TITLE PERM Nuclear Security Analyst (Encryption, End Point Forensics, Pen Testing, ingressegress, Malware, Risk Assessments) LOCATION Corvallis, OR DURATION PERM POSITION SUMMARY The Information Security Analyst 3 will work on all aspects of information security at TEG Client. The position is responsible for securing information in all its forms and reducing risk as it relates to TEG Client's data, facilities, and personnel through the deployment and operation of security tools and processes. This includes architecture, policy, operations, development, training, and incident response. Is a senior technical escalation resource and liaison for client support teams dealing with endpoint, networking, and security issues. ESSENTIAL DUTIES AND RESPONSIBILITIES Acts as a contact for escalations from client support for security-related issues and leads problem resolution. Leads the deployment and support of existing client programs where there is a security nexus. Ensures that security architectural and hardware changes do not introduce risk or adversely impact network and client support operations. Collaborates across the IT organization to ensure the needs of relevant stakeholders are addressed and participates in organization-wide projects. Monitors advanced security tools and analyzes data to detect and prevent possible breaches. Prepare reports as needed on security incidents develop, lead, and implement remediation responses. Maintains the physical security and badging systems to protect TEG Client local and remote resources. Conducts vulnerability testing to detect problems with TEG Client networks and systems. Reports results to operations teams and advises on the remediation and possible impact. Serves on the TEG Client Incident Response team to quickly identify, contain, analyze, remediate, and document security incidents. Remote support and on-call hours may be required on a rotational basis. Continuously improve information security at TEG Client through research, testing, and implementation of new technologies, tools, and improvements to existing tools, processes, or designs makes recommendations to the Information Security Manager. Performs other duties as assigned. CORE COMPETENCIES To perform the job successfully, the individual should demonstrate competencies in performing the essential functions of this position by performing satisfactorily in each of these competencies. Problem solving Identifies and resolves a diverse range of moderately complex problems in a timely manner, gathers and reviews information appropriately. Exercises judgment within company policies and practices seeks input from other team members as appropriate for complex or sensitive situations. Oralwritten communication Listens carefully and speaks clearly and professionally in all situations. Edits work for accuracy and clarity, Is able to create, read and interpret complex written information. Ability to build productive relationships with senior internal and external personnel in own area of expertise. Planningorganizing Prioritizes and plans work activities, organizes personal and project timelines and deadlines, tracks project timelines and deadlines, and uses time efficiently. Adaptability Adapts to changes in the work environment, manages competing demands and is able to deal with frequent interruptions, changes, delays, or unexpected events. Dependability Consistently on time and at work, responds to management expectations and solicits feedback to improve performance. Team Building Capable of developing strong interpersonal networks and trust within the organization. Leads consensus by involving all stakeholders, facilitating their understanding of differences, agreeing on requirements and constraints, and developing the best solution. Safety Culture Adheres to the TEG Client Safety culture and is expected to model safe behavior and influence peers to meet high standards. MINIMUM SKILLS, QUALIFICATIONS AND ABILITIES Education A minimum of a B.S. degree in Computer Science or other technical degree from a four year accredited collegeuniversity or 8 years related experience in lieu of degree. A CISSP or GSEC certification count as three years of experience. A security related certification (CISSP, GSEC, DoDD 8570, or similar) is required for this position. Experience A minimum of 5 years experience in complex IT environments or 8 years' experience if no degree. This includes direct experience facilitating company-wide security strategy and policy. Direct experience facilitating design, implementation and auditing of security controls to meet company strategy. A good understanding of applicable security, regulatory and audit frameworks. Must have familiarity working in a highly regulated industry and blending those into a startup company s culture. The position requires very strong knowledge in the following areas as it relates to designing, implementing, supporting, and troubleshooting security incidents Microsoft and Linux operating systemsnetworking Encryption technologies and implementations Network devices, protocols, and sniffers Security tools and processes (pen testing tools, forensic tools, risk assessment, etc.) Strong understating of social engineering attacks Knowledge of MS Exchange and other network mail systems Blended attacks and advanced persistent threats Understanding of normal and abnormal ingress and egress network traffic Various ways malicious actors can hide malware, command and control traffic, and egress data Understanding of public key infrastructure Strong ability to do network and end point forensics including live RAM and disk systems Scripting or programming (example Powershell, Bash, BAT, VB Script, C, ASP.Net, etc.) Preferred skills and background in the following areas DoDD 8140 (DoDD 8570) SEC501 Advanced Security Essentials - Enterprise Defender (GCED) SEC503 Intrusion Detection In-Depth (GCIA) SEC504 Hacker Tools, Techniques, Exploits, and Incident Handling (GCIH) SEC560 Network Penetration Testing and Ethical Hacking (GPEN) Cyber Supply Chain Risk Management (C-SCRM) NIST 800-53 Security and Privacy Controls for Federal Information Systems and Organizations Industry Requirements Eligible to work under Department of Energy 10 CFR Part 810. Needs to have a strong understanding of information and cyber security as it relates to a RD company in a heavily regulated space. Quality Assurance Demonstrated understanding and implementation of quality assurance regulations, standards and guidelines of 10 CFR 50 Appendix B, 10 CFR 21, and NQA-1 preferred.