• Reviewing, preparing, and updating cyber security program documents in accordance with NIST Risk Management Framework and customer policy, procedures, and guidelines.
• Perform self-assessments to ensure compliance with cyber security controls.
• Perform risk management identifying, documenting risks, and mitigating risks.
• Oversee baseline configuration management compliance - conduct manual STIG checklists and remediation.
• Ensure OT systems and network nodes are operated, maintained, and disposed of in accordance with security policies and practices.
• Develop, deliver, and monitor compliance with security trainings as necessary.
• Provide leadership, mentoring, and quality assurance for team members as a security expert.
• Manage and maintain required documentation and databases for both internal use and distribution.
• Assemble configuration management and Assessment & Authorization (A&A) packages to submit to ISSO and federal oversight.
• Support risk assessment and evaluation activities throughout the Security Authorization or site accreditation process.
• Identify and analyze existing OT Security processes and procedures to ensure it meets new OT security goals and objectives.
Associate Degree in Computer Science, Engineering, Information Technology or similar discipline and 12 years of professional experience in a technical role. In lieu of degree, a high school diploma with typically greater than 16 years of equivalent knowledge and experience is acceptable.
• Certifications such as: Security+, CASP+, GIAC Certifications, CISSP preferred.
• Extensive knowledge and experience with information security standards, policies and practices (e.g. NIST, FISMA,) preferred.
• Well versed with using vulnerability assessment tools (e.g. NESSUS, DISA STIG, SCAP) preferred.
• Knowledgeable with Systems Development Lifecycle (SDLC) methodologies and continuous monitoring activities preferred.
• Extensive experience analyzing information technology and system risk in complex environments and articulating results (verbal/reports) to all levels of management preferred.
• Demonstrated experience conducting security controls assessments and applying standard auditing techniques during system security controls assessments, including the proper interpretation of the control requirements, determining if the artifacts provided are sufficient, and recommending remedial actions to the customer to ensure compliance.
• Ability to research and address information security issues as required, being an authority on the subject.
A 40-hour work week is scheduled. SRNS utilizes various work schedules; including 5/8s (8 hours/day; five days per week), 4/10s (10 hours/day; four days per week), and 9/80s (9 hours/day, five days on week A and 4 days on week B). Workweek excludes SRNS holidays and each workday has a 30-minute unpaid lunch break. SRNS Management will determine best schedule depending on work needs.
Area Security Access:
Candidate must have the ability to obtain and maintain a DOE “Q” security clearance. Supplier shall possess a positive FOCI determination from DOE which includes “Q” security clearance level. An active DOE clearance is not initially required to perform assigned duties.
Spectra Tech, Inc. is committed to hiring and retaining a diverse workforce. We are an Equal Employment Opportunity (EEO) employer. It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information. We are also an E-verify employer.