Los Alamos, NM
Industry: Government & Non-Profit•
11 - 15 years
Posted 242 days ago
CyberTechnical Staff 4 in Los Alamos, New Mexico
What You Will Do
The Office of the Chief Information Officer (OCIO) orchestrates the information security and technology environment across the Laboratory through strategic planning, cybersecurity advisory support, governance, policy development, risk management, and efficient, effective portfolio management. Depending on your strengths and experience you may perform duties related to risk management, technical vulnerability assessment, certification and accreditation, or act as a senior cybersecurity advisor to key mission and operational organizations at the Laboratory.
The ideal candidate will be a self-starter with an inquisitive, analytical mind that constantly looks for solutions to difficult problems. The employee must have the ability to convey complicated technology and security concepts to stakeholders at multiple levels and ideally has technical knowledge and/or experience in multiple relevant areas. A proficiency in a risk management framework and conducting risk assessments in a regulated environment is desired.
As a Cybersecurity Technical Staff in the OCIO you will perform a range of duties to help ensure cybersecurity for the Laboratory. Areas of potential effort include: technical vulnerability assessment, certification and accreditation of IT systems based on a risk management framework (RMF) approach (i.e. NIST 800-53); contribution to documentation and processes to achieve Authorizations to Operate (ATOs); risk analysis of IT Systems; act in an advisory role to mission organizations to identify and resolve cybersecurity issues; recommend lessons learned and mitigations based upon incidents and penetration testing; information security control evaluation and testing; and the development and implementation of processes and tools to enable the Laboratory’s mission. You will be expected to keep an up-to-date understanding of all relevant federal requirements and RMF best business practices and apply them in your daily work activities, including supporting the development of policy and procedural documents. You may be expected to identify, assess, and defend against cyber system vulnerabilities, risks, and resulting physical or mission impacts. You may be expected to contribute to creating intelligence or operational products and perform cyber analysis. You will be expected to collaborate with othercybersecurity and information technology experts at the Laboratory, mission stakeholders, and others throughout the Department of Energy complex. As a result, good communication, diplomacy and interpersonal skills are required. Additional detail on potential job related duties and proficiency include but not limited to:
Leads efforts to resolve cyber issues.
Leads the development and advancement of new tools, risk analysis approaches, exploitation methods and techniques, and leads or develops effective solutions to cybersecurity issues.
Leads and advances the development and implementation of metrics and data analytics for new and unusual features, and manipulates raw data when needed to gather information.
Leads and advances the development of automating the implementation, configuration and maintenance of NIST related standards and controls for networks and systems.
Leads and advances the development and presentation of technical reports and briefings on complex system vulnerabilities to convey risks, impacts and security control recommendations to senior management and stakeholders.
Leads the establishment of direction and milestones for tasks involving more than one person. Scopes tasks within a project and defines deliverables at a task level within the approved scope, schedule, and budget.
Leads (and independently performs) the research, assembly, and/or evaluation of information or data regarding industry practices or applicable regulatory changes affecting cybersecurity policies or programs. Recommends sound and practical solutions to complex issues, scrutinizing the facts without making snap or biased judgments.
Leads and sets an example as a trusted advisor across functions and organizations and helps maintain OCIO as an ethically and legally pristine organization. Displays the strength to stand by difficult, but sound decisions, while helping steer stakeholders towards outcomes that support mission and operations.
Understands at an advanced level and adheres to all Laboratory and industry regulatory guidance and governance specific to cybersecurity.
Reviews and ensures all results, processes, and final products meet high quality specifications and are completed according to established requirements.
What You Need
Minimum Job Requirements:
Expert knowledge of and demonstrated experience with aspects of current IT technology including software, networks, security tools, services and related protocols.
Expert knowledge of information security practices for one or more of the following disciplines: Mobility and Remote Computing, Cloud Computing, High Performance Computing, Data Base Security, or Industrial Control Systems.
Expert knowledge of and experience in one or more of the following disciplines: computer science, information security, information assurance, or cybersecurity.
Expert technical knowledge of cyberthreats and vulnerabilities and demonstrated ability to apply that knowledge to system engineering, analytics, risk management, policy or operations as well as communicate that knowledge to a spectrum of stakeholders.
Safety and security are a primary responsibility for all Laboratory employees. Leads and sets an example in maintaining required safety and security training, assuring safety and security compliance, and making safety and security an integral part of every task, including taking the necessary steps to stop work if continuing the job is unsafe or compromises security.
Leads and sets an example and fosters a mutually respectful work environment that is free from discrimination and harassment.
Knowledge of and demonstrated experience related to vulnerability assessment, detection and mitigation, red teaming, reverse engineering, forensics, or incident response.
Demonstrated regulatory compliance knowledge of some of the following: FIPS, HIPAA, FISMA, NIST RMF, CNSS, or FedRAMP.
Exposure to SecurityArchitectures and Principles such as OWASP, SSAE-16, SAS70, ISO 27001, or HIPAA.
Experience with an electronic governance, risk, and compliance tool such as Archer, Xacta, or KeyLight.
Understanding of Department of Energy (DOE), National Nuclear Security Administration (NNSA), and LANL computer and information security policies, practices, and procedures.
Technical experience protecting classified information and sensitive unclassified information.
Thorough working knowledge of operations and security requirements at the Laboratory.
Experience with classified and unclassified government networks.
Active DOE Q clearance or Department of Defense (DoD) Top Security clearance.
Education:Position typically requires a Bachelor’s degree (Master’s preferred) in a technical field and twelve (12) years of experience, or an equivalent combination of education and experience..
Req ID: IRC61592