Description

About the job Cyber Security Specialist Be the Difference Astrion offers comprehensive services that boost preparedness, optimize performance, and ensure success across various domains, from Cyber to Digital, Mission and Systems, servicing our nation's Civilian, Defense and Space communities. We support customers with Centers of Excellence in Washington DC, Huntsville, AL and Burlington, MA with an additional 36 locations across the U.S. Astrion has an exciting opportunity for a Cyber Security Specialist for the NRC - CRSPDSS, supporting the Civilian Division. JOB DETAILS LOCATION: Remote (base location for travel will be Rockville, MD JOB STATUS: FT or PT TRAVEL: 30% Required Qualifications / Skills BA/BS degree required in information systems, computer science, or related fields preferred. 5+ years of experience required Must have at least one advanced cyber security certification, such as CISSP, CEH, CISM, CISA, or CRISC. Any certification on the DOD 8570 matrix will be sufficient. The following link provides the certification matrix: https://public.cyber.mil/wid/cwmp/dod-approved-8570-baseline-certifications/ . Security Clearance Level: NRC Suitability Desired Qualifications / Skills Experience working with a risk management framework (e.g., NIST SP 800-37, ERM framework). Experience performing cyber security inspections on operational technology and/or performed audits or assessments based on a well-known cyber security framework (e.g., NIST 800-53 and 800-82, NEI 08-09 and 13-10, SOC2, HIPPA, COBIT) in the last five years. Experience with the cyber analysis of ICS and/or SCADA. Experience with training a group of individuals on cyber subjects. Thorough understanding and implementation of federal cyber security frameworks (e.g., FISMA and RG 5.71). Experience with independently interpreting configuration files produced by network devices (i.e., Firewalls, IDS/IPS, SIEM, Log Forwarders, etc.) and other components. Experience independently reviewing security logs from operating systems and network security devices. Experience independently evaluating network defensive architectures, threat detection, and mitigation strategies. Knowledge of TCP/IP and networking concepts with emphasis on cyber awareness. Experience with the analysis of vulnerabilities and CVE concepts. Experience writing and evaluating technical reports and solicitations. Have a willingness to learn to develop inspection expertise. Be able to work with little supervision while on site. Have excellent verbal and writing skills. Ability to work with a wide range of stakeholders and values teamwork. Timeliness is crucial.

Role and Responsibilities

• Responsibilities The primary responsibility will be to support cyber security inspections at nuclear power plants across the country validating whether the licensees’ Cyber Security Program meets NRC’s 10 CFR 73.54, Protection of Digital Computer and Communications Systems and Networks, rule. These inspections are conducted onsite for one week and the remainder of the work will be performed remotely unless required otherwise. Tasks may include the following: Performing analysis and research, developing supporting documentation, providing technical input on NRC regulatory guides. Advise government inspectors and stakeholders on applying an approved cyber security framework. Assist the Government in the identification of shortcomings, inconsistencies, and conflicts encountered during a cyber security evaluation of a public utility. Make recommendations for improvements on Government cyber security practices, standards, and guidance while keeping informed of ongoing threats and vulnerabilities. Assist government inspectors in the overall planning of information gathering logistics, technical reports, and execution plans. Verbally express technical concepts to Government clients and stakeholders involved in enterprise security information forums. Collaborate with other cyber analysts to create a unified method of assessment and analysis. Additional responsibilities include providing support during the rulemaking process, revisions to regulatory guidance, and other associated cyber security related activities.