Cyber CISO, Consolidated Nuclear Security

R-00169322

Description

Leidos is seeking a Cyber Chief Information Security Officer (CISO) in Oak Ridge TN, to support a Leidos joint venture, Consolidated Nuclear Security, LLC (CNS). Remote work options are not available.

About CNS:   Leidos is a member company of the joint venture Consolidated Nuclear Security, LLC (CNS). CNS manages and operates the Y-12 National Security Complex in Tennessee under a single contract from the U.S. Department of Energy/NNSA. Y-12 helps ensure a safe and effective U.S. nuclear weapons deterrent by retrieving and storing nuclear materials, fueling the nation’s naval reactors, and performing complementary work for other government and private-sector entities. Y-12 is our nation’s Uranium Center of Excellence.

Must currently possess or be able to obtain/maintain a DOE Q clearance.

The Information Solutions and Services (IS&S) organization is dedicated to providing information services and technology that enable staff to be productively engaged in the NNSA nuclear security mission. The Chief Information Security Officer (CISO) will report to the Chief Information Officer (CIO) and is responsible for managing a broad range of complex cyber operations, risk management, and digital transformation enablement activities. This leadership role requires deep and current practical experience in cybersecurity and risk management. The CISO will implement the vision and strategic direction set by the Consolidated Nuclear Security (CNS), LLC Executive Leadership Team (ELT) and provide a full inventory of all authorization boundaries, risk identification, and mitigation strategies to the CIO and Authorizing Official. This position encompasses responsibility for Information Technology (IT), Operational Technologies (OT), Digital Transformation (DT), and Cybersecurity at the Y-12 National Security Complex (NSC) Site in Oak Ridge, TN.

Primary Duties and Responsibilities:

• Serve as the primary cybersecurity lead for CNS.
• Mature the NIST-based Risk Management Framework (RMF) action plan and integrate it into all information system authorization boundaries and Authorization to Operate (ATO) packages.
• Maintain a full inventory of all information system authorization boundaries and ATO packages with a proactive schedule to ensure all systems remain authorized and operational.
• Maintain liaison with other CISOs in the NNSA Nuclear Security Enterprise (NSE) and attend all virtual and physical meetings to ensure effective collaboration.
• Ensure the Deputy CISO, Authorization Manager, ISSOs, and ISSM positions are filled and maintain liaison and collaboration with the contractor Authorization Official Designated Representative (AODR) and AO.
• Ensure risk-balanced security measures are integrated into all site nuclear security systems, facilities, infrastructures, IT projects, OT projects, and activities.
• Maintain an understanding of current and emerging cyber threats and make recommendations for mitigation to the CIO and Authorizing Official.
• Lead the development, ongoing improvement, and maintenance of the Y-12 cybersecurity architecture.
• Collaborate with IS&S, DT&M, operations, and engineering managers to develop, implement, and operate an integrated Network Operations Center/Security Operations Center (NOC/SOC).
• Perform outreach to internal mission, business, and engineering leaders to facilitate innovative solutions, including support for digital engineering, digital transformation, and artificial intelligence, that balance cybersecurity risk and mission enablement.
• Maintain timely and effective communication with stakeholders to resolve cybersecurity issues, including the development and maintenance of employee cybersecurity training.
• Plan, prioritize, and coordinate assignments of cybersecurity staff to projects.
• Propose and provide input into IS&S architecture efforts to enhance detection, analysis, containment, and response.
• Manage compliance activities to support the contractor assurance program (e.g., patching and mitigation actions to resolve vulnerability scans).
• Establish cyber metrics to gauge program effectiveness and perform internal audits and assessments.
• Develop policies and procedures to ensure appropriate cyber controls and monitoring are in place to ensure the confidentiality, integrity, and availability of CNS and NNSA information.
• Maintain security log infrastructure to monitor, analyze, and respond to log anomalies. Conduct packet capture analysis and ensure the logging infrastructure is monitored for risks to CNS and NNSA information.
• Manage intrusion detection/prevention systems, maintain continuous monitoring systems, and provide timely network traffic analysis.
• Support the CIO and other cybersecurity personnel to ensure implementation of the cybersecurity program remains in compliance with DOE/NNSA and NIST requirements.
• Establish and maintain a strong external network of cyber contacts to ensure threat information and best practices are incorporated into the CNS cybersecurity program.
• Collaborate with external parties such as NNSA-IARC, DOE-CIRC, JC3, DHS, SS&ES, CI, intelligence organizations, and others to improve the CNS cyber program and security capabilities.
• Standardize, document, maintain, and automate cybersecurity processes for monitoring, analysis, and response to cyber incidents.
• Plan, prepare, and devise work plans to ensure cyber efforts are conducted within approved budget and schedule parameters while implementing IS&S project management processes.
• Monitor performance, ensure performance standards remain high, and document that risk management goals are accomplished.
• Maintain a strong understanding of mission needs and use cases to ensure risk management and cyber operations activities effectively support the CNS mission and program direction while managing risk in a balanced manner.
• Lead communications efforts with the Y-12 Field Office (YFO) federal customer on matters pertaining to cybersecurity and incident response.
• Hire and develop competent cybersecurity subject matter experts and retain critical cybersecurity skills on staff.
• Lead CNS responsibility for coordination of external cybersecurity audits and assessments.
• Ensure all CNS systems have an approved Authority to Operate (ATO) from the Y-12 AO.

Required Education & Experience:

• Bachelor’s degree in Computer Science, Computer Engineering, or related discipline, and at least 15 years of relevant technical experience and at least 5 years of supervisory experience.
• Specific experience in cyber operations and risk management, including:
  • Extensive experience with intrusion detection/prevention, log management and analysis, event monitoring, and incident response.
  • Extensive experience with network security.
  • Extensive experience with vulnerability scanning and mitigation.
  • Experience with establishing and maturing enterprise risk management frameworks.
  • Experience leading self-assessments and supporting external audit activities.
  • Ability to work semi-autonomously, with strong decision-making, time management, and customer service skills.
  • Familiarity with current application models, data analytics, cloud services, and mobility.
  • Familiarity with SIEM tools, next-generation firewalls, and behavioral analytics.
  • Strong written and oral communication skills.
  • Specific knowledge of federal cybersecurity and risk management requirements, with an emphasis on NIST Special  
  • Be on-site at Y-12, Monday-Friday during core business hours to support operational and management activities for cybersecurity.
  • Provide on-call support in the event of an operational or cybersecurity incident.
  • Travel (expected to be no more than 10 weeks per year) to off-site locations to support DOE/NNSA mission requirements.

At Leidos, we don’t want someone who "fits the mold"—we want someone who melts it down and builds something better. This is a role for the restless, the over-caffeinated, the ones who ask, “what’s next?” before the dust settles on “what’s now.”

If you’re already scheming step 20 while everyone else is still debating step 2… good. You’ll fit right in.
Original Posting: October 23, 2025

For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range: Pay Range $148,850.00 - $269,075.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.