Information Systems Security Officer – Cybersecurity Research Team
Source: beBee S2
Information Systems Security Officer - Cybersecurity Research Team
CO - Golden
**Hours Per Week**
The National Renewable Energy Laboratory (NREL), located at the foothills of the Rocky Mountains in Golden, Colorado is the nation's primary laboratory for research and development of renewable energy and energy efficiency technologies.
At NREL, we focus on innovative solutions to today's energy challenges. From breakthroughs in fundamental science, to new clean technologies, to integrated energy systems that power our lives, NREL is transforming the way our nation and the world secures our energy future. NREL's cybersecurity research team performs cutting edge research on future energy systems. Studies include developing diverse cyber ranges where hardware devices interact with virtualized systems, developing novel cybersecurity solutions, and establishing new standards to protect and assure distributed energy resources.
The Information Systems Security Officer - Cybersecurity Research Team will embed with NREL's cybersecurity researchers, coordinating and implementing security as well as supporting the organization in establishing guiding documents such as system security plans (SSP). The successful candidate will excel at assessing the risk of a research effort or infrastructure, based on likelihood of threat and impact of a security breach to ensure that applications and infrastructure are designed and implemented to the highest security standards. The Information Systems Security Officer must be able to analyze, design, and recommend plans to test the effectiveness of a security implementation and be able to evaluate NREL's security posture. The Information Systems Security Officer must possess strong leadership and project management skills. Strong communication skills are a must. This position is located on NREL's Golden, CO campus.
Relevant Bachelor's Degree and 9 or more years of experience or equivalent relevant education/experience. Or, relevant Master's Degree and 7 or more years of experience or equivalent relevant education/experience. Or, relevant PhD and 4 or more years of experience or equivalent relevant education/experience. Applies extensive IS expertise in specific field and has full knowledge of related disciplines. Evaluates new hardware, software, systems tools and applications and makes procurement recommendations.
**Additional Required Qualifications**
+ Provides high-level support policy and program assistance to the Cybersecurity Research Group within NREL's Energy Security and Resilience Center, along with collaborative engagement with NREL's Information Systems Security Team, for security policy, compliance efforts, and strategic initiatives.
+ Works with researchers and customers to implement system security measures, develops and documents information system security plans for NREL's infrastructure and cloud environments and provides technical guidance and training
+ Provides risk-based reviews of system baseline exceptions and network access requests.
+ Monitors and performs regular audits on internal systems to ensure that appropriate access levels are maintained and manages the review of security audits, vulnerability testing and security reviews
+ Mentors team members and peers in the areas of information security and privacy and serves as an investigator during applicable forensic investigations
+ Assists in coordinating security responses, processes, and procedures by working with cross-functional teams and working with both technical and non-technical audiences on guidance and feedback in addressing issues pertaining to data protection and security policy.
+ Aids in the design of NREL's Risk Management Framework including Continuous Monitoring, Contractor Assurance System, ATO recertification, site/system security plans, and FISMA accreditation.
+ Champions security standards, procedures and working guidelines.
+ Excellent leadership and project management skills. Skilled in analytical techniques, practices and problem solving. Extensive programming and architecture abilities with various computer software programs and information systems.
**_Desired requirements and qualifications_**
+ Bachelor's degree with three years of experience in cyber security, security programs or compliance assurance **OR** Five years of experience in cyber security, security programs or compliance assurance in lieu of a degree
+ Applicable security certifications (CISSP, CISA, etc)
+ Strong technical background in multiple disciplines, including experience in/with:
+ Security assessment methodology
+ Web servers and system administration
+ Security monitoring
+ Network architecture and troubleshooting
+ Demonstrated skills in critical thinking and problem solving
+ Strong QA/testing (scripting/execution/documentation) skills
+ Excellent communication skills, including listening; being able to provide both oral and written presentations on changes as well as appropriate documentation
+ Ability to form effective teams with internal and external collaborators.
+ Proven problem-solving and negotiation skills.
+ Demonstrated skill in dealing with legal and ethical issues and practices.
+ Ability to collaborate with individuals at all levels of the organization.
+ Strong technical background and experience in a high-pressure, fast-paced environment.
+ Applies extensive IS expertise in specific field and has full knowledge of related disciplines. Evaluates new hardware, software, systems tools and applications and makes procurement recommendations. Excellent leadership and project management skills. Skilled in analytical techniques, practices and problem solving. Extensive programming and architecture abilities with various computer software programs and information systems
+ Demonstrated experience implementing Zero Trust in an operational setting is a major plus
+ Demonstrated experience defining, implementing, operating, and monitoring role-based access control practices in segmented networks and/or cloud settings is a major plus
+ Demonstrated experience with Zero Trust Architecture practices and approaches
+ Experience should include 3 or more years in an Information Technology role working in security testing.
+ Previous experience in a DOE or National Laboratory environment, including the understanding and implementation of NIST, FIPS, and DOE security controls, guidelines, and standards.
+ Knowledge of network related protocols and security event log management and reporting tools.
+ Incident response, forensics and malware analysis experience is a plus.
+ Experience with deployment and administration of networks, software defined networks, and/or cloud and virtualized machines is a major plus.
