Location: Oak Ridge TN
Job Title: Information System Security Officer
Career Level From: Associate
Career Level To: Specialist
Job Specialty: Cyber Security
What Youll Do
The Information System Security Officer (ISSO) is responsible for the Assessment and Authorization (A&A) of Federal information systems as well as the development of accreditation and other required cybersecurity documentation for new and existing systems. This person maintains the day-to-day cybersecurity posture of assigned information systems and utilizes various network tools for continuous monitoring of Information Technology (IT) assets. The ISSO ensures that security controls are implemented documented and monitored in accordance with organizational policy and applicable cybersecurity standards. This role works closely with System Owners Information System Security Managers (ISSMs) and cybersecurity teams to support system authorization continuous monitoring and risk management activities. Candidates are expected to have an understanding of the NIST Risk Management Framework (RMF) and the various supporting elements. Successful candidates for this role will be expected to stay up to date on the latest cybersecurity risks and threats as well as work with technology subject matter experts (SME) to develop risk assessments and the proper mitigations.
POSITION DUTIES AND RESPONSIBILITIES:
- Implements and maintains security controls aligned with approved baselines and organizational requirements.
- Supports system authorization activities including the development and maintenance of security documentation such as System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms).
- Monitors system security posture and identifies risks vulnerabilities and compliance gaps.
- Tracks and manages POA&Ms and coordinates remediation activities with system stakeholders.
- Assesses the security impact of system changes and supports configuration and change management processes.
- Supports continuous monitoring activities including vulnerability management and security reporting.
- Serves as a security liaison between system teams cybersecurity operations and governance bodies.
- Prepares systems for security assessments audits and Authorizing Official reviews.
What You Can Expect
- Meaningful work and unique opportunities to support missions vital to national and global security
- Top-notch dedicated colleagues
- Generous pay and benefits with a stable organization
- Career advancement and professional development programs
- Work-life balance fostered through flexible work options and wellness initiatives
Minimum Job Requirements
- Bachelors degree in engineering/computer/mathematics/information technology discipline.
- Eight or more years of relevant education training and/or progressive experience may be considered to satisfy educational and years-of-experience requirements for this posting.
Preferred Job Requirements
- Knowledge of computer networking concepts and protocols and network security methodologies
- Knowledge of risk management processes (e.g. methods for assessing and mitigating risk)
- Knowledge of cybersecurity and privacy principles
- Knowledge of cybersecurity threats and vulnerabilities
- Knowledge of Security Assessment and Authorization process
- Knowledge of Risk Management Framework (RMF) best practices
- Ability to present administrative technical and operational information clearly and effectively through the oral and written word as well as diagrams and charts
- Knowledge of NIST 800-53/53A security controls
- Ability to assess and provide written assessments of A&A packages
- Experience with RMF in the DOE Community
- Security CEH Certification or CISSP Certification
- FedRAMP and Cloud compliance experience
- Knowledge of information technology (IT) security principles and methods (e.g. firewalls demilitarized zones encryption)
- Knowledge of Application Security Risks
- Knowledge of laws regulations policies and ethics as they relate to cybersecurity and privacy
- Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
- Knowledge of Personally Identifiable Information (PII) data security standards
- Knowledge of authentication authorization and access control methods
- Knowledge of database systems
- Knowledge of Industrial Control Systems (NIST 800-82)
- Knowledge of emerging technologies that have potential for exploitation
- Knowledge of system and application security threats and vulnerabilities (e.g. buffer overflow mobile code cross-site scripting.
Why Y-12
You get #morethanajob. We encourage employees to achieve a healthy personal balance among home work and the community. One of the ways we embrace work-life balance is by offering flexible work arrangements that provide alternatives to the traditional workweek while still meeting business needs. Top talent and personal commitment mean more to our success than any other factors so we reward our people with the kinds of benefits that make a positive difference in the quality of their lives. Benefits such as: medical plan prescription drug plan vision plan dental plan employer matched 401(k) savings plan disability coverage education reimbursement and many more. Want to stay healthy and fit but hate the cost of a gym membership Take advantage of one of our onsite workout facilities and eat healthy in our onsite cafeterias. Much more than a workplace at Y-12 you can build a career that lasts a lifetime.
