Cybersecurity SIEM Engineer ( Security Information Event Mgmt. Engineer)
About The Position
BTI is seeking an experienced Cybersecurity SIEM (Security Information and Event Management) Engineer to support the National Renewable Energy Laboratory (NREL) in Golden, Colorado. This role is responsible for administering, maintaining, and tuning SIEM technologies to maximize threat detection, security visibility, and operational effectiveness across NREL’s enterprise environment. The ideal candidate is a self-starter with strong collaboration skills and hands-on experience implementing and maintaining SIEM platforms and related components such as log aggregators, forwarders, and observability tools. Prior experience in cybersecurity testing, incident response, or security analysis is highly desirable. This position may be performed onsite at NREL’s Golden, CO campus or remotely, depending on mission needs.
Requirements
- Bachelor’s degree with 5+ years of relevant experience, or
- Master’s degree with 3+ years of relevant experience, or
- Equivalent combination of education and experience
- Demonstrated ability to research technical issues, interpret documentation, and independently learn new technologies
- Self-starter with the ability to work independently and within collaborative teams
- Strong critical thinking and problem-solving skills
- Excellent written and verbal communication skills, including technical documentation and presentations
- Ability to obtain and maintain an HSPD-12 compliant credential
Nice To Haves
- At least 3 years of experience in a dedicated SIEM engineering role or equivalent position with significant SIEM responsibilities (tool selection, installation, tuning, and maintenance)
- One or more cybersecurity or systems engineering certifications, such as GIAC (SANS), Security+, CISSP, or progress toward certification
- Technical experience across multiple disciplines, including:
- Windows and Linux system administration
- TCP/IP networking concepts and protocols
- Bash command-line usage
- Security controls and defense-in-depth architectures
- Experience managing and troubleshooting production cybersecurity tools and enterprise infrastructure
- Familiarity with common cybersecurity threats and the ability to clearly explain risks and mitigations to technical and non-technical audiences
- Intermediate scripting or programming skills (preferably Python) to support security automation and orchestration
- Experience or training with Splunk SIEM and/or Cribl strongly preferred
- Understanding of cloud security architectures (AWS, Azure, Google Cloud) and cloud-based event collection and aggregation
Responsibilities
- Operate, maintain, and optimize SIEM tools and components, including log aggregators, forwarders, and data observability systems
- Test, implement, and tune on-premises and cloud-based environments to support infrastructure visibility, threat analysis, automation, and secure data retention
- Develop SIEM content to enhance cybersecurity operations, including dashboards, workflows, integrations, alerts, and automated response tasks
- Collaborate with Information Technology Services and cybersecurity teams to integrate SIEM platforms with enrichment, analysis, orchestration, and system management tools
- Create and maintain architectural diagrams, technical documentation, and operational procedures describing SIEM scope, configuration, use, and maintenance
- Contribute to cybersecurity program improvement initiatives, including workflow optimization, automation expansion, tool enhancements, strategic initiatives, and user awareness training
- Support projects independently or as assigned to improve the efficiency, effectiveness, and maturity of NREL’s cybersecurity posture
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
