Associate Computer Security Engineer - Common Controls/Cyber Security

Seeking a motivated entry-level Cyber Security Professional to support the implementation and maintenance of NIST Risk Management Framework (RMF) requirements and common control boundaries across our enterprise. This role is an excellent opportunity for early-career professionals who enjoy research, structured writing, and learning new

cybersecurity disciplines.

The successful candidate will work closely with experienced cybersecurity staff and receive mentorship in Department of Energy (DOE) to include National Nuclear Security Administration (NNSA) and Environmental Management (EM) cybersecurity policies,

standards, and governance processes.

• Under regular supervision, assists with the investigation, design, and development of software and/or hardware security.

• Support the security of SRS resources through designing/implementing/evaluating measures tied to the NIST Core Cyber.

• Framework: Identify, Detect, Respond and Recover.

• Safety is a primary responsibility in each job performed. Obtain safety training, obey safety rules. and make safety an integral part of each task. Take the necessary steps to stop work if continuing the job is unsafe or will create an unsafe condition.

• Under regular supervision, assists with the investigation, design, and development of software and/or hardware

security technologies for SRS.

• Work with vendors to develop technical solutions for site computer security needs.
• Maintain the integrity of computer workstations, servers, and networks by maintaining access controls and software lifecycle process as needed.
• Ensure data integrity and confidentiality through implementing the use of both encryption and data retention technologies.
• Increase technical abilities through specialized vendor training, manuals and technical journals, software seminars, informational meetings, and practical experience.
• Ensure that site/company policies and procedures are tied to customer requirements and our evaluated for effectiveness and proper implementation.

Education:

• Bachelor degree in an IT related discipline (e.g., Information Technology, Computer Technology. Software Engineering, Computer Science, Computer Engineering); or

• Non-related Bachelor degree with 2 years proven performance in related assignment(s); or

• Associate Degree in IT related discipline (e.g. Information Technology, Computer Technology, Software Engineering, Computer Science, Computer Engineering) with 2 years proven performance in related assignment(s); or

• Non-related Associate Degree with 4 years proven performance in related assignment(s).

• In lieu of degree, a high school diploma with at least 6 years of equivalent knowledge and experience is acceptable.

• Knowledge of computer and network digital systems used in business or process applications. Detailed knowledge in specific

operating systems is desirable.

Experience/Skills:

• Must be able to participate in group problem solving including communicating effectively with both technical and nontechnical personnel, respect the ideas of others and accept the judgment of the group.
• Must be familiar with available resource materials and be able to conduct timely research.
• Must have a sense of when to ask for help and be comfortable in accepting guidance from other more senior

technical personnel.

Area Security Access:

• Candidate must be able to obtain and maintain a DOE "Q" security clearance. An active DOE clearance is not initially required to perform assigned duties.

Additional Duties

• Assist in developing, documenting, and maintaining common control implementations and associated artifacts.

• Support activities related to the NIST RMF lifecycle, including categorization, control selection, implementation, assessment, authorization, and continuous monitoring.

• Conduct in-depth research on cybersecurity policies, NIST guidance, DOE/NNSA directives, and industry best practices.

• Prepare and update security documentation such as control implementation summaries, procedures, and system security artifacts.

• Collaborate with senior cybersecurity staff to ensure consistent application of cybersecurity requirements.

• Participate in internal assessments, gap analyses, and compliance reviews.

Additional Education

• Bachelor's degree in any field (degree does not need to be in cybersecurity although a degree related to Information Technology is desired).

Additional Qualifications

• Knowledge of basic cybersecurity protections, principles, or frameworks. (Required)

• Knowledge of basic computer and networking concepts, principles, and practices. (Required)

• Strong written communication and composition abilities. (Required)

• Demonstrated willingness to learn complex cybersecurity requirements and regulatory environments. (Required)

• Ability to work on-site with limited teleworking options. (Required)

• Strong research and analytical skills. (Required)

• Exposure to NIST SP 800-series guidance or the Risk Management Framework. (preferred)

• Experience supporting cyber security concepts such as categorization, control selection, implementation, assessment, authorization, and continuous monitoring (preferred)

• Familiarity with governance, compliance, or technical documentation. (preferred)