Information Systems Security Officer

We are seeking a talented Information Systems Security Officer (ISSO) to join the Field Intelligence Element (FIE). The FIE enables Argonne National Laboratory to provide products and services to DOE’s Office of Intelligence and Counterintelligence (DOE-IN), the Intelligence Community (IC) and non-IC Federal agencies. Primary roles and responsibilities for the FIE include the management and operation of secure facilities and their associated telecommunications infrastructure for the creation, storage, protection and exchange of classified information, as well as, administration of the Strategic Intelligence Partnership Program (SIPP).

The ISSO’s primary function is to provide support for the Information Assurance (IA) program. The role requires the ability to support and maintain the operational security posture by; proposing, coordinating, implementing, and enforcing information systems security standard operating procedures (SOP’s) provided by the guidance from DOE-IN. The ISSO role is critical to the IA program’s continuous monitoring strategy because it requires the ISSO to have the ability to provide; assistance with the management of the security aspect of the information system, perform day-to-day security operations for the system, evaluate required security controls to ensure they are met, perform vulnerability assessments and report findings, perform system audits to identify auditable events, research new hardware and software for the systems to manage changes and assess the security impact of the changes, capture and track incidents for incident response activities. Additionally, the ISSO prepares and reviews documentation for the System Security Plans (SSPs) for submission to receive the Authorization to Operate (ATO). Experience with researching, planning, implementing, assessing, and monitoring security controls in a classified environment is required due to the diverse set of technology that’s supported within our infrastructure. This role requires a blend of technical knowledge and risk management expertise to effectively support, implement and enforce the Federal required guidance for the posture of our Information System Security, Information Assurance Program.  
 

Primary Responsibilities:

• Ensure that the appropriate operational security posture is maintained for the information systems

• Ensure systems are operated, maintained, and decommissioned in accordance with the security policies and procedures as outlined in the security authorization plan.

• Develop and maintain system security plans.

• Support the integration/testing, operations, and maintenance of systems security.

• Configure automated vulnerability and compliance scans and analyze the results.

• Evaluation of the assigned information systems’ security control compliance with the federal requirements and monitoring strategy. Establishing audit trails, ensuring their review, and making them available while retaining audit logs in accordance of DOE and component policies Determine security requirement gaps and provide recommendations or mitigations for addressing the gaps.

• Work closely with the Information System Security Manager (ISSM) and the Information Technology Systems Administrators to implement and test to the NIST 800-series requirements and guidelines.

• Ensuring information system security requirement are addressed during all phases of information systems lifecycle. Serve as a member of the Configuration Control Board (CCB) to ensure configuration management for Cybersecurity-relevant software, hardware, and firmware is maintained, researched and documented.

• Performing annual assessments to ensure compliance with the policies and standards.

• Provides system operation support, administers hardware and software inventory. Analyze collected information to identify vulnerabilities and potential for exploitation and effectively present the results and guidance derived from scans to the ISSM or other leadership, as required.  

• Effectively communicate orally and in writing to track and detail the demands, efforts, and shortcomings in meeting the federal requirements for our information systems monitoring strategy.

• Develops, updates, and maintains internal Standard Operating Procedures for all internal assigned functions.

Position Requirements

Required Knowledge, Skills and Experience:

• Bachelor’s degree in Management Information Systems, Information Assurance, Computer Information Systems, Computer Science, Cyber Security or related field of study.

• At least 2yrs of experience working in a US Government or government contractor Cyber Security Program.

• At least 2yrs of experience working with Risk Management Frameworks (RMF).

• At least 2yrs of experience with Continuous Monitoring tools (i.e., Splunk, Nessus, EMASS or XACTA).

• At least 2yrs of experience with supporting systems through the continuous monitoring process.

• At least 2yrs of experience with interpreting, implementing, and testing NIST 800-53 Controls.

• At least 3yrs experience in supporting some facet of Information Technology (i.e., helpdesk, desktop, networking support etc.).

• Proficient time management and task prioritization skills.

• Ability to learn and understand new technology.

• Ability to be detailed-oriented and analytical.

• Ability to be a self-starter who’s able to execute job responsibilities under limited supervision.

• Work within a team environment to provide technically sound guidance order to adhere to the cybersecurity industry best practices and the client’s monitoring strategy.

• Ability to effectively communicate orally and in writing.

• Due to the nature of the work, the selected individual must be able to work onsite.

• Active Security + Certification and ability to obtain Certified in Governance, Risk, and Compliance (CGRC) within 6 months of hire.

• To perform the essential functions of this position successful applicants must provide proof of U.S. citizenship and must be able to obtain and maintain a DOE Q/SCI security clearance, which is required to comply with federal regulations and contract.

Preferred Knowledge, Skills and Experience:

• System Administration experience, to include a thorough understanding of common operating systems (e.g., Windows, Linux) and networking infrastructure.

• Experience creating or modifying information security documentation.

• Experience testing and documenting information security controls (NIST SP 800-53).

• Knowledge of technology hardening guidelines such as DISA STIGs or CIS benchmarks.

• Active DOE Q security clearance or DoD TS security clearance and DOE SCI security. clearance

This position can be hired at one of two levels; the selected candidate will be placed at the appropriate level (PT2 or PT3) dependent upon the depth and breadth of relevant knowledge and skills. The minimum requirements of the two levels are as follows:

• PT2: Bachelors and 2+ years’ experience, or equivalent. The expected pay range for this position is $67,639 - $106,724.

• PT3: Bachelors and 4+ years’ experience, Masters and 2+ years’ experience, or equivalent. The expected pay range for this position is $83,264 - $131,342.

Job Family

Professional Technical (PT)

Job Profile

Computing Security 2

Worker Type

Regular

Time Type

Full time

The expected hiring range for this position is $67,639.00 - $106,725.06.

Please note that the pay range information is a general guideline only. The pay offered to a selected candidate will be determined based on factors such as, but not limited to, the scope and responsibilities of the position, the qualifications of the selected candidate, business considerations, internal equity, and external market pay for comparable jobs. Additionally, comprehensive benefits are part of the total rewards package.

Click here to view Argonne employee benefits!

As an equal employment opportunity employer, and in accordance with our core values of impact, safety, respect, integrity and teamwork, Argonne National Laboratory is committed to a safe and welcoming workplace that fosters collaborative scientific discovery and innovation. Argonne encourages everyone to apply for employment. Argonne is committed to nondiscrimination and considers all qualified applicants for employment without regard to any characteristic protected by law.

Argonne employees, and certain guest researchers and contractors, are subject to particular restrictions related to participation in Foreign Government Sponsored or Affiliated Activities, as defined and detailed in United States Department of Energy Order 486.1A. You will be asked to disclose any such participation in the application phase for review by Argonne's Legal Department.  

All Argonne offers of employment are contingent upon a background check that includes an assessment of criminal conviction history conducted on an individualized and case-by-case basis.  Please be advised that Argonne positions require upon hire (or may require in the future) for the individual be to obtain a government access authorization that involves additional background check requirements.  Failure to obtain or maintain such government access authorization could result in the withdrawal of a job offer or future termination of employment.