Notes
The minimum education and experience for the lowest career level in the job posting range are listed under Minimum Job Requirements. Successful candidates hired into a higher career level than the minimum in the range must meet the requirements listed in the job leveling charts for the career level into which they are being hired.
If a range of Career Levels is posted i.e. Senior Associate to Senior Specialist internal applicants already in one of the Career Levels would come across at their current Career Level. Internal applicants currently in a lower level Career Level would move to the lowest posted Career Level.
Requires a Q clearance; however all qualified candidates will be considered regardless of their current clearance status. The ability to obtain and maintain a Department of Energy Q clearance is required.
This position may require entry into the Material Access Areas (MAA) and participation in the Human Reliability Program (10 C.F.R. Part 712) which requires successful competition of a DOE counterintelligence evaluation and may include a counterintelligence-scope polygraph examination.
This position may be categorized as a designated position identified by 10 C.F.R. Part 709 requiring successful completion of a DOE counterintelligence evaluation that may include a counterintelligence-scope polygraph examination.
CNS is a drug-free workplace. Candidates accepting a job offer will be required to pass a pre-placement physical drug screening and background investigation. As an employee you may be required to receive and maintain a security clearance from the United States Department of Energy in order to meet eligibility requirements for access to sensitive information or matter. U.S. citizenship is a requirement for security clearance applicants. All employees are subject to being randomly selected for drug testing without advance notification.
CNS is an equal opportunity employer. All qualified applicants will receive consideration for employment based on merit and without regard to race color religion sex sexual orientation national origin protected veteran status or disability.
Required Experience:
Unclear Seniority
Location: Oak Ridge TNJob Title: Information System Security OfficerCareer Level From: AssociateCareer Level To: SpecialistJob Specialty: Cyber SecurityWhat Youll Do The Information System Security Officer (ISSO) is responsible for the Assessment and Authorization (A&A) of Federal information system...
Location: Oak Ridge TN
Job Title: Information System Security Officer
Career Level From: Associate
Career Level To: Specialist
Job Specialty: Cyber Security
What Youll Do
The Information System Security Officer (ISSO) is responsible for the Assessment and Authorization (A&A) of Federal information systems as well as the development of accreditation and other required cybersecurity documentation for new and existing systems. This person maintains the day-to-day cybersecurity posture of assigned information systems and utilizes various network tools for continuous monitoring of Information Technology (IT) assets. The ISSO ensures that security controls are implemented documented and monitored in accordance with organizational policy and applicable cybersecurity standards. This role works closely with System Owners Information System Security Managers (ISSMs) and cybersecurity teams to support system authorization continuous monitoring and risk management activities. Candidates are expected to have an understanding of the NIST Risk Management Framework (RMF) and the various supporting elements. Successful candidates for this role will be expected to stay up to date on the latest cybersecurity risks and threats as well as work with technology subject matter experts (SME) to develop risk assessments and the proper mitigations.
POSITION DUTIES AND RESPONSIBILITIES:
- Implements and maintains security controls aligned with approved baselines and organizational requirements.
- Supports system authorization activities including the development and maintenance of security documentation such as System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms).
- Monitors system security posture and identifies risks vulnerabilities and compliance gaps.
- Tracks and manages POA&Ms and coordinates remediation activities with system stakeholders.
- Assesses the security impact of system changes and supports configuration and change management processes.
- Supports continuous monitoring activities including vulnerability management and security reporting.
- Serves as a security liaison between system teams cybersecurity operations and governance bodies.
- Prepares systems for security assessments audits and Authorizing Official reviews.
What You Can Expect
- Meaningful work and unique opportunities to support missions vital to national and global security
- Top-notch dedicated colleagues
- Generous pay and benefits with a stable organization
- Career advancement and professional development programs
- Work-life balance fostered through flexible work options and wellness initiatives
Minimum Job Requirements
- Bachelors degree in engineering/computer/mathematics/information technology discipline.
