Location: Amarillo, TX
Job Title: Cybersecurity Contractor Assurance Lead
Career Level From: Associate
Career Level To: Senior Specialist
Organization: Chief Information Security Off (50003144)
Job Specialty: Cyber Security
What You'll Do
Coordination of the cybersecurity program responsibilities within the Pantex Contractor Assurance System (CAS):
• Identification, formal documentation, and reporting of program deficiencies to responsible managers and authorities
• Coordinate and document formal opportunities for improvement
• Establish and effectively implement corrective and preventive actions
• Share lessons learned across the cybersecurity program
• Coordinates cybersecurity program participation in the Enterprise Assessment Program
o Coordination and accomplishment of annual management assessments for enterprise analysis and oversight
o Coordination of independent surveillances and organizational surveillances.
o Coordination of independent and external assessments
• Maintains and reports real-time CAS supporting trackers, metrics, and presentations
• Synchronizes weekly with members of the Performance Excellence (CAS) to predict, schedule, execute, and report program accomplishments
• Maintains annual contractor assurance training
• Achieves and maintains Extent of Condition (EoC) management ownership qualification
• Maintains certification as a qualified management assessment team lead
What You Can Expect
- Meaningful work and unique opportunities to support missions vital to national and global security
- Top-notch, dedicated colleagues
- Generous pay and benefits with a stable organization
- Career advancement and professional development programs
- Work-life balance fostered through flexible work options and wellness initiatives
Minimum Job Requirements
- Bachelor's degree in engineering/computer science/information technology discipline.
- OR Master's degree in engineering/computer science/information technology discipline.
- Eight or more years of relevant education, training and/or progressive experience may be considered to satisfy educational and years of experience for this posting.
Preferred Job Requirements
- Knowledge of computer networking concepts and protocols, and network security methodologies.
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). Knowledge of cybersecurity and privacy principles.
- Knowledge of cyber threats and vulnerabilities.
- Knowledge of Security Assessment and Authorization process.
- Knowledge of Risk Management Framework (RMF) best practices.
- Ability to present administrative, technical, and operational information clearly and effectively through the oral and written word as well as diagrams and charts.
- Knowledge of NIST 800-53/53A security controls
- Ability to author and provide written causal analyses, extents of condition, action plans, and closure packages
- Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption)
- Knowledge of Application Security Risks
- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
- Knowledge of Personally Identifiable Information (PII) data security standards
- Knowledge of authentication, authorization, and access control methods
- Knowledge of database systems
- Knowledge of emerging technologies that have potential for exploitation
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- Desired: Experience with RMF in the DOE Community
- Desired: Security+, CEH Certification or CISSP Certification
- Desired: FedRamp and Cloud compliance experience