+ Experience developing software in multiple languages and environments is a plus.
+ Clearance: Must be able to obtain and maintain a DOE (L or Q) security clearance and SCI access. SCI access may require a polygraph examination. _To obtain a clearance, an individual must be at least 18 years of age; U.S. citizenship is required except in very limited circumstances. See_ _DOE Order 472.2_ _for additional information._
**Annual Salary Range (based on full-time 40 hours per week)**
Annual Salary Range: $88,800 - $159,700
Offers will typically be made in the bottom half of the listed range. NREL takes into consideration a candidate's education, training, and experience, as well as the position's work location, expected quality and quantity of work, required travel (if any), external market and internal value, including seniority and merit systems, and internal pay alignment when determining the salary level for potential new employees. In compliance with the Colorado Equal Pay for Equal Work Act, a potential new employee's salary history will not be used in compensation decisions.
Benefits include medical, dental, and vision insurance; short*- and long-term disability insurance; pension benefits*; 403(b) Employee Savings Plan with employer match*; life and accidental death and dismemberment (AD&D) insurance; personal time off (PTO) and sick leave; paid holidays; and tuition reimbursement*. NREL employees may be eligible for, but are not guaranteed, performance-, merit-, and achievement- based awards that include a monetary component. Some positions may be eligible for relocation expense reimbursement. Limited-term positions are not eligible for long-term disability or tuition reimbursement.
***** Based on eligibility rules
Please note that in order to be considered an applicant for any position at NREL you must submit an application form for each position for which you believe you are qualified. Applications are not kept on file for future positions. Please include a cover letter and resume with each position application.
NREL is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard basis of age (40 and over), color, disability, gender identity, genetic information, marital status, military or veteran status, national origin/ancestry, race, religion, creed, sex (including pregnancy, childbirth, breastfeeding), sexual orientation, and any other applicable status protected by federal, state, or local laws.
EEO is the Law (http://www.dol.gov/ofccp/regs/compliance/posters/ofccpost.htm) | Pay Transparency Nondiscrimination (https://www.dol.gov/ofccp/pdf/pay-transp\_English\_unformattedESQA508c.pdf) | **Reasonable Accommodations (http://www.nrel.gov/careers/employment-policies.html)**
**E** **-Verify** **www.dhs.gov/E-Verify** **|For information about right to work, click here (http://www.justice.gov/sites/default/files/crt/legacy/2013/08/13/FinalOS...\_01\_2013.pdf) for English or here (http://www.justice.gov/crt/file/813271/download) for Spanish.**
E-Verify is a registered trademark of the U.S. Department of Homeland Security. This business uses E-Verify in its hiring practices to achieve a lawful workforce.
The National Renewable Energy Laboratory (NREL) is a leader in the U.S. Department of Energy's effort to secure an environmentally and economically sustainable energy future. With locations in Golden and Boulder, Colorado, and a satellite office in Washington, D.C., NREL is the primary laboratory for research, development, and deployment of renewable energy technologies in the United States.
NREL is subject to Department of Energy (DOE) access restrictions. All candidates must be authorized to access the facility per DOE rules and guidance within a reasonable time frame for the specified position in order to be considered for an interview. DOE rules for site access during the interview process are the same regardless of whether the candidate is interviewed on-site, off-site, or via telephone or videoconference. Additionally, DOE contractor employees are prohibited from participating in certain Foreign Government Talent Recruitment Programs (FGTRPs). If a candidate is currently participating in an FGTRP, they will be required to disclose their participation after receiving an offer of employment and may be required to disengage from participation in the FGTRP prior to commencing employment. Any offer of employment is conditional on the ability to obtain work authorization and to be granted access to NREL by the Department of Energy (DOE). We understand that COVID-19 may have caused delays or closures at offices, consulates, and embassies. However, NREL cannot make exceptions to work authorization and access requirements, and exceptions to these requirements are not being made for COVID-19 related delays.
Please review the information on our Hiring Process (https://www.nrel.gov/careers/hiring-process.html) website before you create an account and apply for a job. We also hope you will learn more about NREL (https://www.nrel.gov/about/) , visit our Careers site (https://www.nrel.gov/careers/) , and continue to search for job opportunities (https://nrel.wd5.myworkdayjobs.com/NREL) at the lab.
2 days ago
National Renewable Energy Laboratory
**Posting Title** Information Systems Security Officer - Cybersecurity Research Team . **Location** CO - Golden . **Position Type** Regular .
National Renewable Energy Laboratory - Golden, Colorado - beBee S2
Minimum Clearance Required to Start: Top Secret SCI w/PolygraphJob Description: Parsons is seeking a qualified candidate to provide leading Information System Security Engineering (ISSE) services t
Parsons - Aurora, Co - beBee S2
EDUCATION AND RELATED WORK EXPERIENCE Bachelor''''s degree in cybersecurity, computer science, systems administration, information systems, or related area. Four (4) additional years of similar and re
Elegant Enterprise Wide Solutions - Thornton, Co - beBee S2
Are you ready to open a world of opportunity in talent mobility? Our clients include some of the largest and most recognized brands in the world. They're innovators and leaders in their industries, ma
Graebel Companies - Aurora, Co - beBee S2