Overview

Remote Cyber Security Expert

Be the Difference

Astrion offers comprehensive services that boost preparedness, optimize performance, and ensure success across various domains, from Cyber to Digital, Mission and Systems, servicing our nation's Civilian, Defense and Space communities. We support customers with Centers of Excellence in Washington DC, Huntsville, AL and Burlington, MA with an additional 36 locations across the U.S.

Astrion has an exciting opportunity for a Remote Cyber Security Expert for the NRC-CSRPDSS, supporting the Civilian Division.

This position will provide cyber security subject matter expertise to the NRC and their Cyber Security Program with regulating the nuclear energy sector promoting safety and security. The primary responsibility will be to support cyber security inspections at nuclear power plants across the country validating whether the licensees’ Cyber Security Program meets NRC’s 10 CFR 73.54, Protection of Digital Computer and Communications Systems and Networks, rule. These inspections are conducted onsite for one week and the remainder of the work will be performed remotely unless required otherwise. Travel is estimated up to 30% per calendar year. Additional responsibilities include providing support during the rulemaking process, revisions to regulatory guidance, and other associated cyber security related activities. The right candidate would understand the cyber security and the risk management frameworks, be able to independently interpret configuration files produced by network devices and other components, be able to independently evaluate network defensive architectures, threat detection, and mitigation strategies, and possess knowledge of TCP/IP and networking concepts with emphasis on cyber awareness.

JOB DETAILS

LOCATION: Rockville, MD

JOB STATUS: Full-Time

TRAVEL: 30%; Be willing and able to travel to the site for a full work week.

REQUIRED QUALIFICATIONS / SKILLS

• Bachelor’s degree in electrical engineering (Master’s degree preferred). Other technical degrees (e.g., Computer Information Technology or other engineering or technical degrees), other than a Bachelor’s degree in Electrical Engineering are acceptable, as long as persons filling this position have at least five years of work experience in cyber security.
• At least 5 years work experience in cyber security including operational technology security.
• The ability to obtain an NRC Security Clearance; US citizenship required
• Must have at least one advanced cyber security certification, such as CISSP, CEH, CISM, CISA, or CRISC and a PMP certification is preferred.
• Items that are absolutely necessary in order to be considered for the position

DESIRED QUALIFICATIONS / SKILLS

• Experience performing cyber security inspections on operational technology and/or performed audits or assessments based on a well-known cyber security framework (e.g., NIST 800-53, ISO 27001/ISO 27002, SOC2, HIPPA, COBIT) in the last five years
• Experience with the scanning and analysis of vulnerabilities and CVE concepts. Knowledge of independently interpreting configuration files produced by network devices and other components
• Experience independently evaluating network defensive architectures, threat detection, and mitigation strategies
• Knowledge of TCP/IP and networking concepts with emphasis on cyber awareness
• Experience working with a risk management framework (e.g., NIST SP 800-37, ERM framework, ISO 31000)
• Experience writing and evaluating technical reports and solicitations
• Be able to work with little supervision while on site
• Have a willingness to learn to develop inspection expertise. Have excellent verbal and writing skills
• Ability to work with a wide range of stakeholders and values teamwork
• Timeliness is crucial
• Experience performing cyber security inspections on industrial control systems (ICS) preferably in the nuclear industry in the last five years
• Familiarity with nuclear power reactor design, including the Westinghouse AP 1000 Pressurized Water Reactor
• Experience with NRC's Reactor Oversight Process (ROP) and regulatory requirements for nuclear power reactor cyber security programs (i.e., Title 10 CFR Part 73.54)
• Experience developing and delivering technical training in person and/or remote environments in the last five years
• Thorough understanding and implementation of federal cyber security frameworks
• Experience with the cyber analysis of ICS and/or SCADA
• Knowledge of interpreting configuration files produced by network devices and other components

RESPONSIBILITIES

• Provide cyber security subject matter expertise in the nuclear power industry including performing analysis and research, developing supporting documentation, providing technical input on NRC regulatory guides, and performing cyber security inspections
• Advise government inspectors and stakeholders on applying an approved cyber security framework
• Assist the Government in the identification of shortcomings, inconsistencies, and conflicts encountered during a cyber security evaluation of a public utility
• Make recommendations for improvements on Government cyber security practices, standards, and guidance while keeping informed of ongoing threats and vulnerabilities
• Assist government inspectors in the overall planning of information gathering logistics, technical reports, and execution plans
• Verbally express technical concepts to Government clients and stakeholders involved in enterprise security information forums
• Collaborate with other cyber analysts to create a unified method of assessment and analysis

What We Offer

• Competitive salaries
• Continuing education assistance
• Professional development allotment
• Multiple healthcare benefits packages
• 401K with employer matching
• Paid time off (PTO) along with a federally recognized holiday schedule

Who We Are

At Astrion, we innovate, elevate, and shape the world of tomorrow. At our core is our purpose to “Be the Difference”. This means we encourage our employees to take action and be the driving force for positive change. We foster an environment where innovative solutions flourish and our company continuously evolves.

We have a culture of care, empathy, and making a tangible difference within our organization and communities. We embrace continuous learning, growth, and innovation, and pushing the boundaries of what’s possible. We promote collaboration and empowering our teams is at the core of our success.

Join Astrion and Be the Difference in your career and the world!

Astrion is an Equal Employment Opportunity/Affirmative Action Employer. We provide equal employment opportunities to all employees and applicants for employment and prohibit discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.