Cyber Security Specialist/Engineer

Classification Title:

Cybersecurity Specialist/Engineer

Grade:

25 - 26

Requisition No.:

2630

Number of Positions:

1

Location:

Oak Ridge

Organization:

Information Technology

Department:

Information Technology

Project Assignment:

Posting Date:

01/07/2026

Closing Date:

01/21/2026

UCOR, a leading entity in environmental cleanup, is seeking a highly experienced and strategic Cybersecurity Specialist to join our critical information security team. This role is pivotal in safeguarding our extensive digital infrastructure and sensitive data, requiring a professional with a deep understanding of advanced cyber threats and robust defense mechanisms.

SUMMARY: The Cybersecurity Specialist is a principal contributor responsible for architecting, implementing, and optimizing comprehensive cybersecurity strategies. This role involves leading initiatives in vulnerability and patch management, advanced incident response, and sophisticated threat and risk analysis. The specialist will design and deploy cutting-edge security technologies, proactively identify and mitigate complex cyber-attacks, and provide expert guidance to protect organizational assets. This position requires a high degree of initiative, independent judgment, and the ability to operate effectively within complex, dynamic environments. The Cybersecurity Specialist will mentor junior staff and drive continuous improvement in UCOR's security posture.

PRINCIPAL RESPONSIBILITIES:

• Lead the development and implementation of enterprise-wide cybersecurity strategies, policies, and best practices.
• Architect and deploy advanced security solutions, ensuring alignment with organizational objectives and regulatory requirements.
• Conduct in-depth vulnerability assessments, penetration testing oversight, and proactive threat hunting to identify and remediate sophisticated attack vectors.
• Direct and manage complex security incidents, from detection and analysis to containment, eradication, recovery, and post-incident review.
• Design and enforce robust identity and access management frameworks, including multi-factor authentication and privileged access management.
• Develop and implement secure network architectures, including advanced segmentation, intrusion detection/prevention systems (IDS/IPS), and perimeter defenses.
• Leverage advanced cyber threat intelligence to anticipate, detect, and neutralize emerging threats, protecting critical data and systems.
• Establish and maintain data classification, encryption, and data loss prevention (DLP) strategies for data at rest, in transit, and in processing.
• Lead comprehensive risk assessments, develop mitigation strategies, and present findings to senior leadership to inform strategic decision-making.
• Drive continuous improvement through the evaluation and adoption of new security technologies and methodologies.
• Mentor and provide technical leadership to junior cybersecurity personnel.

JOB KNOWLEDGE:

• Expert-level understanding of the technical intricacies of data transmission and advanced data security architectures.
• Deep technical expertise in network and system administration, encompassing complex enterprise environments.
• Advanced technical knowledge of network security controls, including sophisticated Virtual Private Networks (VPNs), firewalls, and intrusion detection systems.
• Comprehensive technical knowledge of Cloud Security principles (SaaS, PaaS, IaaS), Internet of Things (IoT) security protocols, and Artificial Intelligence (AI)/Machine Learning (ML) security implications.
• Mastery of operating systems and virtualized environments, including Windows, Linux, and containerization technologies.
• Proficiency in scripting and programming languages relevant to cybersecurity (e.g., Python, PowerShell).
• Extensive experience with advanced cybersecurity tools and frameworks, such as SIEM platforms, EDR/XDR, SOAR, and forensic tools.
• Advanced understanding of cryptographic principles and their application in securing data and communications.
• Exceptional analytical and problem-solving skills with meticulous attention to detail.
• Demonstrated ethical mindset and unwavering commitment to information security principles.
• Proven ability to rapidly adapt to evolving technologies and sophisticated security threats.
• Expertise in managing complex identity and access governance programs.
• Comprehensive knowledge and practical experience in leading threat detection, vulnerability analysis, incident response, and disaster recovery efforts.
• In-depth understanding of cybersecurity frameworks (e.g., NIST, ISO 27001), regulatory compliance (e.g., NERC CIP, RMF), and industry best practices.
• Proficient in advanced penetration testing methodologies and red team/blue team exercises.
• Superior communication skills, with the ability to articulate complex technical concepts to diverse audiences and produce clear, concise reports.

Education/Experience:

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related discipline and 10+ years of progressively responsible experience in cybersecurity; OR
• Associate’s degree or technical diploma/degree in Information Technology or a related field and 14+ years of relevant experience in cybersecurity; OR
• 18+ years of Enterprise-level IT experience with a significant focus on cybersecurity administration, support, and oversight.
• Relevant industry certifications (e.g., CISSP, CISM, CEH, SANS GIAC certifications) are highly desirable.

Level Specific Responsibilities:

• Operates with significant autonomy, requiring minimal supervision.
• Leads cross-functional teams in developing and implementing advanced security best practices.
• Architects solutions for, and independently resolves, complex system vulnerabilities.
• Leads and directs all phases of security incident detection, analysis, and response.
• Develops and refines comprehensive security system plans, including advanced risk management frameworks and strategic initiatives.
• Drives and significantly contributes to the achievement of team and organizational security goals.