From day one at NREL, you’ll connect with coworkers driven by the same mission to save the planet. By joining an organization that values a supportive, inclusive, and flexible work environment, you’ll have the opportunity to engage through our ten employee resource groups, numerous employee-driven clubs, and learning and professional development classes.
NREL supports inclusive, diverse, and unbiased hiring practices that promote creativity and innovation. By collaborating with organizations that focus on diverse talent pools, reaching out to underrepresented demographics, and providing an inclusive application and interview process, our Talent Acquisition team aims to hear all voices equally. We strive to attract a highly diverse workforce and create a culture where every employee feels welcomed and respected and they can be their authentic selves.
We invite all interested candidates to apply for this opportunity. While we recognize that job seekers may hesitate if they don’t meet every requirement, we encourage dedicated individuals who meet all the basic and additional required qualifications of the role to submit an application. We value the opportunity to consider those who believe they have the necessary skills and ambition to succeed at NREL.
Job Description
Posting Title: Cybersecurity Engineer
Location: Remote
Position Type: Regular
Hours Per Week: 40
The Cybersecurity Engineer administers and tunes the technology required to detect and analyze cybersecurity threats for maximum value and effectiveness. The cybersecurity engineer excels at deploying, maintaining, and automating cybersecurity detection and analysis systems, including for example, SIEMs, log aggregators, network- and host-based intrusion detection systems (IDS/IPS), behavioral analysis systems, security orchestration platforms, and sandboxed testing environments. Strong leadership and communication skills are a must; prior experience and/or familiarity with cybersecurity incident response or analysis is a plus. This position is located on NREL’s Golden, CO campus.
- Manages and maintains SIEM tools and components such as log aggregators, forwarders, and data observability systems.
- Selects, tests, deploys, and tunes new on-premises and cloud-based technical environments that support infrastructure visibility, analysis, automation, and secure data retention.
- Guides policy decisions and/or manages security policies and related configurations for distributed security tools such as firewalls, endpoint detection and response suites, vulnerability detection tools, and cloud-based monitoring, protection, and incident response tools.
- Develops content that enables cybersecurity personnel to take maximum advantage of existing tool capabilities, including workflows, integrations, and automated tasks.
- Leads, designs, and performs infrastructure, application, and network tests and exercises to determine the efficacy of security defense strategies and tools.
- Leads Information Technology Services project teams to integrate SIEM components with cybersecurity enrichment and analysis platforms and system management tools.
- Creates and maintains architectural documentation and operational procedures that describe the scope, purpose, configuration, use, and maintenance of the cybersecurity operations tools and environments.
- Leads projects (as assigned or independently) that improve the effectiveness and efficiency of NREL’s cybersecurity program, including but not limited to workflow improvements, automation expansion, management tool enhancements, program or NREL strategic initiatives, and user awareness training.
Basic Qualifications
Relevant Bachelor's Degree and 9 or more years of experience or equivalent relevant education/experience. Or, relevant Master's Degree and 7 or more years of experience or equivalent relevant education/experience. Or, relevant PhD and 4 or more years of experience or equivalent relevant education/experience. Applies extensive IS expertise in specific field and has full knowledge of related disciplines. Evaluates new hardware, software, systems tools and applications and makes procurement recommendations. Excellent leadership and project management skills. Skilled in analytical techniques, practices and problem solving. Extensive programming and architecture abilities with various computer software programs and information systems.
* Must meet educational requirements prior to employment start date.
Additional Required Qualifications
- Experience includes at least seven years in an Information Technology role working specifically in a SIEM engineering, or a role that includes significant time performing SIEM engineering (tool selection, installation, and maintenance).
- One or more professional security and/or systems engineering certifications, such as GIAC (SANS) certifications, Security+, CISSP, or training evidencing effort to attain future certification.
- Technical background in multiple disciplines, including experience with: Windows and Linux server and workstation system administration; TCP/IP networking concepts, Bash command-line expertise, network protocols and architecture; security measures/defense-in-depth.
- Experience managing, and troubleshooting both network- and host-based security tools and significant infrastructure (ex. SIEM, IDS, IPS, full packet capture) in a production (live) environment.
- Subject matter expertise in cybersecurity analysis; understands how to select and tune toolsets to provide analysts with best value visibility and response.
- Experience dealing with common cybersecurity concepts and threats and describing them to others.
- Intermediate scripting/programming ability with various languages, preferably Python, in support of security orchestration and automation.
