Job Description

Seeking a motivated and detail-oriented entry-level Cyber Security Professional to join our team with a focus on cloud security authorizations, compliance activities, and working
directly with FedRAMP applications. This role is ideal for candidates who are eager to learn, enjoy research, and want to build a career supporting Department of Energy
(DOE)/National Nuclear Security Administration (NNSA) cybersecurity programs.

The successful candidate will work closely with experienced cybersecurity staff and receive mentorship in Department of Energy (DOE) to include National Nuclear Security
Administration (NNSA) and Environmental Management (EM) cybersecurity policies, standards, and governance processes.

Duties

• Support cloud security authorization activities and FedRAMP documentation.
  
• Conduct in-depth research on cybersecurity standards, compliance requirements, and DOE/NNSA directives.
  
• Assist in preparing and maintaining security documentation, system security plans, and related materials.
  
• Work collaboratively with senior cybersecurity staff and follow structured mentorship.
• Participate in security assessments, reviews, and compliance evaluations.
  
• Support continuous monitoring and cyber governance activities as assigned.
  

Education

• Bachelor degree in an IT related discipline (e.g., Information Technology, Computer Technology. Software Engineering, Computer Science, Computer Engineering); or
  
• Non-related Bachelor degree with 2 years proven performance in related assignment(s); or
  
• Associate Degree in IT related discipline (e.g. Information Technology, Computer Technology, Software Engineering, Computer Science, Computer Engineering) with 2 years proven performance in related assignment(s); or
  
• Non-related Associate Degree with 4 years proven performance in related assignment(s).
  
• In lieu of degree, a high school diploma with at least 6 years of equivalent knowledge and experience is acceptable.
  
• Knowledge of computer and network digital systems used in business or process applications.
• Detailed knowledge in specific operating systems is desirable.
  

Additional Qualifications

• Strong written communication and composition skills. (Required)
  
• Familiarity with cloud security concepts or compliance frameworks such as FedRAMP, RMF, or NIST SP 800-series. (Required)
  
• Knowledge of basic cybersecurity principles, protections, or frameworks (e.g., NIST). (Required)
  
• Demonstrated willingness to learn new technologies, frameworks, and regulatory environments. (Required)
  
• Ability to conduct thorough research and synthesize findings. (Required)
  
• Ability to work on-site with limited teleworking options. (Required)
  
• Exposure to working in an enterprise IT environment (preferred)
  
• Experience working on collaborative technical or research projects. (preferred)
  
• A proactive desire to stay current with evolving cloud technologies and cybersecurity trends (preferred)
  
• Ability to think critically and provide actionable guidance to technical or compliance-based challenges (preferred)
  
• Educational or work-related experience with Microsoft cloud services (Azure, M365, etc.) or other major SaaS platforms (preferred)
• Under regular supervision, assists with the investigation, design, and development of software and/or hardware security.
  
• Support the security of SRS resources through designing/implementing/evaluating measures tied to the NIST Core Cyber.
  
• Framework: Identify, Detect, Respond and Recover.
  
• Safety is a primary responsibility in each job performed. Obtain safety training, obey safety rules. and make safety an integral part of each task. Take the necessary steps to stop work
  if continuing the job is unsafe or will create an unsafe condition.
• Under regular supervision, assists with the investigation, design, and development of software and/or hardware security technologies for SRS. Work with vendors to develop technical solutions for site computer security needs.
• Maintain the integrity of computer workstations, servers, and networks by maintaining access controls and software lifecycle process as needed.
• Ensure data integrity and confidentiality through implementing the use of both encryption and data retention technologies.
• Increase technical abilities through specialized vendor training, manuals and technical journals, software seminars, informational meetings, and practical experience.
• Ensure that site/company policies and procedures are tied to customer requirements and our evaluated for effectiveness and proper implementation.