Deployed Cyber Professional - Information Assurance Specialist (Early/Mid Career) Hybrid

About Sandia

Sandia National Laboratories is the nation's premier science and engineering lab for national security and technology innovation, with teams of specialists focused on cutting-edge work in a broad array of areas. Some of the main reasons we love our jobs:

• Challenging work with amazing impact that contributes to security, peace, and freedom worldwide

• Extraordinary co-workers

• Some of the best tools, equipment, and research facilities in the world

• Career advancement and enrichment opportunities

• Flexible work arrangements for many positions include 9/80 (work 80 hours every two weeks, with every other Friday off) and 4/10 (work 4 ten-hour days each week) compressed workweeks, part-time work, and telecommuting (a mix of onsite work and working from home)

• Generous vacations, strong medical and other benefits, competitive 401k, learning opportunities, relocation assistance and amenities aimed at creating a solid work/life balance*

World-changing technologies. Life-changing careers. Learn more about Sandia at: http://www.sandia.gov

• These benefits vary by job classification.

What Your Job Will Be Like

We are seeking an Information Assurance Specialist to join our dynamic team and provide cyber assurance expertise in support of the national security mission of Sandia National Labs.

We are seeking to fill a new position within the Deployed Cyber Professionals Department, the newest addition to the Enterprise Cyber Security Program. The Department's role is to engage, support, and deliver on mission and enterprise success across Sandia. As a new department, this represents an exciting opportunity to transform the delivery and implementation of the Cyber Security Program across Sandia, while seeking the appropriate balance between mission need and effective cyber security risk management.

On any given day, the selected candidate may be called on to:

• Collaborate and implement on the vision and strategy for transforming the delivery of cyber security and assurance at Sandia through positions embedded within mission and enterprise organizations

• Act as a primary cyber security advisor and liaison between the Cyber Security Program and mission/enterprise partners for Programs and Centers. Will also serve as a Subject matter expert (SME) to address customer and partner questions and concerns.

• Establish, maintain, and monitor mission/enterprise program area security plans and related security activities including engagement with all aspects of the Risk Management Framework (RMF) accreditation lifecycle.

• Participate on a highly collaborative team of information assurance professionals carrying out a wide variety of cyber assurance tasks. Work in close coordination with designated Division-level DCP lead.

• Provide training, awareness, and outreach to mission/enterprise customer organizations to increase broader cyber security awareness in coordination with Division-level cyber awareness initiatives.

• Assist with general cyber security-related inquiries as part of the Cyber Security Help Desk

• Establish strong partnerships with mission/enterprise organizations which foster an environment of open communication, collaboration, and trust.

• Identify information security requirements and ensure they are effectively integrated into other relevant mission/enterprise processes and systems in coordination with Division-level DCP.

• Coordinates and supports cyber security-related activities and processes with information security architects, the Information System Security Manager (ISSM) Team, Information System Security Officers (ISSOs), Information System Owners (ISOs), and cyber assurance staff across Sandia.

• Coordinate and advise on mission deliverables and how they relate to relevant and required corporate authorization processes (software approvals, wireless approvals, cloud approvals, etc.) within a program.

• Maintain up-to-date technical knowledge in critical and emerging mission/enterprise technologies and interpretation of regulatory requirements and authority documents to include DOE Orders/NNSA directives, NIST Cybersecurity Framework, NIST SP 800-37, NIST SP 800-53, and other requirement drivers.

This position is eligible for Hybrid work and the selected applicant must live within a reasonable distance for commuting to the assigned work location when necessary.

To apply, we recommend you include a cover letter detailing how you meet the qualifications for the position along with a resume OR a comprehensive resume that provides a similar level of detail.

Salary Range

$78,000 - $150,000

• Salary range is estimated, and actual salary will be determined after consideration of the selected candidate's experience and qualifications, and application of any approved geographic salary differential.

Qualifications We Require

• Bachelor's degree in technology related field such as Management Information Systems, Information Assurance, Computer Science, etc., OR master's degree in above subject areas or related field, OR combination of education and experience that are demonstrably equivalent to the requirement above

• Experience applying cyber security standards, directives, best practices, guidance, policies, and processes to information systems.

