Oasis Systems has an exciting opportunity for a full time Cyber Security Analyst to support the Nuclear Regulatory Commission (NRC) within the nuclear energy sector as he or she implements and matures regulatory cyber security programs, contributing to both the government and industry. The Cyber Security Analyst will actively support the agency as it establishes cyber security regulation and guidance to promote safety and security regulating special nuclear material.
NOTE: Applicants who have worked for the nuclear power industry within the last year are not eligible. Applicants who have worked for the nuclear power industry past a year may be eligible and are required to disclose the name of the company or companies, specify the work performed, and how long ago the applicant was employed.
REQUIRED QUALIFICATIONS: (Education, Certifications, Experience, Skills)
This candidate must have experience with the following:
EXPERIENCE LEVEL: Minimum of 8 years of IT experience and cyber security experience a must. Experience working with government consulting, and experience leading audits
EDUCATION: BA/BS degree in engineering, computer science, cyber security, or related fields, or equivalent.
CERTIFICATIONS AND TOOLS: The Ideal candidate will also have one or more of the following certifications: CISSP, CISM, CEH, CISA, Security+ and/or CAP
SECURITY CLEARANCE: Ability to obtain a DOE security clearance.
TRAVEL: Up to 25%
Ability to facilitate/participate in public meetings with the nuclear industry, where the press and other high visibility entities may be present
Ability to communicate both orally and in writing appropriate to the audience and political dynamic of a given situation
Strong writing skills and the ability to compose highly visible original documents that are relied upon by the nuclear industry
Ability to provide, verbally or in writing, a technical opinion or an interpretation of information based on in-depth and expert knowledge in a particular subject area
Knowledge of IT security audits
Cyber security engineering principles
DESIRED QUALIFICATIONS: (Education, Certifications, Experience, Skills)
This candidate shall have experience with the following:
Knowledge of penetration testing including foot printing and scanning.
Familiarity with hacking tools
Knowledge of vulnerability management
Familiarity with regulatory standards such as NIST
Industry certifications such as CISSP, CEH, ITIL, CISA, or CISM
JOB RESPONSIBILITIES: Functionally, the successful candidate will:
The analyst will participate in the cyber inspection process by analyzing the adequacy of the implementation of cyber security programs by licensees (entities with a license to handle nuclear materials). This participation will include assisting the NRC lead inspector in preparing for the frequent cyber inspections and aiding in identifying the critical systems and critical digital assets in need of inspection.
When preparing for a cyber inspection, the analyst will review technical documentation provided by the licensee in response to the formal request for information letter. The analyst will also analyze cyber vulnerability assessments and identify technical issues associated with a licensee assessment of digital critical systems or critical digital assets.
After this stage of review and analysis, the analyst will communicate to the inspection team the technical issues identified during the inspection process with a nexus to the regulatory basis and will write up justifications of the technical issues that could lead to potential findings during the inspection.
When not working directly on inspections, the analyst will interact with NRC project leads by spearheading a variety of innovative cyber initiatives, including writing, revising, and participating in meetings for regulatory guidance on various cyber security issues affecting the Nuclear Regulatory Commission. Other work with project leads will include developing responses to technical issues that arise from the application of cyber security regulations and analyzing cyber security best practices and recommending how those practices are applicable to the program's cyber security requirements. The analyst will be expected to possess strong communication skills, including dynamic delivery, ability to tailor subjects to the audience, and a sense of diplomacy.
The analyst will also help to develop and present cyber security trainings so that NRC inspectors and staff may become more effective when assessing the NRC cyber security program at nuclear power reactor sites and successfully engage in oversight and enforcement activities. This work will include writing and designing course content and developing classroom and laboratory exercises related to the subject area.
Who We Are
Oasis Systems is a premier provider of customer-driven, cost-effective and quality Engineering Services; Enterprise Systems and Applications; Human Factors Engineering; Information Technology and Cyber Security; Professional Services; and Specialized Engineering Solutions to the Department of Defense, FAA, NRC and other federal agencies.
We strive to be an exciting and welcoming company that attracts, develops, motivates and retains the most talented, skilled and dedicated people in the industry; where they are encouraged to achieve personal excellence, purpose, and their full potential and career aspirations; while supporting mission-critical national security technologies and programs.
MAR Division of Oasis Systems is an equal opportunity employer and does not discriminate in hiring or employment on the basis of any legally protected characteristic including, but not limited to, race, color, religion, national origin, marital status, gender, sexual orientation, ancestry, age, medical condition, military veteran status or on the basis of physical handicap which, with reasonable accommodation, render the application to satisfactorily perform the job available.
Oasis Systems, Inc.