"Alerted.org

IT Security Analyst - CUI Program Lead

Job ID

6410

Location

SLAC - Menlo Park, CA

Full-Time

Regular

SLAC Job Postings

Position overview:

SLAC National Accelerator Laboratory¿s Information Technology Division is seeking a skilled IT Cyber Security Analyst to serve as the Controlled Unclassified Information (CUI) Program Lead. In this critical role within our diverse cybersecurity team, you will report directly to the Deputy Chief Information Security Officer (D-CISO) and operate within the Cyber Security Compliance department. Team members are dedicated to safeguarding SLAC's networks against cyber threats by continuously monitoring for security anomalies, performing detailed security assessments, updating system security plans and effectively balancing security protocols with organizational objectives and requirements.

As the CUI Program Lead, you will be responsible for leading the implementation, oversight, and ongoing enhancement of SLAC¿s CUI compliance program. Your primary objective will be to ensure compliance with all applicable federal regulations and institutional policies related to the protection of Controlled Unclassified Information. You will apply a comprehensive technical skillset, including conducting NIST 800-53 compliance security assessments, cloud cyber security evaluations, and assisting in responding to audits and federal data calls. In addition, you will help conduct in-depth information risk assessments and verify the effectiveness of security controls. A component of your duties will include assisting in maintaining accurate and current security documentation, such as System Security Plans (SSPs), to reflect SLAC¿s current security posture. To excel in this role, you must have experience with industry-leading cybersecurity tools, including vulnerability scanners (Nessus, Qualys), intrusion detection systems, enterprise firewalls (Cisco, Palo Alto Networks), and Security Information and Event Management (SIEM) platforms like Splunk. Proficiency in cloud application security assessment is desired. This role requires a deep understanding of federal cybersecurity standards related to CUI, along with the ability to translate complex compliance requirements into actionable strategies and solutions. You will be instrumental in maintaining SLAC¿s secure and compliant environment for handling and protecting Controlled Unclassified Information.

_SLAC is a U.S. Department of Energy (DOE) laboratory operated by Stanford University and based in Menlo Park; CA._

Your specific responsibilities include:

+ Under general supervision, perform all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction.

+ Develop, maintain, and update SLAC¿s CUI policies and procedures in alignment with federal regulations and contractual requirements.

+ Serve as the primary point of contact for CUI related inquiries, audits and external assessments.

+ Design and deliver training and awareness program related to CUI handling requirements.

+ Conduct periodic review, assessments and self-audits to evaluate the effectiveness of the CUI program.

+ Coordinate and partner with internal stakeholders and external partners to ensure proper handling and protection of CUI.

+ Develop plans to safeguard computer configurations against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.

+ Perform cyber security risk and vulnerability assessments in accordance with FISMA requirements.

+ Assist with the testing of security controls and ensuring that System Security Plans (SSPs) are accurate and reflect the current security posture.

+ Assist in the design of secure system and network architectures including cloud solutions.

+ Assist local area in applying best practices in securing the data and information systems under their control.

+ Other duties may also be assigned.

To be successful in this position you will bring:

+ Bachelor's degree plus three years relevant experience, or a combination of education and relevant experience.

+ Demonstrated knowledge and understanding of Controlled Unclassified Information requirements and compliance mandates.

+ Demonstrated knowledge and understanding of IT security trends and emerging technologies and an ability to relate them to SLAC and its objectives.

+ Thorough and demonstrated knowledge of networking protocols, principles, and intrusion detection devices, including firewalls and VPNs.

+ Fundamental architecture and configuration knowledge of desktop, server and operating systems.

+ Solid understanding of security issues, techniques, and solutions.

+ Excellent written and verbal communication skills.

+ High level of integrity and excellence judgment concerning proprietary and privacy issues.

**Certificates and Licenses:** None

SLAC employee competencies:

+ Effective Decisions: Uses job knowledge and solid judgment to make quality decisions in a

+ timely manner.

+ Self-Development: Pursues a variety of venues and opportunities to continue learning and developing.

+ Dependability: Can be counted on to deliver results with a sense of personal responsibility for expected outcomes.

+ Initiative: Pursues work and interactions proactively with optimism, positive energy, and motivation to move things forward.

+ Adaptability: Flexes as needed when change occurs, maintains an open outlook while adjusting and accommodating changes.

+ Communication: Ensures effective information flow to various audiences and creates and delivers clear, appropriate written, spoken, presented messages

+ Relationships: Builds relationships to foster trust, collaboration, and a positive climate to achieve.

Physical requirements and Working conditions:

+ Consistent with its obligations under the law, the University will provide reasonable accommodation to any employee with a disability who requires accommodation to perform the essential functions of his or her job.

Work Standards:

+ Interpersonal Skills: Demonstrates the ability to work well with SLAC and Stanford colleagues and clients and with external organizations.

+ Promote Culture of Safety: Demonstrates commitment to personal responsibility and value for environment, safety and security; communicates related concerns; uses and promotes safe behaviors based on training and lessons learned. Meets the applicable roles and responsibilities as described in the ESH Manual, Chapter 1¿General Policy and Responsibilities: http://www-group.slac.stanford.edu/esh/eshmanual/pdfs/ESHch01.pdf

+ Subject to and expected to comply with all applicable University policies and procedures, including but not limited to the personnel policies and other policies found in the University's Administrative Guide, http://adminguide.stanford.edu

------

+ Classification Title: IT Security Analyst 2

+ Grade: I Job code: 4792

+ Duration: Regular continuing

The expected pay range for this position is $116,419 - $152,389 per annum. SLAC National Accelerator Laboratory/Stanford University provides pay ranges representing its good faith estimate of what the university reasonably expects to pay for a position. The pay offered to a selected candidate will be determined based on factors such as (but not limited to) the scope and responsibilities of the position, the qualifications of the selected candidate, departmental budget availability, internal equity, geographic location and external market pay for comparable jobs.

SLAC National Accelerator Laboratory is an Affirmative Action / Equal Opportunity Employer and supports diversity in the workplace. All employment decisions are made without regard to race, color, religion, sex, national origin, age, disability, veteran status, marital or family status, sexual orientation, gender identity, or genetic information. All staff at SLAC National Accelerator Laboratory must be able to demonstrate the legal right to work in the United States. SLAC is an E-Verify employer.