Cybersecurity SIEM Engineer

The Cybersecurity SIEM (Security Information Event Management) Engineer administers and tunes the technology required to detect and analyze cybersecurity threats for maximum value and effectiveness. The ideal candidate is a self-starter and strong collaborator with multiple years’ experience installing and maintaining SIEMs and related components such as log aggregators and forwarders. Prior experience and/or familiarity with cybersecurity testing, incident response, or analysis is a plus.

1. Operates and maintains SIEM tools and components, such as log aggregators, forwarders, and data observability systems.
2. Tests, implements, and tunes new on-premises and cloud-based technical environments that support infrastructure visibility, analysis, automation, and secure data retention.
3. Develops content that enables cybersecurity personnel to take the maximum advantage of existing tool capabilities, including workflows, integrations, and automated tasks.
4. Collaborates across Information Technology Services teams to integrate SIEM components with cybersecurity enrichment and analysis platforms and systems management tools.
5. Creates and maintains architectural documentation and operational procedures that describe the scope, purpose, configuration, use and maintenance of the SIEM tools and environments.
6. Contributes to projects (as assigned or independently) that improve the effectiveness and efficiency of NREL's cybersecurity program, including but not limited to, workflow improvements, automation expansion, management tool enhancements, program or NREL strategic initiatives, and user awareness training.

Relevant Bachelor's Degree and 5 or more years of experience or equivalent relevant education/experience. Or, relevant Master's Degree and 3 or more years of experience or equivalent relevant education/experience. Or, relevant PhD or equivalent relevant education/experience. Complete understanding and wide application of principles, concepts and techniques in specific field. General knowledge of related IS disciplines. Strong leadership and project management skills. Skilled in analytical techniques, practices and problem solving. Advanced programming, design and analysis abilities with various computer software programs and information systems.

* Must meet educational requirements prior to employment start date.

Standard requirements for all Cyber positions:

1. Ability to perform research, read documentation, and independently learn new skills.
2. Must be a self-starter
3. Ability to work both alone and as part of a collaborative team
4. Demonstrated skills in critical thinking and problem solving
5. Excellent written and verbal communication skills, including active listening, ability to prepare and deliver presentations, and clear written correspondence and documentation

Candidates who possess or can obtain and maintain a DOE (L or Q) security clearance and SCI access are preferred.

Preferred Requirements and Qualifications

1. Experience includes at least 3 years in an Information Technology role working specifically in a SIEM engineering role, or a role that includes significant time performing SIEM engineering (tool selection, installation, and maintenance)
2. One or more professional security and/or system engineering certifications, such as GIAC (SANS) certification, Security+, CISSP, or training evidencing effort to attain future certification.
3. Technical background in multiple disciplines, including experience with Windows and Linux server and workstation system administration; TCP/IP networking concepts, Bash command-line expertise, networking protocols and architecture; security measures/defense-in-depth.
4. Experience managing and troubleshooting tools and significant infrastructure in a production (live) environment.
5. Intermediate scripting/programming ability with various languages, preferably Python, in support of security orchestration and automation.
6. Technology-specific experience or training/certifications with Splunk SIEM, and Cribl is a plus.
7. Understanding of cloud security architecture (AWS/Azure/Google Cloud) event collection and aggregation a plus.

The anticipated closing window for application submission is up to 30 days and may be extended as needed.

Job Profile: IT Professional III / Annual Salary Range: $79,600 - $143,300

Please note that in order to be considered an applicant for any position at NREL you must submit an application form for each position for which you believe you are qualified. Applications are not kept on file for future positions. Please include a cover letter and resume with each position application.

NREL is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard basis of age (40 and over), color, disability, gender identity, genetic information, marital status, domestic partner status, military or veteran status, national origin/ancestry, race, religion, creed, sex (including pregnancy, childbirth, breastfeeding), sexual orientation, and any other applicable status protected by federal, state, or local laws.