• Experience in synthesizing and communicating major elements of security and technical areas to a broad audience

• Ability to obtain and maintain a DOE Q level clearance

Qualifications We Desire

• Active DOE Q or DOD TS security clearance.

• Ability to obtain and maintain an SCI clearance based on mission or customer need, which may require a polygraph.

• Technical, program, and/or project experience with a mission organization or in a direct mission-supporting role

• Experience and knowledge in preparing and presenting computer and information security briefings, reports, and/or trainings (verbal & written); making recommendations to diverse internal & external audiences of technical and nontechnical staff.

• Experience as an Information System Security Officer (ISSO), Information System Security Manager/Alternate ISSM (ISSM/AISSM), Information System Security Engineer (ISSE), Security Control Assessor (SCA), or equivalent position

• Comprehensive understanding of federal and institutional security policies, practices, procedures, and program requirements.

• Demonstrated security and/or IT experience in operational technologies, cloud/external services, system administration, cyber assurance related activities or similarly related compliance experience (e.g. security plan development, security assessment, RMF, audit, etc.), configuration management, system/network architectures, security analysis and tools (e.g. Splunk, Nessus, Wireshark, etc.), wireless technologies, telecommunications security, security supply chain analysis, or networking.

• Demonstrated experience partnering across a diverse organization

• Industry recognized cyber security certifications (e.g. CISSP, Security+, GSEC, etc.)

About Our Team

The Deployed Cyber Professionals Department (9319) empowers mission and enterprise success by embedding trained cyber security professionals who are passionate advocates for effective cyber risk management at all stages of project lifecycles and liaisons to the Cyber Security Program. Our team is also responsible for Cyber Security Training, Awareness & Outreach for the Laboratory.

Sandia's Cyber Security Program is responsible for the protection of Sandia's electronic information while enabling mission work. Our Cyber Security responsibilities include technology research and development of next generation cyber systems and technologies; including but not limited to areas such as encryption, authentication and authorization methodologies, intrusion detection, vulnerability assessment, penetration testing, forensics, reverse engineering incident response, and remediation. Further, we conduct data acquisition in support of the corporate electronic discovery requirements related to litigation and investigation of waste, fraud, and abuse. Sandia prides itself on providing cyber security leadership across the NNSA and DOE complex. We operate in a fast-paced environment against sophisticated, focused adversaries and enjoy the Labs' support in the execution of our mission.

Posting Duration

This posting will be open for application submissions for a minimum of seven (7) calendar days, including the 'posting date'. Sandia reserves the right to extend the posting date at any time.

Security Clearance

Sandia is required by DOE to conduct a pre-employment drug test and background review that includes checks of personal references, credit, law enforcement records, and employment/education verifications. Applicants for employment need to be able to obtain and maintain a DOE Q-level security clearance, which requires U.S. citizenship. If you hold more than one citizenship (i.e., of the U.S. and another country), your ability to obtain a security clearance may be impacted.

Applicants offered employment with Sandia are subject to a federal background investigation to meet the requirements for access to classified information or matter if the duties of the position require a DOE security clearance. Substance abuse or illegal drug use, falsification of information, criminal activity, serious misconduct or other indicators of untrustworthiness can cause a clearance to be denied or terminated by DOE, resulting in the inability to perform the duties assigned and subsequent termination of employment.

EEO

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or veteran status and any other protected class under state or federal law.

NNSA Requirements for MedPEDs

If you have a Medical Portable Electronic Device (MedPED), such as a pacemaker, defibrillator, drug-releasing pump, hearing aids, or diagnostic equipment and other equipment for measuring, monitoring, and recording body functions such as heartbeat and brain waves, if employed by Sandia National Laboratories you may be required to comply with NNSA security requirements for MedPEDs.

If you have a MedPED and you are selected for an on-site interview at Sandia National Laboratories, there may be additional steps necessary to ensure compliance with NNSA security requirements prior to the interview date.