Cybersecurity Information System Security Engineer

Pantex Plant•Oak Ridge, TN

51d

About The Position

The Information System Security Engineer (ISSE) is responsible for executing system security design, development, testing, and implementation. The ISSE is able to identify, design and execute on security projects that improve detection and response capabilities. The ISSE is responsible for conducting software and systems engineering and software systems research to develop new capabilities with fully integrated cybersecurity while conducting comprehensive technology research to evaluate potential vulnerabilities in in the cyber domain. The ISSE is an expert in Assessment and Authorization (A&A) of Federal information systems, technology risk assessments, and the National Institutes of Standards and Technology (NIST) Cybersecurity Framework and has broad knowledge in Information Technology (IT), Operation Technology (OT), Industrial Control Systems (ICS), and cybersecurity operations. Successful candidates for this role will be expected to stay up to date on the latest cybersecurity threat intelligence.

Requirements

Bachelor's degree in engineering/computer science/mathematics/information technology discipline with a minimum of 4 years of relevant experience
OR a Master's degree in engineering/science/information technology discipline with a minimum of 2 years of relevant experience.
Twelve or more years of relevant education, training, and/or progressive experience may be considered to satisfy educational and years-of-experience requirements for this posting.

Nice To Haves

Experience and/or certifications associated with RMF, ICD 503, NIST SP800-53 or DCID 6/3.
Experience in continuous authorization practices.
Experience applying NIST 800-53 security controls to OT environments.
Experience designing securing OT environments in accordance with NIST SP 800-82
Experience applying risk management framework to OT systems.
Knowledge of systems security engineering (SSE) principles and practices.
Knowledge of OT system threats and vulnerabilities.
Knowledge of Risk Management Framework requirements and process.
Hold at least one of the following certifications: Certified Information Systems Security Professional (CISSP), Global Information Security Professional (GISP), or the CompTIA Advanced Security Practitioner (CASP) or other certifications exemplifying skill sets such as those described in DOD Instruction 8570.1 Information Assurance Management (IAM) Level III proficiency.
Knowledge of DOE and NNSA mission and cybersecurity requirements.
Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.

Responsibilities

Provide cybersecurity planning, assessment, risk analysis, and risk management across all domains
Define baseline system security requirements and determine if system analysis meets cybersecurity requirements
Determine and translate functional requirements and specifications into technical solutions
Develops and implements test plans to address security specifications and requirements
Performs operational testing
Participate in the Change Management process, including review of change requests
Works on project teams responsible for engineering and packaging software releases to integrate within the production environment
Monitors and provides input for software updates and patches, vendor licensing management, security planning, and risk management.

Benefits

Meaningful work and unique opportunities to support missions vital to national and global security
Top-notch, dedicated colleagues
Generous pay and benefits with a stable organization
Career advancement and professional development programs
Work-life balance fostered through flexible work options and wellness initiatives
medical plan
prescription drug plan
vision plan
dental plan
employer matched 401(k) savings plan
disability coverage
education reimbursement