Security Analyst

Overview

The Security Analyst position assists with administering the Safeguards and Security Programs.

Responsibilities

• • Implements safeguards and security program operations
  • Provides oversight of construction and vendor activities to ensure continues compliance with security plans and procedures.
  • Assists in the develop of site security plans, protocols, procedures, and program files for parent contractors in accordance with NRC and DOE regulatory requirements.
  • Assists in self-assessments as required or requested.
  • Performs Personnel Security, Physical Security, Information Security, and Operations Security functions.
  • Interacts on a regular basis with all levels of DOE, NRC, and other contractor management.
  • Assists with or performs Incidents of Security Concern.
  • Provides Technical Surveillance Countermeasures support.
  • Demonstrates a personal commitment to safety and quality
  • Performs Derivative Classification support
  • Administer and maintain computer systems, primarily focusing on Windows and Linux (Ubuntu OS) environments.
  • Configure, troubleshoot, and maintain security systems, including microwave sensors, fiber optics, and camera systems.
  • Maintain, Update, and Implement the Security Key and GSA-approved lock management program
  • Diagnose and resolve system hardware, software, and network issues.
  • Perform minor electrical repairs and ensure the proper functioning of system components.
  • Collaborate with team members to implement and maintain secure network environments.
  • Articulate technical issues and solutions clearly to non-technical customers
  • Monitor system performance and security to ensure optimal operations.
  • Document system configurations, updates, and repair processes.
  • Stay updated on emerging technologies, standards, and best practices in system administration and security systems.
  • Ensure the ECN and associated systems comply with all applicable federal regulations, DOE/NNSA cybersecurity directives, standards, and guidance.
  • Maintain comprehensive knowledge of the Risk Management Framework (RMF) and oversee its application throughout the system lifecycle.
  • Review and ensure compliance of the System Security Plans (SSPs), ensuring they remain current and accurately reflect the system architecture, components, and security controls.
  • Identify, implement, and document security controls required by DOE/NNSA policies and guidance, as well as other applicable frameworks (e.g., NIST SP 800 series).
  • Collaborate with system administrators and engineers to integrate and validate security controls into network infrastructure and endpoint configurations.
  • Participate in and support security control assessments, audits, and inspections, ensuring timely remediation of identified weaknesses and deficiencies.
  • Establish and maintain a continuous monitoring strategy to track security events, system health, and compliance status across the ECN.
  • Conduct regular vulnerability scans, security testing, and risk assessments to proactively identify, prioritize, and mitigate security risks.
  • Manage and maintain Plans of Action and Milestones (POA&Ms), ensuring timely remediation efforts and updating customers on progress.
  • Serve as the primary point of contact for cybersecurity incidents affecting the ECN, coordinating with incident response teams, system owners, and other stakeholders.
  • Investigate security events and alerts, lead root cause analysis, and recommend corrective actions to prevent recurrence.
  • Maintain incident response procedures, ensuring readiness and effective handling of security incidents.
  • Prepare and deliver regular security status reports, metrics, and briefings to NNSA leadership, system owners, and other stakeholders.
  • Document all security-related actions, decisions, and justifications, ensuring traceability and adherence to record-keeping standards.
  • Maintain all authorization and accreditation documentation to support system authority to operate (ATO) and reaccreditation processes.
  • Collaborate with program managers, system integrators, network engineers, and support staff to ensure security requirements are met without impeding operational effectiveness.
  • Provide guidance, training, and mentorship to team members and stakeholders on security best practices, policies, and procedures.
  • Coordinate with external partners, auditing entities, and government agencies as necessary to address compliance and security considerations.

  SAETY RESPONSIBILTIES:

  • Keep work area in order and free of hazards. Perform work within the controls identified and stop work when an unsafe work condition exists. Participate in safety programs and initiatives. Report all injuries. Participate in work planning so that hazards are identified and appropriate corrective actions are taken.

Qualifications

• To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Experience, Competencies, and Education:

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field.
• Prior experience working as an ISSO or similar cybersecurity role within a federal agency environment desirable
• In-depth knowledge of federal cybersecurity policies, guidelines, and the NIST Risk Management Framework (RMF) desirable
• Familiarity with DOE/NNSA cybersecurity policies, directives, and standards highly desirable.
• Professional certifications such as CISSP, CISM, or Security are preferred
• Strong experience and knowledge in networking (Network , or CCNA are preferred)
• Strong analytical, communication, and organizational skills.
• Ability to obtain and maintain a DOE security clearance.
• Will be required to take training courses in Locksmithing and GSA-approved Container Technician/Inspector

Language Skills:

• Ability to read and interpret documents such as procedure manuals. Ability to write routine and non-routine reports and correspondence. Ability to speak effectively before groups of customers or employees.

Reasoning Ability:

• Ability to define problems, collect data, establish facts and draw valid conclusions. Ability to interpret a variety of instructions and deal with abstract and concrete variables.

Other Skills/Abilities:

• Ability to operate office copier, telephone, fax, and computer are required. Must be able to obtain and maintain a DOE “Q” Clearance.
• Requires occasional travel to Idaho Falls, Idaho.