Nuclear Fuel Services Cyber Security Analyst in Erwin, Tennessee
At BWX Technologies, Inc. (NYSE: BWXT), we are People Strong, Innovation Driven. Headquartered in Lynchburg, Va., BWXT provides safe and effective nuclear solutions for national security, clean energy, environmental remediation, nuclear medicine and space exploration. With approximately 6,400 employees, BWXT has 12 major operating sites in the U.S. and Canada. We are the sole manufacturer of naval nuclear reactors for U.S. submarines and aircraft carriers. Our company supplies precision manufactured components, services and fuel for the commercial nuclear power industry across four continents. Our joint ventures provide environmental remediation and nuclear operations management at more than a dozen U.S. Department of Energy and NASA facilities. BWXT’s technology is driving advances in medical radioisotope production in North America and microreactors for various defense and space applications. Follow us on Twitter at @BWXTech and learn more at www.bwxt.com.
BWXT is currently seeking a Cyber Security Analyst for its Erwin, TN location!
The Cyber Security Analyst will be a technical lead within the Nuclear Fuel Services Cyber Security team responsible for organizing and leading small projects, solving problems, and handling special assignments. The analyst will report directly to the ISSM and have security operations and compliance responsibilities assisting the ISSO and security engineer. This candidate will be required to frequently collaborate with other IT professionals, Security subject matter experts, and business process owners. The ideal candidate will be highly motivated, a good communicator, have leadership or project management experience, have a solid foundation of IT technical knowledge, and experience working in a regulated environment.
Performs risk assessments and tests of new technology platforms and leads the implementation of standard security configurations, ex: DISA STIG, CIS Benchmarks, etc., prior to production deployment.
Conducts cyber security reviews and tests to ensure that cyber security features and controls are functioning and effective.
Ensures that security controls for information system resources are based on the least privilege principle and develops alternative solutions to mitigate risk when the most desirable security controls cannot be fully implemented.
Develops technical documentation describing the deployment, configuration, and management of shared, networked, and multi-user information security systems.
Utilizes vulnerability assessment software and related tools to immediately highlight errors in systems configuration, the need for the update of software with fixes and patches, and other security related changes. Coordinates with IT Operations and Applications personnel on timely mitigation efforts of discovered vulnerabilities.
Identifies opportunities to improve security effectiveness and efficiency and leads the implementations of solutions to realize these opportunities.
Implement security controls for Operational Technology (OT) and work with business units to develop an appropriate security architecture that securely supports operational and compliance requirements.
Serves as an active member of the Cyber Security Incident Response Team (CSIRT) that is capable of directing first responders during event triage and performing advanced response actions for escalated events.
Reviews regulatory requirements documents, identifies compliance gaps, and designs solutions to close gaps. This may include the development or supporting the development of proposals estimating the resources needed to implement new regulatory requirements.
Review and interpret NRC requirements and support any NRC inquiries involving Cyber Security.
Secondary support of the ISSO may include updates to the System Security Plan (SSP) or other artifacts associated with Security Authorization Packages (SAP) in accordance with the NIST Risk Management Framework.
Secondary support of the security engineer utilizing and managing technical solutions supporting security operations, such as a Security Information and Event Management (SIEM) system, vulnerability management, patch management, antimalware, network access control, etc.
Regularly attends conferences, professional association meetings, and technical symposia to remain aware of the latest information security technological developments .
A minimum of a Bachelor’s degree in a related Information Technology field is required. Experience in project management, nuclear background, or NRC is preferred.
Must possess at least ten (10) years of related experience.
Prior relevant experience will include performing risk assessments, developing security plans, implementing DISA STIGs, and developing Standard Security Configuration Guides or similar technical products.
Must have a strong background in Operational Technology (OT) and be familiar with OT security guidance issued by the NSA, CISA, and NIST.
Must have experience and a working knowledge of the following: application security, security operations technical solutions and processes, Active Directory and Group Policy Objects, Microsoft Windows and Linux operating systems, and advanced cyber security toolkits.
Must have an understanding of open-source and other tools to assist in detection, prevention and analysis of security threats.
Must have excellent communications skills, especially technical report writing; candidates are encouraged to submit a sample of a technical report authored by the candidate.
Must hold or be able to obtain a relevant active information security certification, such as GICSP, CISSP, CISA, GCIH, OSCP, etc.
Must be able to maintain confidentiality when working with sensitive information.
Ability to obtain and maintain a DOE security clearance is required.
Must be a U.S. citizen with no dual citizenship.
Applicants selected will be subject to a Federal background investigation and must meet eligibility requirements for access to classified information or matter. Position requires U.S. citizenship with (no dual citizenship) ability to obtain and maintain a Department of Energy (DOE) security clearance which involves an extensive criminal and financial background investigation, drug test and previous employment reference verifications.
BWXT supports diversity and is committed to the concept of Equal Employment Opportunity. We have established procedures to ensure that all personnel actions such as recruitment, compensation, career development, benefits, company-sponsored training and social recreational programs are administered without regard to race, color, religion, gender, national origin, citizenship, age, disability or veteran status.