Security Analyst

Overview

The Security Analyst position assists with administering the Safeguards and Security Programs.

Responsibilities

Implements safeguards and security program operations

• Provides oversight of construction and vendor activities to ensure continues compliance with security plans and procedures.
• Assists in the develop of site security plans, protocols, procedures, and program files for parent contractors in accordance with NRC and DOE regulatory requirements.
• Assists in self-assessments as required or requested.
• Performs Personnel Security, Physical Security, Information Security, and Operations Security functions.
• Interacts on a regular basis with all levels of DOE, NRC, and other contractor management.
• Assists with or performs Incidents of Security Concern.
• Provides Technical Surveillance Countermeasures support.
• Demonstrates a personal commitment to safety and quality
• Performs Derivative Classification support
• Administer and maintain computer systems, primarily focusing on Windows and Linux (Ubuntu OS) environments.
• Configure, troubleshoot, and maintain security systems, including microwave sensors, fiber optics, and camera systems.
• Maintain, Update, and Implement the Security Key and GSA-approved lock management program
• Diagnose and resolve system hardware, software, and network issues.
• Perform minor electrical repairs and ensure the proper functioning of system components.
• Collaborate with team members to implement and maintain secure network environments.
• Articulate technical issues and solutions clearly to non-technical customers
• Monitor system performance and security to ensure optimal operations.
• Document system configurations, updates, and repair processes.
• Stay updated on emerging technologies, standards, and best practices in system administration and security systems.
• Ensure the ECN and associated systems comply with all applicable federal regulations, DOE / NNSA cybersecurity directives, standards, and guidance.
• Maintain comprehensive knowledge of the Risk Management Framework (RMF) and oversee its application throughout the system lifecycle.
• Review and ensure compliance of the System Security Plans (SSPs), ensuring they remain current and accurately reflect the system architecture, components, and security controls.
• Identify, implement, and document security controls required by DOE / NNSA policies and guidance, as well as other applicable frameworks (e.g., NIST SP 800 series).
• Collaborate with system administrators and engineers to integrate and validate security controls into network infrastructure and endpoint configurations.
• Participate in and support security control assessments, audits, and inspections, ensuring timely remediation of identified weaknesses and deficiencies.
• Establish and maintain a continuous monitoring strategy to track security events, system health, and compliance status across the ECN.
• Conduct regular vulnerability scans, security testing, and risk assessments to proactively identify, prioritize, and mitigate security risks.
• Manage and maintain Plans of Action and Milestones (POA&Ms), ensuring timely remediation efforts and updating customers on progress.
• Serve as the primary point of contact for cybersecurity incidents affecting the ECN, coordinating with incident response teams, system owners, and other stakeholders.
• Investigate security events and alerts, lead root cause analysis, and recommend corrective actions to prevent recurrence.
• Maintain incident response procedures, ensuring readiness and effective handling of security incidents.
• Prepare and deliver regular security status reports, metrics, and briefings to NNSA leadership, system owners, and other stakeholders.
• Document all security-related actions, decisions, and justifications, ensuring traceability and adherence to record-keeping standards.
• Maintain all authorization and accreditation documentation to support system authority to operate (ATO) and reaccreditation processes.
• Collaborate with program managers, system integrators, network engineers, and support staff to ensure security requirements are met without impeding operational effectiveness.
• Provide guidance, training, and mentorship to team members and stakeholders on security best practices, policies, and procedures.
• Coordinate with external partners, auditing entities, and government agencies as necessary to address compliance and security considerations.

SAETY RESPONSIBILTIES :

Qualifications

Experience, Competencies, and Education :

Language Skills :

Reasoning Ability :

Other Skills / Abilities :