PERM: Nuclear Information Security Analyst - Strong (MS Environment /.Net or, or Linux, MS Exchange
: $72,726.67 - $147,140.00 /year *
: Information Technology
Loading some great jobs for you...
TITLE: PERM : Nuclear Information Security Analyst - Strong (MS Environment /.Net or, or Linux, MS Exchange or Mail Expertise, Strong Networking, Encryption, Pen Testing One of the Following Certifications: CISSP, GSE, DoDD 8570 POSITION SUMMARY: The Nuclear Information Security Analyst will work on all aspects of information security at TEG Client. The position is responsible for securing information in all its forms and reducing risk as it relates to TEG Client s data, facilities, and personnel through the deployment and operation of security tools and processes. This includes architecture, policy, operations, development, training, and incident response. This position is a senior technical escalation resource and liaison for client support teams dealing with endpoint, server, networking, and security issues. This position acts as a thought leader for the department. ESSENTIAL DUTIES AND RESPONSIBILITIES: Acts as a senior contact for security-related escalations and directs problem resolution. Leads the deployment and support of existing client programs where there is a security nexus. Provides architectural guidance for all aspects of the security program. Collaborates across the IT organization to ensure the needs of relevant stakeholders are addressed and participates in organization-wide projects. Deploys advanced security tools and analyzes data to detect and prevent possible breaches. Prepare reports as needed on security incidents; develop, lead, and implement remediation responses. Conducts vulnerability testing to detect problems with TEG Client networks and systems. Reports results to operations teams and advises on the remediation and possible impact. Serves on the TEG Client Incident Response team to quickly identify, contain, analyze, remediate, and document security incidents. Remote support and on-call hours may be required on a rotational basis. Continuously improve information security at TEG Client through research, testing, and implementation of new technologies, tools, and improvements to existing tools, processes, or designs; makes recommendations to the Information Security Manager. Performs other duties as assigned. CORE COMPETENCIES: To perform the job successfully, the individual should demonstrate competencies in performing the essential functions of this position by performing satisfactorily in each of these competencies. Problem solving : Identifies and resolves a diverse range of moderately complex problems in a timely manner, gathers and reviews information appropriately. Exercises judgment within company policies and practices; seeks input from other team members as appropriate for complex or sensitive situations. Oral/written communication : Listens carefully and speaks clearly and professionally in all situations. Edits work for accuracy and clarity, Is able to create, read and interpret complex written information. Ability to build productive relationships with senior internal and external personnel in own area of expertise. Planning/organizing : Prioritizes and plans work activities, organizes personal and project timelines and deadlines, tracks project timelines and deadlines, and uses time efficiently. Adaptability : Adapts to changes in the work environment, manages competing demands and is able to deal with frequent interruptions, changes, delays, or unexpected events. Dependability : Consistently on time and at work, responds to management expectations and solicits feedback to improve performance. Team Building: Capable of developing strong interpersonal networks and trust within the organization. Leads consensus by involving all stakeholders, facilitating their understanding of differences, agreeing on requirements and constraints, and developing the best solution. Safety Culture : Adheres to the TEG Client Safety culture and is expected to model safe behavior and influence peers to meet high standards. Quality Assurance : Demonstrates understanding and implementation of quality assurance regulations, standards and guidelines of 10 CFR 50 Appendix B, 10 CFR 21, and ASME NQA-1. MINIMUM SKILLS, QUALIFICATIONS AND ABILITIES : Education : A minimum of a B.S. degree in Computer Science or other technical degree from a four year accredited college/university or 8 years of specifically related experience in lieu of degree. A security related certification (CISSP, GSE, DoDD 8570, or similar) is required for this position. Experience : A minimum of 10 years experience in complex IT environments. This includes direct experience facilitating company-wide security strategy and policy, direct experience facilitating design, implementation and auditing of security controls to meet company strategy, and demonstrated expertise in understanding applicable security, regulatory and audit frameworks. Must have familiarity working in a highly regulated industry. Experience working with startup organizations is desirable. Required expertise in the following include: Microsoft and Linux operating systems/networking Encryption technologies and implementations Network devices, protocols, and sniffers Security tools and processes (pen testing tools, forensic tools, risk assessment, etc.) Strong understanding of social engineering attacks Knowledge of MS Exchange and other network mail systems Blended attacks and advanced persistent threats Understanding of normal and abnormal ingress and egress network traffic Various ways malicious actors can hide malware, command and control traffic, and egress data Understanding of public key infrastructure Strong ability to do network and end point forensics including live RAM and disk systems Scripting or programming (example: Powershell, Bash, BAT, VB Script, C#, ASP.Net, etc.) Preferred skills and background include: DoDD 8140 (DoDD 8570) SEC501: Advanced Security Essentials - Enterprise Defender (GCED) SEC503: Intrusion Detection In-Depth (GCIA) SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling (GCIH) SEC560: Network Penetration Testing and Ethical Hacking (GPEN) Industrial Controls experience Industry Requirements : Eligible to work under Department of Energy 10 CFR Part 810. Needs to have a strong understanding of information and cyber security as it relates to a R&D company in a heavily regulated space. - provided by Dice Associated topics: attack, forensic, identity, information assurance, information security, information technology security, security, security engineer, threat, vulnerability
* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.