Pacific Northwest National Laboratory Cyber Security Analyst - Remote OK in RICHLAND, Washington
Organization and Job ID
Job ID: 312172
Directorate: Communications & Technology
Division: Cyber Security
Group: Cyber Security Risk & Goveranance
The Cyber Security Division at Pacific Northwest National Laboratory (PNNL) is looking for a senior cybersecurity practitioner with strong governance, risk management and compliance (GRC) acumen in both the public and private sector domains, at both the organizational as well as the governmental level. Our ideal candidate brings diverse experiences in multiple cyber security domains and thrives on innovative approaches to hard problems in cyber security. As a member of the Risk & Governance team, your skills will advance our program in the areas of cyber risk management, governance and compliance management. The Cyber Risk & Governance team manages the cyber security program for the laboratory as well as leverages their expertise to engage with PNNL’s sponsors and their missions. Key areas of job scope, responsibility and skill include:
Recognized for unique knowledge as a technical expert in the cyber security GRC domains and the application of that knowledge at the organizational or program level
Continually monitors against authorized security control requirements and reports system risks and application configurations or vulnerabilities.
Conducts system, network, or software vulnerability audits, assessments and penetration testing in accordance with established processes and procedures.
Conducts information system risk assessments and supports compliance documentation and system accreditation requirements.
The hiring level will be determined based on the education, experience and skill set of the successful candidate based on the following criteria and performance level indicators:
Established local reputation with specialization in at least one cyber domain area such as risk management, compliance and governance
Independently completes and leads small projects and efforts and/or generates automated or strategic analytics in support of mission needs; Leads development of technical products in cyber security domain areas
Broad understanding of analytic techniques, methods, structures, and workflows in the problem space and implements best practices. Knowledge of analysis structured techniques and methods as it applies to cyber domain and governance, risk management and compliance
Participates in cyber security field professional activities and/or external collaborations. May participate in external technical working groups and assist in organizing workshops
Building effective project teams with membership across a group, cyber analysis domain and/or directorate; Influences project and program strategies and directions
Generates new ideas for proposals and/or business development opportunities while leading development of technical section of small to medium proposals or project plans
Level 4 (in addition to Level 3 criteria):
Recognized for unique knowledge as a technical expert in at least one cyber security domain and the ability to connect multiple domains
Demonstrates analytic techniques, methods, structures, and workflows as applied to cyber domain
Leads technical vision and is a key contributor to analytic innovations, workflow improvements, white papers, proposals, presentations; Leads teams to develop technical products for cyber security
Interacts with stakeholders and sponsors to ensure technical analyses and generated products are appropriately aligned with mission needs. Prepares and presents reports and briefings that address policy-related challenges and make recommendations with regard to policy options for risk mitigation.
Principal investigator/Lead or co-PI on multiple or significantly complex, and/or high-risk projects or tasks and/or involving multiple tasks, capabilities, and organizations
- BS/BA with 5 years of experience; MS/MA with 3 years of experience; PhD with 1 year of experience
BS/BA with 7 years of experience; MS/MA with 5 years of experience; PhD with 3 years of experience.Relevant experience is defined as:
Demonstrated engineering, analytical, and domain skills in the field of cyber security
Advanced level knowledge in computer science, cyber security, and knowledge of programming languages
Demonstrated job experience in governance, risk management and compliance activities such as system accreditation, security controls assessments, compliance reporting, policy development and formulation, etc.
Must have demonstrated interpersonal skills and the ability to interface with sponsor clients and laboratory scientific and operational staff as well as senior management
Experience as an information systems security officer or manager (ISSO/ISSM) in both classified and unclassified programs
Experience in multiple cyber security domains such as security and risk management, identity and access management, security engineering, business continuity/resilience, compliance, cryptography, application/software security, security operations, etc.
Experience in development and implementation of cyber security standards and best practices for IT, OT and critical infrastructure sectors such as the energy sector
Experience in cyber security policy development at the organizational, governmental and international levels
Equal Employment Opportunity
Battelle Memorial Institute (BMI) at Pacific Northwest National Laboratory (PNNL) is an Affirmative Action/Equal Opportunity Employer and supports diversity in the workplace. All employment decisions are made without regard to race, color, religion, sex, national origin, age, disability, veteran status, marital or family status, sexual orientation, gender identity, or genetic information. All BMI staff must be able to demonstrate the legal right to work in the United States. BMI is an E-Verify employer. Learn more at jobs.pnnl.gov.
If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via https://jobs.pnnl.gov/help.stm
Please be aware that the Department of Energy (DOE) prohibits DOE employees and contractors from having any affiliation with the foreign government of a country DOE has identified as a “country of risk” without explicit approval by DOE and Battelle. If you are offered a position at PNNL and currently have any affiliation with the government of one of these countries you will be required to disclose this information and recuse yourself of that affiliation or receive approval from DOE and Battelle prior to your first day of employment.
This position requires the ability to obtain and maintain a federal security clearance.
Background Investigation: Applicants selected will be subject to a Federal background investigation and must meet eligibility requirements for access to classified matter in accordance 10 CFR 710, Appendix B.
Drug Testing: All Security Clearance (L or Q) positions will be considered by the Department of Energy to be Testing Designated Positions which means that they are subject to applicant, random, and for cause drug testing. In addition, applicants must be able to demonstrate non-use of illegal drugs, including marijuana, for the 12 consecutive months preceding completion of the requisite Questionnaire for National Security Positions (QNSP).
Note: Applicants will be considered ineligible for security clearance processing by the U.S. Department of Energy until non-use of illegal drugs, including marijuana, for 12 consecutive months can be demonstrated.
- Full Remote/Telework options are available for this position
Directorate: Comm & Information Technology
Job Category: Safeguards and Security
Group: Cyber Security
Opening Date: 2021-06-01
Closing Date: 2021-08-30