Overview:
At PNNL, our core capabilities are divided among major departments that we refer to as Directorates within the Lab, focused on a specific area of scientific research or other function, with its own leadership team and dedicated budget.
Our directorates related to Mission Support & Operations include Office of General Counsel, Business Services, Communications and External Engagement, Operational Systems, Communications and Information Technology, and Performance Management.
At PNNL, our Computing and Information Technology organization is redefining how we work and innovate by reimagining the digital workplace. We empower research and streamline operations—making both faster, smarter, and more efficient—so our professionals can tackle some of the world’s toughest challenges in science, energy, and national security. Our experts in AI, cybersecurity, design, and engineering work side by side, using real-time insights and human-centered design to break down barriers. Ready to make your mark on tomorrow? Come work with us.
The Cybersecurity & DigitalOps Division governs, secures, manages, and supports the core computing infrastructure and services at PNNL. We protect and defend PNNL’s infrastructure, data, and reputation from cyber adversaries and we influence, advance, and showcase cybersecurity research at PNNL through strong partnerships with our research groups. Our core infrastructure technology and services deliver rigorous, efficient, and operationally excellent services to the Laboratory, maximizing productivity and enabling employees to work anytime, anywhere.
Rockstar Rewards:

Employees and their families are offered medical insurance, dental insurance, vision insurance, health savings account, flexible spending accounts, basic life insurance, disability insurance, employee assistance program, business travel insurance, tuition assistance, supplemental parental bonding leave, surrogacy and adoption assistance, and fertility support. Employees are automatically enrolled in our company funded pension plan and may enroll in our 401k savings plan. Employees may accrue up to 120 vacation hours per year and may receive ten paid holidays per year.

• Research Associates excluded.

**Once eligibility requirements are met.
Click Here For Rockstar Rewards
Responsibilities:
PNNL’s Cybersecurity Group is looking for an experienced Information System Security Officer (ISSO) to join our team supporting the PNNL Cyber Governance team. You must be a cross-discipline and technical professional who can hit the ground running, quickly integrate, and assist your team in technical strategy keeping your team connected to PNNL’s mission and taking pride in ensuring sponsor information systems are operated securely.
As an ISSO, you will play a critical role in ensuring the confidentiality, integrity, and availability of PNNL’s information systems and data. You will work closely with stakeholders across PNNL to implement and maintain robust security measures in accordance with government regulations and organizational policies. PNNL’s ISSO’s take direction from the Information System Security Manager to enrich, document, and monitor PNNL’s cyber security program implementation plan, and ensures compliance with DOE management policies.

The selected candidate will work with a high degree of independence to execute their responsibilities for secure and efficient operations in accordance with pertinent (DOE and PNNL) procedures, requirements, and policies. The position works hand in hand with the ISSM to assist in assuring compliance with all applicable Executive Orders, Directives, and DOE procedures. Some of the specific duties include:

