• Execution and operation of the Classified Cybersecurity Vulnerability Management Program
• Ensuring internal vulnerability scanning of National Security Systems (NSS) is performed IAW Cybersecurity Service Provider (CSSP) requirements, supporting external vulnerability scanning by the CSSP, and ensuring that applicable security patches are being deployed to address vulnerability scan findings
• Ensuring proper implementation of DISA Security Technical Implementation Guides (STIGs) IAW CSSP requirements
• Conducting assessments of NIST/CNSS security control deviations, STIG non-compliance, and other vulnerabilities (e.g. Tenable scans and CSSP directives), working with the classified ISSOs and ISSEs in determining risks associated with deviations/exceptions identified in those assessments, and developing associated documentation (e.g. exception requests, exception tracking, POA&Ms, etc.)
• Providing guidance to classified ISSEs for solutions that support information security objectives including Security Information and Event Management (SIEM), intrusion detection, and e-discovery
• Providing vulnerability related metrics for cybersecurity reports such as the monthly cybersecurity health report, weekly DOE-ID vulnerability risk review report, CSSP monthly vulnerability status report, and others as required
• Coordinating the evaluation and risk assessment of hardware and software that will be used on classified systems
• Coordinating the collection, analysis, and presentation of computer-related evidence in response to incidents associated with classified systems (e.g. intrusion, malware, criminal, fraud, counterintelligence)
• Interfacing and collaborating with other vulnerability and risk assessment professionals outside of the classified cybersecurity team (e.g. unclassified cybersecurity, CSSP staff, other DOE national laboratory personnel, vendors, etc.)
• Maintaining awareness of global cybersecurity threats, how they pertain to the classified environment, and sharing that information with the classified cybersecurity team, classified system owners, and DOE oversight

Required Qualifications

• US Citizen
• DOE Q or equivalent (e.g. DOD/DOJ TS) security clearance

Required Skills

• Critical thinking
• Excellent interpersonal skills; written and verbal communication, effective listening, conflict resolution

Preferred Qualifications

• Experience in classified environments
• Familiarity with security tools such as Tenable (Nessus, Security Center), SPLUNK, SCAP Tool, STIG Viewer, Xacta
• Related certifications including CISSP, CISM, CASP, Security+

NA