Job Duties/Scope Of Work
The Sr. Cybersecurity analyst role is critical for evaluating emerging cybersecurity risks, assisting in developing cybersecurity policies and procedures, assessing systems, providing solutions for meeting cybersecurity requirements, and advising the Director of Cybersecurity, Information System Security Manager (ISSM), DOE, and other Information Management (IM) leaders on cybersecurity related matters. This role encompasses industrial control systems (ICS) and operational technology (OT), as well as the General Support System (GSS).
Key responsibilities and duties include:
•Develop and maintain comprehensive cybersecurity policies and procedures in accordance with the Federal Information Security Management Act (FISMA) to safeguard information systems and data
•Participate in development and maintenance of System Security Plans (SSP) in accordance with National Institute of Standards and Technology (NIST)
•Ensure compliance with relevant laws, regulations, and standards
•Conduct risk assessments and vulnerability analyses to identify potential security threats and weaknesses to system environments, including ICS/OT, and determine appropriate mitigations
•Operate, coordinate, and execute day-to-day cybersecurity functions, including certification and accreditation planning and activities, continuous monitoring (CM) activities, cybersecurity assessments, data calls, investigations, and liaison activities, working closely with IT and other organizations to integrate cybersecurity into the organization's operations
•Directly participate in change and configuration management oversight activities relevant to accreditation boundaries
•Evaluate products and participate in projects to address and implement cybersecurity supply chain risk management (SCRM) principles and requirements
•Apply cybersecurity requirements and principles in evaluating design and implementation of new and existing systems and support secure operation and maintenance of systems within accreditation boundaries
•Respond to cybersecurity incidents and intrusions, including investigation, mitigation, and ensuring that reporting requirements are met
•Participate in incident response and disaster recovery exercises and events
•Establish and implement corrective action plans, plan of action and milestones (POAMs), as needed to address cybersecurity issues
•Evaluate systems and processes in operation to verify security requirements are implemented effectively
•Monitor cybersecurity reports from external sources
•Implement government and industry best practices for protection of system environments to achieve and maintain an acceptable level of risk
Basic Qualifications
•BA/BS degree plus 8 years of experience working in information technology, -OR- equivalent combination of education and related experience.
•Knowledge of cyber security practices for protection of cloud services (IaaS, PaaS, and SaaS).
•Knowledge of National Institute of Standards and Technology (NIST) requirements for operation of federal information systems.
•Current holder of a DOE "Q" security clearance or the ability to obtain a clearance within one year.
•Ability to obtain and maintain a Personal Identity Verification (PIV) Credential badge.
Note: This position may require the selected candidate to work on premises with some flexibility for intermittent teleworking, candidate must live within a commutable distance and in accordance with HMIS procedural requirements.
Desired Qualifications
•Experience within the last 4 years in providing and evaluating cyber security for general support systems.
•Experience within the last 4 years in assessing and managing risk from a cyber security perspective.
•Experience as an Information System Security Officer (ISSO).
•Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), or Certified Information Systems Auditor (CISA).
•Excellent written and verbal communication skills.
Compensation & Benefits
Grade 18: $109,013 to $137,538
Grade 19: $119,813 - $151,038
Grade 20: $131,888 - $166,263
HMIS offers a comprehensive benefits package that includes medical/dental/vision, short-and long-term disability, life insurance, 401(k) plan, and paid time off. For a full list of benefits please visit our benefits website: https://hmis.hanford.gov/hr/page.cfm/employeebenefits
In accordance with the HMIS salary determination process, offers will be made by taking into consideration the level of assigned job duties, responsibilities, and the candidate's qualifications relative to internal peers and the external labor market. A candidate's salary history will not be used in compensation decisions. The salary range listed represents the full range of salary that may be offered.
This position may be required to complete a probationary period. Benefits for eligible employees will begin on day one.
In compliance with Homeland Security Presidential Directive 12 (HSPD-12) and Department of Energy (DOE) Hanford Field Office (HFO) direction, employees issued initial badges on or after September 1st, 2025, are required to obtain and maintain a HSPD-12 Personal Identity Verification (PIV) Credential. To obtain this credential, new employees must successfully complete and pass a federal background check investigation. This investigation encompasses multiple areas of eligibility and includes a declaration of illegal drug activities, including use, supply, possession, or manufacture within the last year.