Information Assurance/Security Specialist-Expert (ISSO) - Tier 2

Complete and maintain all certification and accreditation documentation for system Authority to Operate (ATO) activities. Manage Plan of Actions and Milestones (POA&M) activities related to ATO.  Asset where possible in completing POA&M activities.  

• Ensure the effective implementation of DOE and NNSA cybersecurity policies and procedures for designated information systems, ensuring alignment with organizational security standards and best practices. 
• Lead the Assessment and Authorization (A&A) activities for designated systems, ensuring compliance with federal regulations and internal security requirements. Document security measures in security plans and oversee access control provisioning for system users. 
• Establish, maintain, and oversee configuration management of security documentation for assigned systems. Regularly review and update security artifacts to ensure they reflect current security configurations. 
• Identify, assess, and document threats and risks to designated systems. Conduct thorough risk assessments to understand vulnerabilities and recommend mitigation strategies to ensure system integrity. 
• Lead and conduct cybersecurity tests and assessments, providing actionable results to the Information System Security Manager (ISSM). Address vulnerabilities and provide guidance for remediation. 
• Evaluate the security impact of proposed changes to assigned information systems. Recommend and implement strategies for mitigating risks associated with significant security changes. 
• Identify cybersecurity training needs based on user roles and responsibilities. Develop and deliver training materials to ensure all users are equipped to operate within secure systems and adhere to security protocols. 
• Promptly respond to security incidents and breaches related to assigned systems. Accurately report findings and contribute to incident resolution, ensuring minimal impact on operations. 
• Develop and maintain security processes and procedures that support the ISSM’s Cybersecurity Program, ensuring comprehensive and up-to-date documentation and streamlined workflows for security operations. 
• Create, maintain, and regularly update disaster recovery and incident response plans for assigned systems. Participate in training and tabletop exercises to ensure readiness in case of security incidents. 
• Effectively communicate cybersecurity status, risks, and mitigation strategies to stakeholders, both formally and informally. Present information clearly in group and individual settings to ensure understanding across all levels of the organization. 

Key Candidate Traits: 

• In-depth knowledge of DOE and NNSA cybersecurity frameworks and guidelines. 
• Strong experience in conducting A&A activities, risk assessments, and vulnerability testing. 
• Expertise in configuration management, security documentation, and system access control. 
• Proven ability to lead incident response efforts and coordinate with various teams for rapid recovery. 
• Demonstrated skill in developing and delivering cybersecurity training and process improvements. 
• Strong communication and presentation skills, with the ability to explain complex security issues to both technical and non-technical stakeholders. 

Non-Negotiable Requirements:  

1. Top Secret with investigation current within the last 5 years  

2. On-site, no remote  

Technical Environment: Microsoft, Linux, Splunk, Ansible, Tenable, GEMS 

A notification to prospective applicants that reviews, and tests for the absence of any illegal drug as defined in 10 CFR 707.4, will be conducted by the employer and a background investigation by the Federal government may be required to obtain an access authorization prior to employment, and that subsequent reinvestigations may be required. If the position is covered by the Counterintelligence Evaluation Program regulations at 10 CFR part 709, the announcement should also alert applicants that successful completion of a counterintelligence evaluation may include a counterintelligence-scope polygraph examination.  

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law. In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.