Principal Software Security Engineer (Principal Cyber Security Analyst)

ORAU
Las Vegas, NV Full Time
POSTED ON 10/31/2022 CLOSED ON 11/1/2022

Job Posting for Principal Software Security Engineer (Principal Cyber Security Analyst) at ORAU

Overview

Oak Ridge Associated Universities (ORAU) is seeking an experienced Principal Software Security Engineer (Principal Cyber Security Analyst) to support the Nevada National Security Site (NNSS) in Las Vegas, Nevada.

 

Located in a remote, highly secure area of southern Nevada, the NNSS is a premier outdoor, indoor, and underground national laboratory. It is a preferred location for experiments supporting the US Department of Energy’s (DOE) National Nuclear Security Administration (NNSA)’s nuclear weapons Stockpile Stewardship Programs, national defense programs, and national security research, development, and training programs, as well as vital programs of other federal agencies.

 

About NNSS: Click Here for NNSS

Responsibilities

What Your Job Will Be Like

Mission Support and Test Services, LLC (MSTS) manages and operates the Nevada National Security Site (NNSS) for the U.S. National Nuclear Security Administration (NNSA). 

 

About MSTS: Click Here for MSTS

 

Our MISSION is to help ensure the security of the United States and its allies by providing high-hazard experimentation and incident response capabilities through operations, engineering, education, field, and integration services and by acting as environmental stewards to the Site’s Cold War legacy.

 

The Cyber Security department is seeking a highly qualified candidate to take our software security practices to the next level. The selected candidate will be responsible for the following:

 

Key Responsibilities:

  • Implementing, testing and operating advanced software security in compliance with federal security requirements.
  • Performing on-going security testing and code review to improve software security.
  • Providing engineering designs for new software applications to help mitigate security vulnerabilities.
  • Automate application scanning and vulnerability assessment processes to support CI/CD releases.
  • Validating identified security issues within applications and recommend fixes.
  • Training team members on secure coding practices.
  • Maintaining technical documentation.
  • Assisting in researching, compiling, and analyzing technical data.
  • Performing Security Test and Evaluations of information systems in support of a security plan.
  • Writing complex information system security plans (ISSPs) for classified and unclassified systems.
  • Completing certification and accreditation of information systems on unclassified and classified networks, assists with the completion and mitigation of security testing and evaluations results, and is a resource for MSTS and other NvE enterprises for the C&A process.
  • Reviewing purchase requests for technology items and provides input to senior level Cyber Security staff regarding the risk associated with purchases.
  • Assisting the ISSM and ISSOs with the execution of their assigned duties, acts as a liaison between the ISSM and other ISSOs, and provides training to ISSOs about their Cyber Security role.
  • Reviewing current Cyber Security threat information and assists the Threat Evaluation Team with mitigating vulnerabilities identified
  • Assisting with data calls, FISMA reporting, compliance scanning and reporting, continuous monitoring and compiling reports for auditors. 
  • Providing training in Cyber Security to non-technical and technical individuals.
  • Participate in business development by defining customer needs, developing proposals and planning projects that will produce results meeting customer
  • Utilizing existing or develops new standards, practices and procedures as well as an increasing technical knowledge to solve problems and complete projects
  • Contribute to an overall productive and respectful work environment by providing excellent customer service and working in a positive, collegial manner at all times. Maintains cooperative and respectful working relationships with Cyber Security Staff, other divisions, and other customers.

Qualifications

Qualifications We Require:

Due to the nature of our work, US Citizenship is required for all positions.

  • Bachelor’s degree in a computer related field or equivalent training and experience and at least 8 years of related experience.
  • Detailed technical knowledge of techniques, standards and state-of-the-art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation.
  • Adequate knowledge of web related technologies (web applications, web services and service-oriented architectures) and of network/web related protocols.
  • Strong understanding of secure web application design principles and frameworks such as OWASP.
  • Experience with software development security scanning tools such as static and dynamic analysis.
  • Experience with containerization security practices preferred.
  • Experience with scripting or code development using the following languages: C#, Node.js, Java, jQuery, .Net, ASP.Net, Cold Fusion, SQL, PHP, and HTML preferred.
  • Experience working with developers and development groups.
  • Experience in code review process.
  • Experience with SCA (Software Composition Analysis) tools.
  • Experience in Open-Source component review and Software Bill of Materials (BOM)
  • In depth knowledge of the most advanced Cyber Security principles, protocols, concepts and theories in a broad range of disciplines.
  • Ability to integrate work of specialized personnel to produce the desired results.
  • Knowledge of network-based services and client/server applications, familiarity with intrusion detection systems, familiarity with network architecture and security infrastructure placement. 
  • Knowledge of Cyber Security vulnerabilities, mitigation strategies, network architecture, and how to apply security controls.
  • Ability to analyze network traffic, identify misconfigurations of information systems and networks, troubleshoot security appliances, independently identify network and host security vulnerabilities.
  • Understand the Windows operating system and command line tools, network protocols, and TCP/IP fundamentals.
  • Ability to maintain strict confidentiality.
  • Ability to communicate effectively in English, both verbally and in writing, to communicate with co-workers, customers, testify, write clear and concise reports, gather information, and collect information. 
  • Ability to articulate highly technical processes and information to a non-technical audience.
  • Preferred additional qualifications:
    • GIAC Certified Web Application Defender (GWEB)
    • GIAC Web Application Penetration Tester (GWAPT)
    • GIAC Python Web Coder (GPYC)
    • GIAC Security Essentials (GSEC)
    • Certified Information Systems Security Professional (CISSP)
  • The primary work location will be at the Losee Road facility in North Las Vegas, Nevada.
  • Personnel may be requested by leadership to work more than 40 hours per week due to projects, activities, and emergences; critical operational demands may occasionally require off-shift work
  • Pre-placement physical examination, which includes a drug screen, is required. MSTS maintains a substance abuse policy that includes random drug testing.
  • Must possess a valid driver's license.