- Eight or more years of relevant education training and/or progressive experience may be considered to satisfy educational and years-of-experience requirements for this posting.
Preferred Job Requirements
- Knowledge of computer networking concepts and protocols and network security methodologies
- Knowledge of risk management processes (e.g. methods for assessing and mitigating risk)
- Knowledge of cybersecurity and privacy principles
- Knowledge of cybersecurity threats and vulnerabilities
- Knowledge of Security Assessment and Authorization process
- Knowledge of Risk Management Framework (RMF) best practices
- Ability to present administrative technical and operational information clearly and effectively through the oral and written word as well as diagrams and charts
- Knowledge of NIST 800-53/53A security controls
- Ability to assess and provide written assessments of A&A packages
- Experience with RMF in the DOE Community
- Security CEH Certification or CISSP Certification
- FedRAMP and Cloud compliance experience
- Knowledge of information technology (IT) security principles and methods (e.g. firewalls demilitarized zones encryption)
- Knowledge of Application Security Risks
- Knowledge of laws regulations policies and ethics as they relate to cybersecurity and privacy
- Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
- Knowledge of Personally Identifiable Information (PII) data security standards
- Knowledge of authentication authorization and access control methods
- Knowledge of database systems
- Knowledge of Industrial Control Systems (NIST 800-82)
- Knowledge of emerging technologies that have potential for exploitation
- Knowledge of system and application security threats and vulnerabilities (e.g. buffer overflow mobile code cross-site scripting.
Why Y-12
You get #morethanajob. We encourage employees to achieve a healthy personal balance among home work and the community. One of the ways we embrace work-life balance is by offering flexible work arrangements that provide alternatives to the traditional workweek while still meeting business needs. Top talent and personal commitment mean more to our success than any other factors so we reward our people with the kinds of benefits that make a positive difference in the quality of their lives. Benefits such as: medical plan prescription drug plan vision plan dental plan employer matched 401(k) savings plan disability coverage education reimbursement and many more. Want to stay healthy and fit but hate the cost of a gym membership Take advantage of one of our onsite workout facilities and eat healthy in our onsite cafeterias. Much more than a workplace at Y-12 you can build a career that lasts a lifetime.
Notes
The minimum education and experience for the lowest career level in the job posting range are listed under Minimum Job Requirements. Successful candidates hired into a higher career level than the minimum in the range must meet the requirements listed in the job leveling charts for the career level into which they are being hired.
If a range of Career Levels is posted i.e. Senior Associate to Senior Specialist internal applicants already in one of the Career Levels would come across at their current Career Level. Internal applicants currently in a lower level Career Level would move to the lowest posted Career Level.
Requires a Q clearance; however all qualified candidates will be considered regardless of their current clearance status. The ability to obtain and maintain a Department of Energy Q clearance is required.
This position may require entry into the Material Access Areas (MAA) and participation in the Human Reliability Program (10 C.F.R. Part 712) which requires successful competition of a DOE counterintelligence evaluation and may include a counterintelligence-scope polygraph examination.
This position may be categorized as a designated position identified by 10 C.F.R. Part 709 requiring successful completion of a DOE counterintelligence evaluation that may include a counterintelligence-scope polygraph examination.
CNS is a drug-free workplace. Candidates accepting a job offer will be required to pass a pre-placement physical drug screening and background investigation. As an employee you may be required to receive and maintain a security clearance from the United States Department of Energy in order to meet eligibility requirements for access to sensitive information or matter. U.S. citizenship is a requirement for security clearance applicants. All employees are subject to being randomly selected for drug testing without advance notification.
CNS is an equal opportunity employer. All qualified applicants will receive consideration for employment based on merit and without regard to race color religion sex sexual orientation national origin protected veteran status or disability.
Required Experience:
Unclear Seniority
View more
View less
Job Location:
Monthly Salary:
Not Disclosed
Posted on:
19 hours ago
Vacancies:
1 Vacancy