- Technology-specific experience or training/certifications with Splunk SIEM and Cribl is a plus.
- Understanding of cloud security architecture, event collection and aggregation a plus.
- Ability to perform research, read documentation, and independently learn new skills.
- Must be a self-starter.
- Ability to work both alone and as part of a collaborative team.
- Demonstrated skills in critical thinking and problem solving.
- Excellent written and verbal communication skills, including active listening, ability to prepare and deliver presentations, and clear written correspondence and documentation.
- Candidates who possess or can obtain and maintain a DOE (L or Q) security clearance and SCI access are preferred. SCI access may require a polygraph examination.
Preferred Qualifications
- Experience includes at least 7 years in an Information Technology role working specifically in a SIEM engineering role, or a role that includes significant time performing SIEM engineering (tool selection, installation, and maintenance).
- One or more professional security and/or system engineering certifications, such as GIAC (SANS) certification, Security+, CISSP, or training evidencing effort to attain future certification.
- Technical background in multiple disciplines, including experience with Windows and Linux server and workstation system administration; TCP/IP networking concepts, Bash command-line expertise, networking protocols and architecture; security measures/defense-in-depth.
- Experience managing and troubleshooting tools and significant infrastructure in a production (live) environment.
- Subject matter expertise in cybersecurity analysis; understands how to select and tune toolsets to provide analysts with best value visibility and response.
- Experience dealing with common cybersecurity concepts and threats and describing them to others.
- Intermediate scripting/programming ability with various languages, preferably Python, in support of security orchestration and automation.
- Technology-specific experience or training/certifications with Splunk SIEM, and Cribl is a plus.
- Understanding of cloud security architecture (AWS/Azure/Google Cloud) event collection and aggregation a plus.
Job Application Submission Window
The anticipated closing window for application submission is up to 30 days and may be extended as needed.
Annual Salary Range (based on full-time 40 hours per week)
Job Profile: IT Professional IV / Annual Salary Range: $95,500 - $171,900
NREL takes into consideration a candidate’s education, training, and experience, expected quality and quantity of work, required travel (if any), external market and internal value, including seniority and merit systems, and internal pay alignment when determining the salary level for potential new employees. In compliance with the Colorado Equal Pay for Equal Work Act, a potential new employee’s salary history will not be used in compensation decisions.
Benefits Summary
Benefits include medical, dental, and vision insurance; short- and long-term disability insurance; pension benefits; 403(b) Employee Savings Plan with employer match; life and accidental death and dismemberment (AD&D) insurance; personal time off (PTO) and sick leave; paid holidays; and tuition reimbursement. NREL employees may be eligible for, but are not guaranteed, performance-, merit-, and achievement-based awards that include a monetary component. Some positions may be eligible for relocation expense reimbursement. Limited-term positions are not eligible for long-term disability or tuition reimbursement.
Badging Requirement
NREL is subject to Department of Energy (DOE) access restrictions. All employees must also be able to obtain and maintain a federal Personal Identity Verification (PIV) card as required by Homeland Security Presidential Directive 12 (HSPD-12), which includes a favorable background investigation.
Drug-Free Workplace
NREL is committed to maintaining a drug-free workplace in accordance with the federal Drug-Free Workplace Act and complies with federal laws prohibiting the possession and use of illegal drugs. Under federal law, marijuana remains an illegal drug.
If you are offered employment at NREL, you must pass a pre-employment drug test prior to commencing employment. Unless prohibited by state or local law, the pre-employment drug test will include marijuana. If you test positive on the pre-employment drug test, your offer of employment may be withdrawn.
Submission Guidelines
Please note that in order to be considered an applicant for any position at NREL you must submit an application form for each position for which you believe you are qualified. Applications are not kept on file for future positions. Please include a cover letter and resume with each position application.
EEO Policy
NREL is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard basis of age (40 and over), color, disability, gender identity, genetic information, marital status, domestic partner status, military or veteran status, national origin/ancestry, race, religion, creed, sex (including pregnancy, childbirth, breastfeeding), sexual orientation, and any other applicable status protected by federal, state, or local laws.
EEO is the Law | Pay Transparency Nondiscrimination | Reasonable Accommodations
E-Verify For information about right to work, click here for English or here for Spanish.
E-Verify is a registered trademark of the U.S. Department of Homeland Security. This business uses E-Verify in its hiring practices to achieve a lawful workforce.
#J-18808-Ljbffr