Cloud Cyber Security Analyst

Cloud Cyber Security Analyst

US-NJ-Princeton

Job ID: 2023-16421
Type: Full-Time
# of Openings: 1
Category: Information Technology

Princeton University

Overview

PPPL seeks a Cloud Cyber Security Analyst to assess and enhance the cyber security of existing and future commercial off the shelf cloud-based information technology systems used in support of its research and operations mission. The successful candidate will assist in the design and build of cloud security architectures, ensuring security is a core part of the design and development of the organization cloud solutions.

A proud U.S. Department of Energy National Laboratory managed by Princeton University, Princeton Plasma Physics Laboratory (PPPL) is a longstanding leader in the science and innovation behind the development of fusion energy — a clean, safe, and virtually limitless energy source. With an eye on the future and in response to national priorities, PPPL also has begun a strategic shift from a singular focus on fusion energy to a multi-focus approach that includes microelectronics, quantum information science, and sustainability science. Whether it be through science, engineering, technology or professional services, every team member has an opportunity to make their mark on our world. PPPL aims to attract and support people with a rich variety of backgrounds, interests, experiences, and cultural viewpoints. We are committed to equity, diversity, inclusion and accessibility and believe that each member of our team contributes to our scientific mission in their own unique way. Come join us!

Responsibilities

The PPPL cyber security program is responsible for enabling the science mission by protecting the confidentiality, integrity, and availability of information and information systems using a risk management approach. PPPL seeks a qualified candidate to join the cyber security team as a Cloud Cyber Security Analyst. This individual will work with cyber staff and other stakeholders to design, develop, assess, and maintain administrative and technical cyber security controls for cloud-based information technology systems.

Core Duties:

• Perform periodic cyber security control assessments of IT cloud systems, identify potential risks and gaps, and make recommendations and implement cloud security improvements based on industry standards and best practices (65%).
• Perform Cyber Security Impact Assessments and Risk Assessments for new and existing cloud systems, determine security posture and viability for organizational use, and make recommendations for cloud security architectures and controls (20%).
• Provide support for the internal Information Security Continuous Monitoring Program for authorization to operate and ongoing authorization approvals for cloud-based IT systems (10%).
• Assist with cyber security audits and assessments of cloud systems including programmatic reviews and management of corrective action plans, other duties as assigned (5%).

Qualifications

Education and Experience:

• BA/BS degree in Cyber Security or a BA/BS degree preferably in a technical field such as computer science, information technology, or computer engineering.
• 5+ years’ experience in Information Technology, Cyber Security, or a related field.
• 1-2 years’ experience implementing or supporting cloud-based cyber security.
• Experience working in a US Government environment is desirable.

Knowledge, Skills and Abilities:

• Understanding and familiarity with cloud architectures (e.g. SaaS, PaaS), common commercial cloud systems (e.g. Google Workspace, Microsoft 365, AWS, Oracle) and cloud security solutions (e.g. Cloud Access Security Broker, Multi-factor Authentication, Zero Trust Architecture).

• Knowledge of common cyber security technical controls and their application to cloud systems, such as access control, audit and accountability, configuration management, identification and authentication, system and communication protection, and system and information integrity.

• Understanding of US Government cyber security standards and methodologies including FISMA, the NIST Cyber Security Framework, NIST 800-37 Risk Management Framework, NIST 800-53 Cyber Security Controls, and the Federal Risk and Authorization Management Program (FedRAMP).

• Knowledge of other common industry cyber security standards and organizational best practices.

• Knowledge of current cyber security threats and vulnerabilities.

• Understanding of basic information technology concepts, systems, and network architecture.

• Proven success in contributing to a team-oriented environment.

• Proven ability to work creatively and analytically in a problem-solving environment.

• Excellent communication (written and oral) and interpersonal skills.

• Experience with use of standard document management and editing software such as Google Workspace tools and Microsoft Office 365 (Word, Excel, PowerPoint).

Certificates and Licenses:

• Current CISA or CISSP certification, or equivalent experience desired.

Working Conditions:

• Ability to work in a remote capacity if required by organizational policy.
• Ability to achieve and maintain a US Government security clearance.

Princeton University is an Equal Opportunity/Affirmative Action Employer and all qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity or expression, national origin, disability status, protected veteran status, or any other characteristic protected by law. KNOW YOUR RIGHTS

Please be aware that the Department of Energy (DOE) prohibits DOE employees and contractors from participation in certain foreign government talent recruitment programs. All PPPL employees are required to disclose any participation in a foreign government talent recruitment program and may be required to withdraw from such programs to remain employed under the DOE Contract.

PI211693627