X-energy LLC conducts a thorough recruiting process and will never issue offers without interview to discuss qualifications and responsibilities. All applications will be submitted via our company career page, www.x-energy.com/careers/ . We will never ask you to provide payment information as part of the recruiting process. If anyone claiming to represent X-energy directs you in a manner otherwise, please contact us at www.x-energy.com/contact-us .
JOB DESCRIPTION
X-energy is looking for experienced professionals to join our Cyber Security team in the role of Plant Cyber Security Engineer. This position leads the development and execution of cyber security engineering strategies and activities in support of plant design and engineering teams. This role integrates the cyber security philosophy into the design of plant information and operational technology systems and is responsible for implementation and assessment of cyber security systems, supports the cyber security assessments of Xe-100 systems, and recommends solutions to cyber security issues.
Job Profile Tasks/Responsibilities
- Lead the execution of the core tasks and responsibilities listed in the Job Profile Task/Responsibilities without close supervision and extensive latitude for independent judgment.
- Lead strategic security relationships between internal resources and external entities to fully secure information, computer, network, and processing systems, including government, customers, vendors, and partner organizations.
- Apply industry expertise to architect, develop, implement, maintain, and oversee cybersecurity tools and policies to protect X-energy business and plant operations information systems, including cloud governance and security.
- Provide advanced support to troubleshoot complex issues and architect new solutions.
- Lead advanced threat hunt operations using known adversary tactics, techniques, and procedures as well as indicators of attack to detect adversaries.
- Lead the development of threat intelligence to detect, respond, and defeat advanced persistent threats (APTs).
- Develop and produce reports on all activities and incidents to help maintain day-to-day status, develop, and report on trends, and provide focus and situational awareness on all issues.
- Identify and remediate control weaknesses.
- Review data with firewall administrators, engineering, system administrators, and other appropriate groups to determine the risk of security events.
- Perform complex (senior-level) information security analysis work.
- Develop and recommend plans to safeguard computer/server/network configurations and data files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
- Lead the performance and review of technical risk assessments and new and existing applications.
- Develop and implement systems and procedures to prevent, detect, contain, and correct data security breaches.
- Perform other duties as assigned by manager.
JOB PROFILE MINIMUM QUALIFICATIONS
- High school diploma required.
- Typically, 15 plus years of progressive experience in cybersecurity, network security, or related experience. Bachelor’s degree in related field from an accredited institution is preferred and will be credited as five years of relevant experience.
- Advanced certifications (e.g., CISSP, CISM) are preferred.
- Must have expert knowledge and experience managing cybersecurity tools such as NDR, EDR, and SIEM.
- Previous work experience with Splunk is preferred.
- Previous work experience with Azure and AWS is highly beneficial.
- Experience with nuclear cyber security regulations is highly desired (e.g. NEI 08-09; RG 5.71).
- One or more of the following qualifications is required: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC (Global Information Assurance Certification), Certified Incident Handler GCIH, GIAC Certified Penetration Tester (GPEN), Global Industrial Cybersecurity Professional (GICSP) or equivalent.
- Experience with industrial control systems and operational technology is highly desired.
- Identity and Access Management technologies including Federation, Multi-Factor Authentication (MFA), and Public Key Infrastructure (PKI).
- Cloud technologies to include AWS, Azure, Docker, Kubernetes, and DevSecOps.
- Networking, Firewall, and software-defined networking.
- Integration of cybersecurity tools to support an Enterprise level Cybersecurity program.
- Leveraging Artificial Intelligence (AI), Machine Learning (ML), and Orchestration to secure the environment.
Location: 530 Gaither Road, Rockville, MD (remote work available for non-local applications)
Travel Expectations: 10% (as needed for project assignment)
Hours: Standard office hours are 8:00am ET to 5:00pm ET, Monday -Friday
Linked-in
Google