Cybersecurity Engineer

About The Position

Requirements

• Relevant Bachelor's Degree and 9 or more years of experience or equivalent relevant education/experience.
• Relevant Master's Degree and 7 or more years of experience or equivalent relevant education/experience.
• Relevant PhD and 4 or more years of experience or equivalent relevant education/experience.
• Applies extensive IS expertise in specific field and has full knowledge of related disciplines.
• Evaluates new hardware, software, systems tools and applications and makes procurement recommendations.
• Excellent leadership and project management skills.
• Skilled in analytical techniques, practices and problem solving.
• Extensive programming and architecture abilities with various computer software programs and information systems.
• Must meet educational requirements prior to employment start date.
• Training specific experience or training/certifications with Splunk administration is required.
• Must be able to obtain and maintain a DOE L/Q Security Clearance.
• To obtain a clearance, an individual must be at least 18 years of age; U.S. citizenship is required except in very limited circumstances.

Nice To Haves

• Experience includes at least seven years in an Information Technology role working specifically in security engineering, or a role that includes significant time performing security engineering (tool selection, installation, and maintenance)
• One or more professional security and/or systems engineering certifications, such as GIAC (SANS) certifications, Security+, CISSP, or training evidencing effort to attain future certification
• Technical background in multiple disciplines, including experience with: Windows and Linux server and workstation system administration; TCP/IP networking concepts, Bash command-line expertise, network protocols and architecture; security measures/defense-in-depth
• Experience managing, and troubleshooting both network- and host-based security tools and significant infrastructure (ex. SIEM, IDS, IPS, full packet capture) in a production (live) environment
• Subject matter expertise in cybersecurity engineering; understands how to select and tune tools to provide analysts with best value visibility and response
• Experience dealing with common cyber security concepts and threats and describing them to others
• Intermediate scripting/programming ability with various languages, preferably Python, in support of security orchestration and automation
• Technology-specific experience or training/certifications with Splunk SIEM and Cortex XSOAR (formerly Demisto) is a plus
• Understanding of cloud security architecture, event collection and aggregation a plus

Responsibilities

• Manages, troubleshoots, and tunes cybersecurity tools and sensors, such as log aggregation (SIEM), automation/orchestration (SOAR), analysis, enrichment, alerting, and forensic data retention systems.
• Selects, tests, deploys, and tunes new on-premises and cloud-based technical environments that support infrastructure visibility, analysis, automation, and secure data retention.
• Guides policy decisions and/or manages security policies and related configurations for distributed security tools such as firewalls, endpoint detection and response suites, vulnerability detection tools, and cloud-based monitoring, protection, and incident response tools.
• Develops content that enables cybersecurity personnel to take maximum advantage of existing tool capabilities, including workflows, integrations, and automated tasks.
• Leads, designs, and performs infrastructure, application, and network tests and exercises to determine the efficacy of security defense strategies and tools.
• Leads Information Technology Services project teams to integrate distributed network and endpoint security products with cybersecurity enrichment and analysis platforms and system management tools.
• Creates and maintains architectural documentation and operational procedures that describe the scope, purpose, configuration, use, and maintenance of the cybersecurity operations tools and environments.
• Leads projects (as assigned or independently) that improve the effectiveness and efficiency of NLR’s cybersecurity program, including but not limited to workflow improvements, automation expansion, management tool enhancements, program or NLR strategic initiatives, and user awareness training.

Benefits

• medical, dental, and vision insurance
• short- and long-term disability insurance
• pension benefits
• 403(b) Employee Savings Plan with employer match
• life and accidental death and dismemberment (AD&D) insurance
• personal time off (PTO) and sick leave
• paid holidays
• tuition reimbursement
• performance-, merit-, and achievement- based awards that include a monetary component
• relocation expense reimbursement