Los Alamos National Laboratory Cybersecurity Technical Staff 3 in Los Alamos, New Mexico
What You Will Do
As a Security Controls Assessor (SCA) you will review compliance paperwork, security change requests, and authorization to operate (ATO) packages to ensure adherence to laboratory, NNSA, DOE, and Federal requirements. You will serve as an interface between Information System Security Officers (ISSOs) and the Information System Security Manager (ISSM) to validate that security controls meet or exceed laboratory, NNSA, DOE, and Federal standards and requirements.
You will serve as the Security Controls Assessor for cloud system security plans and ensure that compliance and security requirements and associated controls are identified, implemented, assessed and accredited for systems and networks. The SCA develops and manages all aspects of small to moderate projects. Works on complex issues requiring analysis of situations, alternatives, or data.
The SCA develops methods to monitor and measure risk, compliance, and assurance efforts. Develops specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level. Drafts statements of preliminary or residual security risks for system operation. Maintains information systems assurance and accreditation materials. Monitors and evaluates a system's compliance with information technology (IT) security, resilience, and dependability requirements. Assesses the effectiveness of security controls. Performs security reviews, identifies gaps in security architecture, and develops a security risk management plan. Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy. Performs risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change. Plans and conducts security authorization reviews and assurance case development for initial installation of systems and networks. Verifies that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
What You Need
Minimum Job Requirements:
Knowledge of NIST Controls and Risk Management Framework (RMF) requirements.
Knowledge of the Security Assessment and Authorization process
Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.
Education/Experience: Position requires a Bachelor’s Degree and 8 years related experience; or, an equivalent combination of education and experience directly related to the occupation. At this level post graduate work may be expected.
Knowledge of FedRAMP security assessment and authorization processes and associated customer responsibilities.
Demonstrated experience in performing security assessment and authorization processes, risk analysis, and vulnerability assessments on Federal Information Systems.
Demonstrated experience performing cloud security assessment and authorizations.
Cloud security certification such as, CCSP Certification, GIAC Cloud Security Certification, or equivalent
Current Information Assurance certification such as CISM, CISSP, GSLC, CCISO or equivalent.
Note to Applicants:
Along with your resume, please include a detailed cover letter explaining how you meet each of the minimum requirements and any of the desired qualifications.
This position will be part of the Laboratory’s Telework Pilot and may work from a remote/home location within a two-hour ground commute of the Laboratory. The Telework Pilot is in effect from Oct. 1, 2020 through Sept. 30, 2021, but may be shortened or extended at the manager’s discretion. Ability to report on-site is a must for this position.
Position commitment: Regular appointment employees are required to serve a period of continuous service in their current position in order to be eligible to apply for posted jobs throughout the Laboratory. If an employee has not served the time required, they may only apply for Laboratory jobs with the documented approval of their Division Leader. The position commitment for this position is 1 year.
Where You Will Work Located in beautiful northern New Mexico, Los Alamos National Laboratory (LANL) is a multidisciplinary research institution engaged in strategic science on behalf of national security. Our generous benefits package includes:
§ PPO or High Deductible medical insurance with the same large nationwide network
§ Dental and vision insurance
§ Free basic life and disability insurance
§ Paid maternity and parental leave
§ Award-winning 401(k) (6% matching plus 3.5% annually)
§ Learning opportunities and tuition assistance
§ Flexible schedules and time off (paid sick, vacation, and holidays)
§ Onsite gyms and wellness programs
§ Extensive relocation packages (outside a 50 mile radius)
Directive 206.2 - Employment with Triad requires a favorable decision by NNSA indicating employee is suitable under NNSA Supplemental Directive 206.2 . Please note that this requirement applies only to citizens of the United States. Foreign nationals are subject to a similar requirement under DOE Order 142.3A.
Clearance: Q (Position will be cleared to this level). Applicants selected will be subject to a Federal background investigation and must meet eligibility requirements
for access to classified matter. This position requires a Q clearance which requires US Citizenship except in extremely rare circumstances. Dependent upon position, additional authorization to access nuclear weapons information may be required that may or may not be available to dual citizens depending upon the circumstances.
Eligibility requirements: To obtain a clearance, an individual must be at least 18 years of age; U.S. citizenship is required except in very limited circumstances. SeeDOE Order 472.2 for additional information.
New-Employment Drug Test: The Laboratory requires successful applicants to complete a new-employment drug test and maintains a substance abuse policy that includes random drug testing.
Regular position: Term status Laboratory employees applying for regular-status positions are converted to regular status.
Internal Applicants: Regular appointment employees who have served the required period of continuous service in their current position are eligible to apply for posted jobs throughout the Laboratory. If an employee has not served the required period of continuous service, they may only apply for Laboratory jobs with the documented approval of their Division Leader. Please refer to PolicyPolicy P701for applicant eligibility requirements.
Equal Opportunity: Los Alamos National Laboratory is an equal opportunity employer and supports a diverse and inclusive workforce. All employment practices are based on qualification and merit, without regard to race, color, national origin, ancestry, religion, age, sex, gender identity, sexual orientation or preference, marital status or spousal affiliation, physical or mental disability, medical conditions, pregnancy, status as a protected veteran, genetic information, or citizenship within the limits imposed by federal laws and regulations. The Laboratory is also committed to making our workplace accessible to individuals with disabilities and will provide reasonable accommodations, upon request, for individuals to participate in the application and hiring process. To request such an accommodation, please send an email to firstname.lastname@example.org or call 1-505-665-4444 option 1. Appointment Type
Contact Name Gonzales, Andrea Jo
Vacancy Name: IRC86540
Organization Name NIE-IS/Network & Infrastructure Engineering - Infrastructure Services
Minimum Salary 103500
Maximum Salary 172800
Req ID: IRC86540
Category: Information Technology