Cyber Threat Analysis Researcher I

National Renewable Energy Laboratory•Golden, CO

4d•Hybrid

About The Position

The Cybersecurity Threat Analysis Group (CTAG), within NLR's Cybersecurity Research Center, performs research to better understand the threats, detection strategies and mitigation opportunities for renewable energy infrastructure and distributed energy resources. Our efforts include technical assessments of existing technologies and near-term innovations, research into Industrial Control Systems (ICS) communications technologies, network architectures and protocols, as well as informing the development and application of cybersecurity frameworks and policy. CTAG researchers collaborate with government and industry partners to contribute to a more secure and resilient renewable energy infrastructure with global impact. Cybersecurity Threat Analysis Group cybersecurity researchers perform hands-on technical research and assessments. Researchers have the opportunity to drive NLR research in ICS security as well as help build a red team capability to support a rapidly growing cybersecurity portfolio. Team members work alongside current NLR cybersecurity research staff to utilize the best-in-class Cyber Range to deploy applicable large scale test environments, perform hardware-in-the-loop technology assessments, research into ICS threats, detection, and mitigation as it pertains to renewable energy. Research will span across ICS and renewable energy technologies and include collaboration and partnership with utility and cyber security solution providers as well as government stakeholders. The CTAG group has a need for a cybersecurity research team member who will provide support of real world threat analysis for the Energy Threat Analysis Center (ETAC), and other critical programs. The successful candidate will be a key member of the threat analysis team and collaborate with threat emulation team members, analysis and reporting researchers, power systems engineers, and the NLR cyber range team. Beyond ETAC, the candidate will have the opportunity to contribute to a variety of cybersecurity research efforts and develop experience with a wide range of virtualization, orchestration and threat emulation tools. Note: This position requires a Hybrid work arrangement, including regular in-person work at NLR's South Table Mountain Campus in Golden, CO, and is not eligible for 100% remote work arrangements.

Requirements

Relevant Bachelor's Degree
Limited use and application of engineering principles, theories and concepts.
Good written and verbal communication skills.
Ability to use various computer software programs.
Must meet educational requirements prior to employment start date.
Linux system administration
Experience with Docker configuration and administration including creation of Docker images.
Experience with modeling and simulation tools
Knowledge of Industrial Control Systems Cybersecurity principles
Programming in C/C++/Python/Go
Knowledge of Industrial Control Systems protocols
Knowledge of Continuous Integration and Deployment processes
DOE Q or TS & SCI Clearance: Must be able to obtain and maintain a DOE security clearance at the DOE (Q) and SCI access or DoD (TS) and SCI level. SCI access may require a polygraph examination. Eligibility requirements: To obtain a clearance, an individual must be at least 18 years of age; U.S. citizenship is required except in very limited circumstances. See DOE O 472.2A for additional information.

Nice To Haves

Experience supporting Continuous Integration and Deployment processes using DevOps tools such as Jenkins, GitHub and/or GitLab Actions and Projects
Knowledge of git version control, semantic versioning and Git release processes
Experience building and deploying Docker containers using Docker-Compose and/or Kubernetes.
Experience using agile management software (e.g., Jira)
Experience and knowledge using ELK stack
Knowledge of energy system security principles
Experience building and deploying Docker containers using Docker-Compose and/or Kubernetes.

Responsibilities

Create and support threat emulation plans in relation to current threat actor campaigns.
Collaborate with colleagues to develop and deploy complex virtual environments including communications, power systems, hardware-in-the-loop and security technologies.
Coordinate with NLR cyber range team to ensure virtual environment network connectivity, operation, and reliability.
Assist analysis and reporting team in the creation of deliverables to appropriate sponsors.
Create memos, hunting guides and other communication vehicles in support of the ETAC.

Benefits

Benefits include medical, dental, and vision insurance; short- and long-term disability insurance; pension benefits; 403(b) Employee Savings Plan with employer match; life and accidental death and dismemberment (AD&D) insurance; personal time off (PTO) and sick leave; paid holidays; and tuition reimbursement.
NLR employees may be eligible for, but are not guaranteed, performance-, merit-, and achievement- based awards that include a monetary component.
Some positions may be eligible for relocation expense reimbursement.
Limited-term positions are not eligible for long-term disability or tuition reimbursement.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume