Cyber Security Analyst (ISSO)

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Management/Assurance, or similar
• 7 years of relevant experience in contractor-federal appointed ISSO or Security Control Assessor role
• Have demonstrated proficiency in NIST Risk Management Framework and Security Control Sets (i.e., NIST 800-37 and NIST 800-53)
• For ability to obtain and maintain a security clearance, US Citizenship is Legally Required

Nice To Haves

• Current of former experience with DOE cybersecurity or a federal-contractor cybersecurity technical position
• Strong attention to detail and writing skills leading to accurate, clear, and concise control implementations that withstand scrutiny
• Ability to produce accurate, well-structured and audience appropriate security documentation able to be understood by assessors, technical teams, system owners and senior leaders/managers
• Effective verbal briefing with the ability to translate technical information into business/mission risk impacts
• Soft skills to include excellent communication and interpersonal skills, strong attention to detail, ability to multi-task and to collaborate in a team environment
• Experience with information assurance and cyber tools (GRC, Tenable.SC, Nessus, Splunk, etc.)
• Ability to quickly learn new technologies, concepts, and processes
• Active DOE L or Q clearance

Responsibilities

• Develop, maintain, and oversee System Security Plans and other boundary supporting documents in accordance with the NIST RMF and applicable policies
• Act in owner/oversight capacity for day-to-day cybersecurity functions for the assigned systems, ensuring controls are implemented correctly, operating as intended, and documented correctly
• Manage and track all risks for the boundary in designated risk registers and prepare a consolidated annual boundary risk assessment.
• Oversee information security categorizations of new and/or updated security categorizations for system/applications with the data owners (FIPS 199 and NIST SP 800-60)
• Ensure proper selection and tailoring of security controls are documented with clear and concise implementations
• Participate in the SRNL Change Review Board
• Maintain and ensure execution of the continuous monitoring strategy for the (AO) approved controls
• Prepare a Security Authorization Packages for new projects and for the boundary for submission to DOE for obtaining or renewing an Authority to Operate
• Coordinate activities with compliance assessment teams, providing artifacts and evidence of compliance as requested
• Take ownership of any issues in Security Assessment Report related to the systems assigned
• Support in a timely manner external audits, FISMA reporting, and other Data Calls
• Assist in identifying acceptable risk tolerances for the AO/AODR where appropriate for SRNL to manage internally any item with negligible to very low risks for the boundary
• Support and guide Project Security Officers within the boundary with security management of their systems in accordance with their appointment letters
• Conduct or review and approve security impact analysis for systems and networks undergoing significant security changes that could affect the system’s authorization status.
• Provide timely notification to the AO/AODR for incidents and changes that may affect the system’s authorization status
• Maintains mutually beneficial partnerships with other functions and seeks support for functional projects within and outside the function