Other Details: Ability to obtain a HSPD-12 Personal Identity Verification credential under the Department of Energy Order 206.2, ‘Identity, Credential, and Access Management,’ and Supplemental Directive NNSA SD 206.2, ‘Implementation of Personal Identity Verification for Uncleared Contractors.’

 

ABOUT MSTS: Our VISION is to be the user site of choice for large-scale, high-hazard, national security experimentation, with premier facilities and capabilities below ground, on the ground, and in the air.

Our 2,750 professional, craft, and support employees are called upon to innovate, collaborate, and deliver on some of the more difficult nuclear security challenges facing the world today.  In this environment, the best ideas need to be voiced and every opinion matters.  As such, MSTS places great value on Diversity, Equity, and Inclusion and is committed to a diverse and equitable workforce, with an inclusive culture that values and celebrates the diversity of our people, talents, ideas, and perspectives.

 

MSTS offers our full-time employees highly competitive salaries and benefits packages including medical, dental, and vision; both a pension and a 401k; paid time off and 96 hours of paid holidays; relocation (if located more than 75 miles from work location); tuition assistance and reimbursement; and more. 

 

MSTS is a limited liability company consisting of Honeywell International Inc. (Honeywell), Jacobs Engineering Group Inc. (Jacobs), and HII Nuclear Inc.

 

NNSS COVID-19: https://www.nnss.gov/pages/nfo/WorkingForMSTS.html

 

Background Check Drug Screening Information:  MSTS is required by Department of Energy (DOE) directive to conduct a pre-employment drug test and background review that includes checks of personal references, credit, law enforcement records, and employment/education verifications. Applicants offered employment with MSTS are also subject to a federal background investigation to meet the requirements for access to classified information or matter if the duties of the position require a DOE security clearance. Substance abuse or illegal drug use, falsification of information, criminal activity, serious misconduct or other indicators of untrustworthiness can cause a clearance to be denied or terminated by DOE, resulting in the inability to perform the duties assigned and subsequent termination of employment.

 

In addition, Applicants for employment must be able to obtain and maintain a DOE Q-level security clearance, which requires U.S. citizenship, at least 18 years of age. Reference  DOE Order 472.2 , “Personnel Security”. If you hold more than one citizenship (i.e., of the U.S. and another country), your ability to obtain a security clearance may be impacted.

 

Department of Energy Q Level Security Clearance: Reviews and tests for the absence of any illegal drug as defined in  10 CFR Part 707.4 , “Workplace Substance Abuse Programs at DOE Sites,” will be conducted.  Applicant selected will be subject to a federal background investigation, required to participate in subsequent reinvestigations, and must meet the eligibility requirements for access to classified matter. Successful completion of a counterintelligence evaluation, which may include a counterintelligence-scope polygraph examination, may also be required. Reference  10 CFR Part 709 , “Counterintelligence Evaluation Program.”

 

EEO: MSTS is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or other characteristics protected by law. MSTS is a background screening, drug-free workplace.

Senior Cyber Security Architect
Criterion Systems, Inc. -
Las Vegas, NV
Junior Cyber Security Analyst
linktech -
Las Vegas, NV
ARMED Security
Reliance Security -
Las Vegas, NV

Popular Search Topics

Salary.com Estimation for Principal Software Security Engineer (Principal Cyber Security Analyst) in Las Vegas, NV
$104,878 to $136,180
If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Sign up to receive alerts about other jobs with skills like those required for the Principal Software Security Engineer (Principal Cyber Security Analyst).

Click the checkbox next to the jobs that you are interested in.

  • Bug/Defect Analysis Skill

    • Income Estimation: $88,787 - $118,392
    • Income Estimation: $94,270 - $123,921
  • Disaster Recovery Planning Skill

    • Income Estimation: $109,587 - $140,412
    • Income Estimation: $126,114 - $170,255
This job has expired.

Job openings at ORAU

ORAU
Hired Organization Address Forrest, GA Other
Overview Appointment Type: Full-Time Regular A (FTR-A) Location: Ft. Gillem, GA (& OCONUS) *Salary Range: $68,099.20 - $...
ORAU
Hired Organization Address Oak Ridge, TN Full Time
Overview: APPOINTMENT TYPE: Full-Time Regular (FTR) LOCATION: Oak Ridge, TN or Remote (US Based Locations) SALARY RANGE:...
ORAU
Hired Organization Address Washington, DC Full Time
Overview The EPA National Student Services Contract has openings for full time positions available in multiple disciplin...
ORAU
Hired Organization Address Washington, DC Full Time
Overview The EPA National Student Services Contract has an immediate opening for a full time Scientific Communications G...

Not the job you're looking for? Here are some other Principal Software Security Engineer (Principal Cyber Security Analyst) jobs in the Las Vegas, NV area that may be a better fit.

Cyber Security Engineer

Global C2 Integration Technologies, Las Vegas, NV

Principal Engineer-Substations

APN Software Services, Inc, Las Vegas, NV