Monitor and analyze alerts from Intrusion Detection/Prevention Systems (IDS/IPS), firewalls, anti-virus, and other tools/systems
- Responsible for Information Assurance and Information Security
- Responsible for the development, submission, and maintenance of various artifacts required to obtain Authority to Operate (ATO) for general and industrial networks
- Establishes, documents, and monitors the cybersecurity program and ensures compliance with all U.S. Department of Energy and business cybersecurity requirements
- Ensures that personnel with cybersecurity responsibilities are trained on cybersecurity requirements, operations, safeguards, and incident handling procedures
- Responsible for conducting site/system reviews, writing audit/review reports, reviewing findings and making recommendations to senior management
- Perform information security and vulnerability assessments and penetration testing
- Implement and maintain a security incident and event management plans
- Provide timely communication and reporting related to security events (real-time, trends), security incident management tracking and follow up
- Apply broad in-depth business and technical knowledge to establish technical direction and priorities
- Advise/mentor the development of service leaders/staff members
- Responsible for defining IT governance, risk and compliance program elements and the plan to monitor active IT compliance
- Develops and maintains policies, procedures, baselines and standards working closely with other managers within IT and across the business
- Develop, implement, and enhance audit and compliance tracking processes to ensure adherence to IT policies and guidelines as well as regulatory compliance
- Ability to identify and resolve technical security-related issues across multiple project boundaries
- Candidates must possess a working knowledge of cybersecurity policies and technical cybersecurity protection measures to identify and resolve technical security related issues
- Must be a self-driven and results-oriented individual capable of effectively working multiple tasks concurrently across a diverse program landscape. The ability to handle multiple priorities under deadlines is also required.
- Other job-related duties as assigned
Minimum Qualification Requirements (Education and Experience):
- Associates degree in Information Technology field (MIS, CIS, CS) or demonstrated an equivalent combination of education and experience.
- Minimum of 5 years of experience in a technical cybersecurity position
- Active Department of Energy Clearance
Job Type: Full-time