Information Systems Security Officer

Requisition Id 13888 

Overview:  

As a U.S. Department of Energy (DOE) Office of Science national laboratory, ORNL has an extraordinary 80-year history of solving the nation’s biggest problems. We have a dedicated and creative staff of over 6,000 people! Our vision for diversity, equity, inclusion, and accessibility (DEIA) is to cultivate an environment and practices that foster diversity in ideas and in the people across the organization, as well as to ensure ORNL is recognized as a workplace of choice. These elements are critical for enabling the execution of ORNL’s broader mission to accelerate scientific discoveries and their translation into energy, environment, and security solutions for the nation.

We are currently seeking qualified applicants with Information Systems Security Officer (ISSO) experience to support Secure Operations for classified operations in the areas of Classified Intelligence Information Technology (IT)/Information Assurance (IA), Classified R&D Computing, and physical and personnel security in the Field Intelligence Operations Division (FIOD).  Under the DOE Office of Intelligence and Counterintelligence (IN) authorities, the FIE serves as the ORNL focal point for all intelligence community matters and supports national security science by providing secure IT, communications, facilities, and analysis.

Purpose:

Assist the Information Systems Security Manager (ISSM) in the certification and accreditation (C&A) of systems/networks and implementation of cyber security requirements and procedures across the National Security Sciences Directorate (NSSD) at ORNL. The NSSD conducts research and development to solve some of the nation's most difficult security challenges and adversaries.  We house S&T leadership in cybersecurity and cyber-physical resiliency, data analytics, geospatial science and technology, nuclear nonproliferation, and high-performance computing for sensitive national security missions. NSSD draws on the Laboratory's exceptional facilities and work closely with leading researchers in other areas at the lab such as nuclear and chemical sciences and engineering, applied materials, advanced manufacturing, biosecurity, transportation, and computing.  Our multi-disciplinary research teams are passionate about discovery and innovation as we create science-based solutions to complex security threats that put public safety, national defense, energy infrastructure, and our economy at risk. 

Major Duties/Responsibilities: 

• Provide day-to-day support for Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities.
• Coordinate and ensure adherence to DOE security policies and procedures, as outlined in relevant System Security Plans (SSPs), for the operation, maintenance, and disposal of systems.
• Perform routine self-inspection reviews of the information systems.
• Perform comprehensive investigations of computer security incidents and ensuring proper measures are taken post discovery of the incident / event.
• Manage and implement the information security continuous monitoring requirements relevant to the system.
• Oversee the compliance of security settings within operating systems and applications integrated in the classified information systems under the candidate's purview.
• Establish and implement procedures for granting access to classified information systems, conduct annual evaluations of user accounts, and provide guidance and support to the ISSM in implementing and enforcing cyber security policies at multiple facilities.
• Create, review, and maintain SSPs for system certification and accreditation in the Xacta application, managing plans and timelines for the accreditation of information systems, and conducting regular reviews to ensure compliance with SSPs.
• Implement and monitor system recovery processes to ensure that system data, security features, and procedures are properly restored and for creating and testing contingency plans to meet recovery time objectives.
• Provide leadership and support for annual self-inspections, system certification testing, periodic security testing, and functional testing on systems/networks.
• Regularly review and analyze information system audit records, perform approved Authorized Data Transfers between systems of different classifications, and follow established procedures for media management.
• Continuously update and enhance document best practices and local security procedures, train users on these procedures, and consistently apply appropriate ES&H standards.
• Maintain a strong commitment to the implementation and perpetuation of values and ethics. 
• All team members deliver ORNL’s mission by aligning behaviors, priorities, and interactions with our core values of Impact, Integrity, Teamwork, Safety, and Service. Promote diversity, equity, inclusion, and accessibility by fostering a respectful workplace – in how we treat one another, work together, and measure success.

Basic Qualifications:

• BS in information technology or technical equivalent and eight (8) years of relevant experience.
• Experience in cyber security and the C&A process.
• Experience supporting SAP / SCI environments.
• Security + or equivalent DoD Directive 8570 / 8140 Information Assurance Management Level I - III certification.
• Experience developing, testing, and collecting artifacts for RMF packages and BoEs of multiple systems.
• Experience in authorized data transfers across multiple systems and different classifications.

Preferred Qualifications:

• Working knowledge of:"
  • Risk Management Framework (RMF) process & requirements.
  • NIST and CNSSI requirements
  • Intelligence Community Directive 503 (ICD-503)
  • Joint Special Access Program (SAP) Implementation Guide (JSIG)
• Demonstrated organizational skills. 
• Must be organized, self-motivated, and be able to work with minimal guidance. 
• Excellent written and verbal communication skills with an ability to work with numerous cognizant security agencies, customers, and senior managers.
• Current TS clearance with SCI eligibility
• Eligibility for access to SAP Information
• Relevant ISSO / ISSE experience within the DoD or Intelligence Community.
• Working knowledge of:"
  • DCSA Assessment and Authorization Process Manual (DAAPM)
  • National Industrial Security Program Operating Manual (NISPOM Chapter 8)
• Knowledge of the Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) and configuration standards.
• Working knowledge of Industry Standard tools for purposes of audit reduction, vulnerability scanning, and malware analysis is preferred. Relevant tools include but are not limited to: Splunk, Tenable Nessus, Host Based Security System (HBSS) components, Security Content Automation Protocol (SCAP) Checker, and STIG viewer.
• Experience with Security Directives, Policies, Publications, and Regulations.

Special Requirements:

• Visa sponsorship is not available for this position.
• This position requires the ability to obtain and maintain a Secret Compartmented Information (SCI) clearance from the Department of Energy. As such, this position is a Workplace Substance Abuse (WSAP) testing designated position. WSAP positions require passing a pre-placement drug test and participation in an ongoing random drug testing program.  In addition, due the SCI, you may also be subject to random polygraph testing. 

Benefits at ORNL: 

ORNL offers competitive pay and benefits programs to attract and retain dedicated people! The laboratory offers many employee benefits, including medical and retirement plans and flexible work hours, to help you and your family live happy and healthy. Employee amenities such as on-site fitness, banking, and cafeteria facilities are also provided for convenience.

Other benefits include the following: Prescription Drug Plan, Dental Plan, Vision Plan, 401(k) Retirement Plan, Contributory Pension Plan, Life Insurance, Disability Benefits, Generous Vacation and Holidays, Parental Leave, Legal Insurance with Identity Theft Protection, Employee Assistance Plan, Flexible Spending Accounts, Health Savings Accounts, Wellness Programs, Educational Assistance, Relocation Assistance, and Employee Discounts.

If you have difficulty using the online application system or need an accommodation to apply due to a disability, please email: ORNLRecruiting@ornl.gov

#LI-ES1

This position will remain open for a minimum of 5 days after which it will close when a qualified candidate is identified and/or hired.

We accept Word (.doc, .docx), Adobe (unsecured .pdf), Rich Text Format (.rtf), and HTML (.htm, .html) up to 5MB in size. Resumes from third party vendors will not be accepted; these resumes will be deleted and the candidates submitted will not be considered for employment.

If you have trouble applying for a position, please email ORNLRecruiting@ornl.gov.

ORNL is an equal opportunity employer. All qualified applicants, including individuals with disabilities and protected veterans, are encouraged to apply.  UT-Battelle is an E-Verify employer.