Share this Job

Cloud Cybersecurity Specialist

Date: Sep 13, 2021

Location: Oak Ridge, TN, US, 37830-8050

Company: Oak Ridge National Laboratory

Requisition Id 6545 

Oak Ridge National Laboratory seeks a Cloud Cybersecurity Specialist to join the Cyber Security Operations and Engineering Group to conduct advising and execution on security of the existing and proposed cloud architecture, assisting with documentation on risks and mitigations for cloud requests, and securely migrating systems in the cloud while maintaining the Authority to Operate (ATO) for cloud environments. Individual will be expected to work closely with ITSD groups and representatives from various directorates across the Laboratory, Auditors, Legal and Privacy Offices, researchers, and external collaborators. Candidates should be well versed in cloud governance as well as technical implementations of cloud products.


Primary Responsibilities:

  • Maintain, facilitate, and draft Authority to Operate packages for cloud operations
  • Manage and execute cloud security solutions across lifecycle: strategy, design, implementation, and operations
  • Identify and deliver appropriate controls based on industry standards (e.g. CCM, CMMC) to drive cloud and customer security solutions framework based on business risk and cloud native threats
  • Evaluate new threats in the cloud and operating environment to identify the impact on IT and Business to develop, and implement security controls
  • Identify and drive remediation of public and hybrid cloud risks
  • Ensure secure enterprise web solutions in Azure and other cloud environments
  • Review cloud security violation reports and investigating possible security exceptions
  • Design, implement, and deliver security for cloud native, distributed computing and architectural solutions with a principle of “Secure by Design”
  • Present status briefings to leadership, compile reports, and other peripheral tasks


Qualifications Required:

  • Bachelor Degree in Computer Science, IT, Cyber, or associated field and at least 5 years of experience in cloud security operations, application development, or cyber security, though a combination of education and experience may be considered for exceptional candidates
  • Knowledge and understanding of key differences between most popular cloud provider solutions and cloud orchestration tools such as Azure, AWS, GCP, Pivotal Cloud Foundry, BOSH, Kubernetes, Docker
  • Experience with structured Enterprise Architecture practices, hybrid cloud deployments, and on premise-to-cloud migration deployments
  • Proven ability to participate, lead and jointly deliver security evaluation reports on the major cloud providers (Azure, AWS, GCP), cloud native platforms (e.g. PCF, Docker, Kubernetes), and different cloud service models (IaaS, PaaS, SaaS, etc.)  
  • Experience establishing security requirements for cloud-based solutions by evaluating business strategies and requirements; researching cloud infrastructure security standards (ISO 27000 series, NIST CSF, CSA, etc.)
  • Ability to manage and execute cloud security solutions
  • Working knowledge of networking topology, TCP/IP protocol, network configuration and components (firewalls, routers, proxies, etc.)
  • Experience administering and deploying solutions to the major cloud providers
  • Detailed knowledge of authentication methods (LDAP, OAuth , PIV, RSA, etc.)
  • The ability to obtain or maintain a DOE Q or TS/SCI Clearance, which requires US Citizenship


Qualifications Preferred:

  • Master Degree in Computer Science, IT, Cyber or associated field
  • Cloud specific certifications
  • Understanding of Identity Access Management (IAM) technology and solutions
  • Understanding with DevSecOps pipelines, CI/CD concepts, and Infrastructure as Code (IaC) (e.g. Terraform, Ansible)
  • Proficiency in languages (e.g. Python, JSON, Ruby, C#, Powershell, YAML)
  • Understanding of security vulnerabilities, attacks, and ability to mitigate within the major cloud providers
  • Working knowledge of the major cloud providers security services and features of services to provide a secure production environment
  • Experience with privacy or healthcare data
  • An active DOE Q or TS/SCI Clearance, which requires US Citizenship


This position will remain open for a minimum of 5 days after which it will close when a qualified candidate is identified and/or hired.

We accept Word (.doc, .docx), Adobe (unsecured .pdf), Rich Text Format (.rtf), and HTML (.htm, .html) up to 5MB in size. Resumes from third party vendors will not be accepted; these resumes will be deleted and the candidates submitted will not be considered for employment.

If you have trouble applying for a position, please email

ORNL is an equal opportunity employer. All qualified applicants, including individuals with disabilities and protected veterans, are encouraged to apply.  UT-Battelle is an E-Verify employer.