• Security Compliance: Drive consistency in our information assurance processes to ensure compliance with all relevant security regulations, policies, and procedures, including NIST SP 800-53, and other applicable standards. Participate in regular audits and assessments to identify and mitigate security vulnerabilities.
• Risk Management: Identify, assess, and prioritize security risks to information systems. Develop and implement risk mitigation strategies to safeguard sensitive data and prevent unauthorized access or disclosure.
• Security Architecture: Consult on the design, implementation, and maintenance of information systems architectures. Collaborate with system architects and engineers to integrate security controls and technologies into system designs.
• Security Monitoring: Utilize and monitor security tools and systems to verify compliance across the network.
• Security Training and Awareness: Provide security training and awareness programs to educate ISSOs and system users on security best practices and procedures. Promote a culture of security consciousness throughout the organization.
• Security Documentation and Reporting: Maintain accurate and up-to-date security documentation, including system security plans, risk assessments, and accreditation packages. Prepare and submit required security reports to government agencies as needed.
• Enable Research: Collaborate in developing novel solutions to cybersecurity challenges posed by innovative research in a highly secure environment.
• Monitors against authorized security control requirements and provides continuous monitoring assessments of the risk represented by system and application configurations or vulnerabilities.
• Leverages data sources to prevent, detect, respond and remediate internal and external attacks or attempts to gain unauthorized access to internal and/or external information, network, or data systems.
• Interprets, analyzes, and executes incident response actions for detected intrusion anomalies and events.
• Ensures all events and anomalies are investigated, documented and reported in accordance with established processes and procedures.
• Conducts system, network, or software vulnerability assessments and penetration testing in accordance with established processes and procedures.
• Manages and operates tools specific and necessary for cyber security operations functions. Conducts information risk assessments and supports compliance documentation and system accreditation requirements.
• Interacts with stakeholders and sponsors to ensure technical analyses and generated products are appropriately aligned with mission needs.
• Collaborates with other scientists in innovation efforts that support and further mission requirements.
• Prepares and presents technical and other reports and briefings.
• Performs assessments of open source reporting and situational awareness data feeds to ensure the security of internal and/or external information and technology systems.
• Analyzes cyber threat intelligence from various sources to inform and enable cyber response.
• Evaluates cyber threat indicators and system vulnerabilities and develops assessments, threat profiles and other cyber intelligence products.
• May conduct forensic acquisition and analysis activities in support of cyber intrusion or insider threat investigations.
• May interface with external entities including law enforcement, intelligence and other government organizations and agencies.

• Security Compliance: Drive consistency in our information assurance processes to ensure compliance with all relevant security regulations, policies, and procedures, including NIST SP 800-53, and other applicable standards. Participate in regular audits and assessments to identify and mitigate security vulnerabilities.
• Risk Management: Identify, assess, and prioritize security risks to information systems. Develop and implement risk mitigation strategies to safeguard sensitive data and prevent unauthorized access or disclosure.
• Security Architecture: Consult on the design, implementation, and maintenance of information systems architectures. Collaborate with system architects and engineers to integrate security controls and technologies into system designs.
• Security Monitoring: Utilize and monitor security tools and systems to verify compliance across the network.
• Security Training and Awareness: Provide security training and awareness programs to educate ISSOs and system users on security best practices and procedures. Promote a culture of security consciousness throughout the organization.
• Security Documentation and Reporting: Maintain accurate and up-to-date security documentation, including system security plans, risk assessments, and accreditation packages. Prepare and submit required security reports to government agencies as needed.
• Enable Research: Collaborate in developing novel solutions to cybersecurity challenges posed by innovative research in a highly secure environment.
• Monitors against authorized security control requirements and provides continuous monitoring assessments of the risk represented by system and application configurations or vulnerabilities.
• Leverages data sources to prevent, detect, respond and remediate internal and external attacks or attempts to gain unauthorized access to internal and/or external information, network, or data systems.
• Interprets, analyzes, and executes incident response actions for detected intrusion anomalies and events.
• Ensures all events and anomalies are investigated, documented and reported in accordance with established processes and procedures.
• Conducts system, network, or software vulnerability assessments and penetration testing in accordance with established processes and procedures.
• Manages and operates tools specific and necessary for cyber security operations functions. Conducts information risk assessments and supports compliance documentation and system accreditation requirements.
• Interacts with stakeholders and sponsors to ensure technical analyses and generated products are appropriately aligned with mission needs.
• Collaborates with other scientists in innovation efforts that support and further mission requirements.
• Prepares and presents technical and other reports and briefings.
• Performs assessments of open source reporting and situational awareness data feeds to ensure the security of internal and/or external information and technology systems.
• Analyzes cyber threat intelligence from various sources to inform and enable cyber response.
• Evaluates cyber threat indicators and system vulnerabilities and develops assessments, threat profiles and other cyber intelligence products.
• May conduct forensic acquisition and analysis activities in support of cyber intrusion or insider threat investigations.
• May interface with external entities including law enforcement, intelligence and other government organizations and agencies