Job Summary
Seeking a motivated entry-level Cyber Security Professional to support the implementation and maintenance of NIST Risk Management Framework (RMF) requirements and common control boundaries across the enterprise. This role supports cybersecurity operations through research, documentation, compliance activities, and implementation of security controls aligned with DOE/NNSA cybersecurity requirements and the NIST Cybersecurity Framework. The successful candidate will work closely with senior cybersecurity personnel and gain hands-on experience in cybersecurity governance, risk management, and compliance activities.
Job Responsibilities
- Assist with the investigation, design, and development of software and hardware security technologies.
- Support the security of organizational resources by designing, implementing, and evaluating cybersecurity measures aligned with the NIST Cybersecurity Framework functions: Identify, Detect, Respond, and Recover.
- Work with vendors to develop technical solutions for cybersecurity and system security requirements.
- Maintain the integrity of computer workstations, servers, and networks through access control management and software lifecycle processes.
- Ensure data integrity and confidentiality through implementation of encryption and data retention technologies.
- Assist in developing, documenting, and maintaining common control implementations and related cybersecurity artifacts.
- Support activities throughout the NIST Risk Management Framework (RMF) lifecycle, including:
- System categorization
- Control selection
- Control implementation
- Security assessment
- Authorization
- Continuous monitoring
- Conduct research on cybersecurity policies, NIST guidance, DOE/NNSA directives, and industry best practices.
- Prepare and maintain security documentation, including control implementation summaries, procedures, and system security artifacts.
- Collaborate with senior cybersecurity personnel to ensure consistent implementation of cybersecurity requirements.
- Participate in internal cybersecurity assessments, compliance reviews, and gap analyses.
- Participate in group problem-solving activities and communicate effectively with both technical and non-technical personnel.
- Conduct timely technical research using available resource materials and references.
- Follow company safety procedures and stop work when unsafe conditions are identified.
- Continuously improve technical knowledge through vendor training, technical manuals, seminars, meetings, and practical experience.
- Support small and large cybersecurity-related projects as assigned.
- Work onsite as required with limited telework flexibility.
- Perform additional duties as assigned by management.
Top Skills & Experience Required
- Knowledge of basic cybersecurity protections, principles, and frameworks.
- Understanding of basic computer and networking concepts, principles, and practices.
- Strong written communication and technical documentation skills.
- Strong research and analytical abilities.
- Ability to participate effectively in group problem-solving environments.
- Ability to communicate with both technical and non-technical personnel.
- Willingness and ability to learn complex cybersecurity requirements and regulatory environments.
- Ability to recognize when guidance is needed and work collaboratively with senior technical staff.
- Familiarity with conducting technical research using available resources and documentation.
- Ability to work onsite with limited telework options.
Nice to Have
- Exposure to NIST SP 800-series guidance and the Risk Management Framework (RMF).
- Experience supporting cybersecurity processes such as:
- Categorization
- Control selection
- Control implementation
- Security assessment
- Authorization
- Continuous monitoring
- Familiarity with governance, compliance, or technical documentation processes.
- Prior DOE “L” or “Q” clearance within the past two years.
- Experience working within DOE, NNSA, or regulated cybersecurity environments.