Information Security Analyst 4

POSITION SUMMARY: The Information Security Analyst 4 will work on all aspects of information security at NuScale. The position is responsible for securing information in all its forms and reducing risk as it relates to NuScales data, facilities, and personnel through the deployment and operation of security tools and processes. This includes architecture, policy, operations, development, training, programmatic documentation, and incident response. This position is a senior technical escalation resource and liaison for client support teams dealing with endpoint, server, networking, and security issues. This position acts as a thought leader for the department.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Acts as a senior contact for security-related escalations and directs problem resolution.
• Leads the deployment and support of existing client programs where there is a security nexus.
• Provides architectural guidance for all aspects of the security program and develops security plans, policies, and procedures to enhance security posture and compliance.
• Collaborates across the IT organization to ensure the needs of relevant stakeholders are addressed and participates in organization-wide projects.
• Deploys advanced security tools and analyzes data to detect and prevent possible breaches. Prepare reports as needed on security incidents; develop, lead, and implement remediation responses.
• Conducts vulnerability testing to detect problems with NuScale networks and systems. Reports results to operations teams and advises on the remediation and possible impact.
• Serves on the NuScale Incident Response team to quickly identify, contain, analyze, remediate, and document security incidents.
• Remote support and on-call hours may be required on a rotational basis.
• Continuously improve information security at NuScale through research, testing, and implementation of new technologies, tools, and improvements to existing tools, processes, or designs; makes recommendations to management.
• Performs other duties as assigned.

CORE COMPETENCIES: To perform the job successfully, the individual should demonstrate competencies in performing the essential functions of this position by performing satisfactorily in each of these competencies.

• Problem solving: Identifies and resolves a diverse range of moderately complex problems in a timely manner, gathers and reviews information appropriately. Exercises judgment within company policies and practices; seeks input from other team members as appropriate for complex or sensitive situations.
• Oral/written communication: Listens carefully and speaks clearly and professionally in all situations. Edits work for accuracy and clarity, Is able to create, read and interpret complex written information. Ability to build productive relationships with senior internal and external personnel in own area of expertise.
• Planning/organizing: Prioritizes and plans work activities, organizes personal and project timelines and deadlines, tracks project timelines and deadlines, and uses time efficiently.
• Adaptability: Adapts to changes in the work environment, manages competing demands and is able to deal with frequent interruptions, changes, delays, or unexpected events.
• Dependability: Consistently on time and at work, responds to management expectations and solicits feedback to improve performance.
• Team Building: Capable of developing strong interpersonal networks and trust within the organization. Leads consensus by involving all stakeholders, facilitating their understanding of differences, agreeing on requirements and constraints, and developing the best solution.
• Safety Culture: Adheres to the NuScale Safety culture and is expected to model safe behavior and influence peers to meet high standards.
• Quality Assurance: Demonstrates understanding and implementation of quality assurance regulations, standards and guidelines of 10 CFR 50 Appendix B, 10 CFR 21, and ASME NQA-1.

MINIMUM SKILLS, QUALIFICATIONS AND ABILITIES:

• Education: A minimum of a B.S. degree in Computer Science or other technical degree from a four year accredited college/university or 8 years of specifically related experience in lieu of degree is required. A security related certification (CISSP, GSE, DoDD 8570, or similar) is required for this position.
• Experience: A minimum of 10 years of full-time working experience in complex IT environments is required. This includes direct experience facilitating company-wide security strategy and policy, direct experience facilitating design, implementation and auditing of security controls to meet company strategy, and demonstrated expertise in understanding applicable security, regulatory and audit frameworks. Must have familiarity working in a highly regulated industry. Experience working with startup organizations is desirable.
• • Required expertise in the following include:
  • • Microsoft and Linux operating systems/networking
    • Encryption technologies and implementations
    • Network devices, protocols, and sniffers
    • Security tools and processes (pen testing tools, forensic tools, risk assessment, etc.)
    • Strong understanding of social engineering attacks
    • Knowledge of MS Exchange and other network mail systems
    • Blended attacks and advanced persistent threats
    • Understanding of normal and abnormal ingress and egress network traffic
    • Various ways malicious actors can hide malware, command and control traffic, and egress data
    • Understanding of public key infrastructure
    • Scripting or programming (example: Powershell, Bash, BAT, VB Script, C#, ASP.Net, etc.)
  • Preferred skills and background include:
  • • DoDD 8140 (DoDD 8570)
    • SEC501: Advanced Security Essentials - Enterprise Defender (GCED)
    • SEC503: Intrusion Detection In-Depth (GCIA)
    • SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling (GCIH)
    • SEC560: Network Penetration Testing and Ethical Hacking (GPEN)
    • Industrial Controls experience
• Industry Requirements: Eligible to work under Department of Energy 10 CFR Part 810. Needs to have a strong understanding of information and cyber security as it relates to a R&D company in a heavily regulated space.

PHYSICAL DEMANDS: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Ability to understand and communicate clearly using a phone, personal interaction, and computers.
• Ability to learn new job functions and comprehend and understand new concepts quickly and apply them accurately in a rapidly evolving environment.
• The employee frequently is required; to sit and stand; walk; bend, use hands to operate office equipment; and reach with hands and arms. Ability to lift ten to fifteen pounds.
• Ability to travel locally using common forms of transportation.

NuScale Power, LLC is an equal opportunity employer and does not discriminate against otherwise qualified applicants on the basis of race, color, creed, religion, ancestry, age, sex, marital status, national origin, disability or handicap, or veteran status. Pay and Benefits:

The target pay range for this position is $124,531 - $150,138 annually. The full pay range is $111,531 - $174,446.

At NuScale, compensation decisions are determined using factors such as relevant job-related skills, full-time working experience, education and training, equity within the department.

For information on employee benefits, please visit our Careers Overview page: Employee Benefits | NuScale Power