Common Controls, Cyber Security Engineer Federal

Seeking a motivated entry-level Cyber Security Professional to support the implementation and maintenance of NIST Risk Management Framework (RMF) requirements and common control boundaries across our enterprise. This role is an excellent opportunity for early ‑ career professionals who enjoy research, structured writing, and learning new cybersecurity disciplines. The successful candidate will work closely with experienced cybersecurity staff and receive mentorship in Department of Energy (DOE) to include National Nuclear Security Administration (NNSA) and Environmental Management (EM) cybersecurity policies, standards, and governance processes. Additional Duties Assist in developing, documenting, and maintaining common control implementations and associated artifacts. Support activities related to the

NIST RMF

lifecycle, including categorization, control selection, implementation, assessment, authorization, and continuous monitoring. Conduct in-depth research on cybersecurity policies, NIST guidance, DOE/NNSA directives, and industry best practices. Prepare and update security documentation such as control implementation summaries, procedures, and system security artifacts. Collaborate with senior cybersecurity staff to ensure consistent application of cybersecurity requirements. Participate in internal assessments, gap analyses, and compliance reviews. Additional Education Bachelor s degree in any field (degree does not need to be in cybersecurity although a degree related to Information Technology is desired). Additional Experience Qualifications Knowledge of basic cybersecurity protections, principles, or frameworks. (Required) Knowledge of basic computer and networking concepts, principles, and practices. (Required) Strong written communication and composition abilities. (Required) Demonstrated willingness to learn complex cybersecurity requirements and regulatory environments. (Required) Ability to work on-site with limited teleworking options. (Required) Strong research and analytical skills. (Required) Exposure to NIST SP 800-series guidance or the Risk Management Framework. (preferred) Experience supporting cyber security concepts such as categorization, control selection, implementation, assessment, authorization, and continuous monitoring (preferred) Familiarity with governance, compliance, or technical documentation. (preferred)