Nuclear Fuel Services Cyber Security Engineer in Lynchburg, Virginia
At BWX Technologies, Inc. (NYSE: BWXT), we are People Strong, Innovation Driven. H eadquartered in Lynchburg, Va., BWXT provides safe and effective nuclear solutions for national security, clean energy, environmental remediation, nuclear medicine and space exploration. With approximately 6,400 employees, BWXT has 12 major operating sites in the U.S. and Canada. We are the sole manufacturer of naval nuclear reactors for U.S. submarines and aircraft carriers. Our company supplies precision manufactured components, services and fuel for the commercial nuclear power industry across four continents. Our joint ventures provide environmental remediation and nuclear operations management at more than a dozen U.S. Department of Energy and NASA facilities. BWXT’s technology is driving advances in medical radioisotope production in North America and microreactors for various defense and space applications. Follow us on Twitter at @BWXTech and learn more at www.bwxt.com.
BWXT is currently seeking a Cyber Security Engineer based at its Lynchburg, VA or Barberton, OH location.
T he Cyber Security Engineer will be responsible for proactively monitoring event sources for anomalies and developing creative ways to leverage technology, driving the "leg work" to accomplish high priority security objectives, conducting vulnerability assessments, validating the current understanding of the information systems, incident response activities, and being an all-star problem solver. The candidate will report directly to the Manager, Cyber Security Operations.
Provides technical assistance with the initial set-up, secure deployment, and proper management of systems that support information security including virus detection, application whitelisting, centralized logging, secure email gateways, data loss prevention, web content filtering, intrusion detection systems, and intrusion prevention systems.
Offers technical information security consulting services to support business initiatives that require risk assessments of technology solutions, including Software as a Service (SaaS), web-based applications, custom internally developed applications, and COTS solutions.
Evaluates information system bug reports, threat intelligence, security exploit reports, and other information security notices issued by information system vendors, government agencies, universities, professional associations, and other organizations, and as needed, makes recommendations to internal management and technical staff to take precautionary steps.
Performs risk assessments and tests of new technology platforms and leads the development of Standard Security Configuration Guides for these systems prior to production deployment.
Utilizes vulnerability assessment software and related tools to immediately highlight errors in systems configuration, the need for the update of software with fixes and patches, and other security related changes.
Acts as a technical consultant on information security incident investigations and performs digital forensic analysis of evidence files and malware samples.
Mentors junior team members in information security fundamentals, skills, and practices to assist in their career development.
Performs administration of the centralized logging platform, maintains system integrity, installs applications, develops custom dashboards to monitor security status of the environment, and produces periodic reports of key performance indicators and key risk indicators to support Cyber Security metrics at the executive and operational levels.
Redesigns and reengineers internal information handling processes so that information is appropriately protected from a wide variety of problems including unauthorized disclosure, unauthorized use, inappropriate modification, premature deletion, and unavailability.
Serves as an active member of the Cyber Security Incident Response Team (CSIRT) and participates in security incident response efforts by directing first responders to triage an event and performing advanced response actions for escalated events.
Develops technical documentation describing the deployment, configuration, and management of shared, networked, and multi-user information security systems.
Supports awareness training of the workforce on information security standards, policies, and best practices.
Regularly attends conferences, professional association meetings, and technical symposia to remain aware of the latest information security technological developments.
A Bachelor’s degree in a related field is preferred. Applicable work experience may be substituted.
Must have a minimum of 10 years of experience in IT, performing risk assessments, developing security plans, and developing Standard Security Configuration Guides or similar technical products.
Candidate must have advanced technical skills and experience with the following: Splunk administration, network intrusion detection system (IDS) administration, Active Directory and Group Policy Objects, Anti-virus administration consoles, Data Loss Prevention (DLP) systems, Microsoft Windows operating systems, Linux operating systems and advanced cyber security toolkits, malware analysis, penetration testing, and digital forensics tools.
Must have an understanding of open-source and other tools to assist in detection, prevention and analysis of security threats.
Must have a working knowledge of system functions, cyber security policies, and cyber security protection requirements.
Must have excellent communications skills, especially technical report writing; candidates are encouraged to submit a sample of a technical report authored by the candidate.
One or more of the following certifications: GSEC, CEH, CISSP, CISA, GCIH, OSCP or other related certification.
Must be able to maintain confidentiality when working with sensitive information.
Ability to obtain and maintain a DOE security clearance is required.
Must be an U.S. citizen with no dual citizenship.
U.S. Citizenship, with no dual citizenship is required for this position.
Applicants selected will be subject to a Federal background investigation and must meet eligibility requirements for access to classified information or matter. Position requires U.S. citizenship with (no dual citizenship) ability to obtain and maintain a Department of Energy (DOE) security clearance which involves an extensive criminal and financial background investigation, drug test and previous employment reference verifications.
BWXT supports diversity and is committed to the concept of Equal Employment Opportunity. We have established procedures to ensure that all personnel actions such as recruitment, compensation, career development, benefits, company-sponsored training and social recreational programs are administered without regard to race, color, religion, gender, national origin, citizenship, age, disability or veteran status.