Information Systems Security Officer

Date: Apr 23, 2024

Location: Oak Ridge, TN, US, 37830

Company: Oak Ridge National Laboratory

Requisition Id 12743 

Overview:  

As a U.S. Department of Energy (DOE) Office of Science national laboratory, Oak Ridge National Laboratory (ORNL) has an extraordinary 80-year history of solving the nation’s biggest problems. We have a dedicated and creative staff of over 6,000 people! Our vision for diversity, equity, inclusion, and accessibility (DEIA) is to cultivate an environment and practices that foster diversity in ideas and in the people across the organization, as well as to ensure ORNL is recognized as a workplace of choice. These elements are critical for enabling the execution of ORNL’s broader mission to accelerate scientific discoveries and their translation into energy, environment, and security solutions for the nation.

 

We are currently seeking qualified applicants with Information Systems Security Officer (ISSO) experience to support Secure Operations for classified operations in the areas of Classified Intelligence Information Technology (IT)/Information Assurance (IA), Classified R&D Computing, and physical and personnel security in the Field Intelligence Operations Division (FIOD).  Under the DOE, Office of Intelligence and Counterintelligence (IN) authorities, the FIE serves as the ORNL focal point for all intelligence community matters and supports national security science by providing secure IT, communications, facilities, and analysis.

 

Purpose:

The NSSD conducts research and development to solve some of the nation's most difficult and complex security challenges and adversaries. The directorate houses S&T leadership in cybersecurity and cyber-physical resiliency, data analytics, geospatial science and technology, nuclear nonproliferation, and high-performance computing for sensitive national security missions. NSSD draws on the Laboratory's exceptional facilities and works closely with leading researchers in other areas at the lab, such as nuclear and chemical sciences and engineering, applied materials, advanced manufacturing, biosecurity, transportation, and computing. Our multi-disciplinary research teams are passionate about discovery and innovation as we create science-based solutions to complex security threats that put public safety, national defense, energy infrastructure, and our economy at risk.   

 

Major Duties/Responsibilities: 

The ISSO is a primary collaborator and facilitator of the continuous monitoring efforts that promote Risk Management Framework (RMF) compliance throughout the organization.

 

The ISSO provides clear direction and assists programmatic IT and infrastructure support personnel with the application of security patches and secure configurations commensurate with Security Technical Implementation Guides (STIGs).

  • Coordinate and ensure adherence to DOE IN security policies and procedures, as outlined in relevant System Security Plans (SSPs), for system operation, maintenance, and disposal.
  • Perform routine self-inspection reviews of the information systems.
  • Investigate computer security incidents and ensure accurate measures are taken post-discovery of the incident/event.
  • Lead and deploy the information security continuous monitoring requirements relevant to the system.
  • Ensure the compliance of security settings within operating systems and applications integrated into the classified information systems.
  • Establish and implement procedures for granting access to classified information systems, conduct annual evaluations of user accounts, and provide guidance and support to the ISSM in implementing and enforcing cyber security policies at multiple facilities.
  • Create, review, and maintain SSPs for system certification and accreditation in the Xacta application.Manage plans and timelines for the accreditation of information systems and conduct regular reviews to ensure compliance with SSPs.
  • Implement and monitor system recovery processes to ensure that system data, security features, and procedures are properly restored. Create and test contingency plans to meet recovery time objectives.
  • Provide leadership and support for annual self-inspections, system certification testing, periodic security testing, and functional testing on systems/networks.
  • Continuously update and enhance document standard processes and local security procedures, train users on these procedures, and consistently apply appropriate ESH&Q standards.
  • Maintain a strong dedication to the implementation and perpetuation of values and ethics. 
  • Ensure configuration management procedures for security-relevant software, hardware, and firmware are maintained and documented. Perform as required on change control review boards and evaluate vulnerabilities to classified systems under configuration management. 

 

All team members deliver ORNL’s mission by aligning behaviors, priorities, and interactions with our core values of Impact, Integrity, Teamwork, Safety, and Service. Promote diversity, equity, inclusion, and accessibility by fostering a respectful workplace – in how we treat one another, work together, and measure success.

 

Basic Qualifications:

  • Bachelor's degree in information technology or technical equivalent and five (5) years of cyber security experience in the certification and accreditation (C&A) process and other cyber security operations. An equivalent combination of skills and experience may be considered.
  • Experience developing, testing, and collecting artifacts for RMF packages and Body of Evidence (BoE) packages for multiple systems.
  • Experience with authorized data transfers across multiple systems and different classifications.

 

Preferred Qualifications:

  • Working knowledge of:
    • Risk Management Framework (RMF) process & requirements.
    • NIST and CNSSI requirements
    • Intelligence Community Directive 503 (ICD-503)
  • Excellent written and oral communication skills. 
  • Must be organized, self-motivated, and be able to work with minimal guidance. 
  • Excellent written and verbal communication skills with an ability to interface with numerous cognizant security agencies, customers, and senior managers.
  • Current TS clearance with SCI eligibility
  • Relevant ISSO / ISSE experience within the DoD or Intelligence Community.
  • Working knowledge of:
    • JWICS Cybersecurity Inspection Program (JCIP)
  • Knowledge of the Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) and configuration standards.
  • Knowledge of Industry Standard tools for audit reduction, vulnerability scanning, and malware analysis is preferred. Relevant tools include but are not limited to: Splunk, Tenable Nessus, Host Based Security System (HBSS) components, Security Content Automation Protocol (SCAP) Checker, and STIG viewer.
  • Experience with Security Directives, Policies, Publications, and Regulations.

 

Special Requirements:

Visa sponsorship is not available for this position.

 

Q clearance with SCI: 

This position requires the ability to obtain and maintain a Secret Compartmented Information (SCI) clearance from the Department of Energy. As such, this position is a Workplace Substance Abuse (WSAP) testing designated position. WSAP positions require passing a pre-placement drug test and participation in an ongoing random drug testing program.  In addition, due the SCI, you may also be subject to random polygraph testing.  

 

Benefits at ORNL:  

ORNL offers competitive pay and benefits programs to attract and retain talented people. The laboratory offers many employee benefits, including medical and retirement plans and flexible work hours, to help you and your family live happy and healthy. Employee amenities such as on-site fitness, banking, and cafeteria facilities are also provided for convenience. Other benefits include the following: Prescription Drug Plan, Dental Plan, Vision Plan, 401(k) Retirement Plan, Contributory Pension Plan, Life Insurance, Disability Benefits, Generous Vacation and Holidays, Parental Leave, Legal Insurance with Identity Theft Protection, Employee Assistance Plan, Flexible Spending Accounts, Health Savings Accounts, Wellness Programs, Educational Assistance, Relocation Assistance, and Employee Discounts.

If you have difficulty using the online application system or need an accommodation to apply due to a disability, please email: ORNLRecruiting@ornl.gov or call 1.866.963.9545.

 

  #LI-DC1 

 

 

 

This position will remain open for a minimum of 5 days after which it will close when a qualified candidate is identified and/or hired.

We accept Word (.doc, .docx), Adobe (unsecured .pdf), Rich Text Format (.rtf), and HTML (.htm, .html) up to 5MB in size. Resumes from third party vendors will not be accepted; these resumes will be deleted and the candidates submitted will not be considered for employment.


If you have trouble applying for a position, please email ORNLRecruiting@ornl.gov.


ORNL is an equal opportunity employer. All qualified applicants, including individuals with disabilities and protected veterans, are encouraged to apply.  UT-Battelle is an E-Verify employer.


Nearest Major Market: Knoxville