Pacific Northwest National Laboratory Information Assurance Analyst in RICHLAND, Washington

Organization and Job ID

Job ID: 306498

Directorate: Communications & Information Technology

Division: Cyber Security

Group: Policy and Risk Management

Job Description

The Invitation

Come and work for a billion dollar international research institution. Our collaborative environment and commitment to work/life balance makes Pacific Northwest National Laboratory (PNNL) an ideal place to advance your career, challenge yourself, and make a difference in the world. We offer excellent benefits including pension, matching 401(k), tuition reimbursement plans, health insurance, and flexible work schedules.

About us

Our science and technology inspires and enables the world to live prosperously, safely and securely. Our discoveries not only change the way people think, they increase our nation's energy capacity and improve our national security efforts, making the world a safer and cleaner place.

About You:

Do you have a passion for leading information security assessments or penetration testing that drive improvements in our cyber defenses? What about developing and delivering innovative and engaging training to enhance staff awareness of cyber threats? If so, then you are the kind of candidate the Pacific Northwest National Laboratory (PNNL) is looking for. At PNNL, our science and technology inspires and enables the world to live prosperously, safely and securely. Simultaneous excellence is key to our success: we deliver excellence in science and technology, excellence in management and operations, and excellence as a trusted and valued member of the community.

The Position:

PNNL seeks an Information Systems Security Officer to join the Cyber Security Policy & Risk Management team in Richland, WA. This critical role is an early to mid-career level position on a growing team of experienced cyber security experts with a culture of collaboration, creativity, agility and professional delivery. This role is responsible for the delivery of IT services and processes related to maintaining effective information security policies and procedures, delivering actionable continuous monitoring performance metrics, and driving risk-informed prioritization of IT investments. The following are some key functions of the role:

- Author policies and procedures which ensure adequate information security controls are in place to protect organizational resources

- Plan, coordinate and/or lead information security audits, assessments, and penetration testing of IT resources

- Prepare and present risk analysis, assessment reports, training material, and other briefings to diverse audiences

- Develop and deliver tailored and timely information security training and awareness content

- Provide subject matter expertise on enterprise cyber security risks and emerging threats

- Partner with cyber security analysts, researchers, and other Lab staff to develop solutions which adequately protect resources while still enabling business success

Occasional weekend or evening “on-call” duties may be required to include rotational support schedules as well as infrequent, ad hoc emergency incident response coordination.

Envisioning success:

Success in this role means delivering results through strong technical skill, communications, and collaboration with a relentless focus on what’s best for our users. Success means continually holding oneself to the highest of professional and ethical standards and demanding the same of co-workers. Success is walking into PNNL every work day with a belief that you can positively impact the research and development efforts at a national laboratory. You know that your work makes a difference with our clients and users.

Minimum Qualifications

Bachelor's degree and 5-8 years' of relevant experience; Master's degree with 3-6 years' experience; or a PhD/JD with 0-3 years' experience.


Bachelor's degree and 9-13 years' of relevant experience; Master's degree with 7-11 years' experience; PhD/JD with 4-8 years' experience; or MD with 0-3 years' experience.

Job level will be determined by the candidate's unique experience and qualifications.

Preferred Qualifications

A Bachelor’s degree in Computer Science, Management Information Systems, Information Technology, or a related field.

In addition to the above, preferred candidates will have hands-on experience in large, multi-platform, networked environments conducting information security assessments, developing cyber risk intelligence, and/or creating and delivering associated training and awareness content. The candidate should be able to demonstrate experience in some of the following:

- Translating NIST or other information security guidance, standards, and best practices into actionable requirements

- Familiarity with the Committee on National Security Systems (CNSS) instructions

- Establishing and maturing information security risk management frameworks and Governance, Risk, and Compliance (GRC) systems

- Effectively participating in diverse, multi-disciplinary, project and operational teams

- Clearly communicating (written & verbal) technical information security and/or IT business-related information to senior management, peers, and customers

Certification in one or more of the following is recommended:

- ISC2 Certified Information Systems Security Professional (CISSP)

- ISACA Certified Information Security Manager (CISM)

- ISACA Certified in Risk and Information System Control (CRISC)

- ISC2 Certified Cloud Security Professional (CCSP)

- Any SANS Global Incident Analysis Center (GIAC) certifications

Equal Employment Opportunity

PNNL is an Equal Opportunity/Affirmative Action Employer that is committed to hiring a diverse, talented workforce. EOE Disability/Vet/M/F/Sexual Orientation/Gender Identity. Staff at PNNL must be able to demonstrate the legal right to work in the United States.

Other Information

This position requires the ability to obtain a federal security clearance in a timely manner. Which requires:

* U.S. Citizenship

* Background Investigation: Applicants selected will be subject to a Federal background investigation and must meet eligibility requirements for access to classified matter in accordance 10 CFR 710, Appendix B.

* Drug Testing: All Security Clearance (L or Q) positions will be considered by the Department of Energy to be Testing Designated Positions which means that they are subject to applicant, random, and for cause drug testing. In addition, applicants must be able to demonstrate non-use of illegal drugs, including marijuana, for the 12 consecutive months preceding completion of the requisite Questionnaire for National Security Positions (QNSP).

Note: Applicants will be considered ineligible for security clearance processing by the U.S. Department of Energy until non-use of illegal drugs, including marijuana, for 12 consecutive months can be demonstrated.

Directorate: Comm & Information Technology

Job Category: Computation and Information Sciences

Group: Cyber Security

Opening Date: 2017-04-11

Closing Date: 2017-06-10