Cybersecurity Engineering I​/II

Cybersecurity Engineering I/II

Location:

CO - Golden

Position Type:
Regular

Hours per week: 40

The National Laboratory of the Rockies (NLR) is seeking a talented Cybersecurity Engineer to join the Computational Science Center (CSC) Advanced Computing Operations (ACO) group. This candidate must have an interest in helping to envision, develop, deploy, monitor, maintain, and analyze security posture and defense in an environment that supports a variety of applications and data‑sharing platforms related to advancing integrated energy system technologies and markets.

The candidate will ensure information security is built into and maintained for systems deployed by the laboratory’s Advanced Computing Operation Group. The role requires strong communication, proactive follow‑up, and collaboration with project teams to implement security best practices and cultivate a culture of security across diverse teams.

• Implement and harden security controls across heterogeneous environments; configure platform/security guardrails and verify enforcement.
• Script and automate security tasks using Bash and Python to meet control requirements (log collection, config checks, patch workflows).
• Monitor vulnerabilities and coordinate remediation with engineering teams across multiple platforms (servers, networks, web apps, cloud).
• Analyze logs using SIEM/log tools and produce meaningful reporting for stakeholders.
• Implement new capabilities required by DOE to enhance cybersecurity on ACO‑managed systems.
• Partner closely with NLR Cyber Security, HPC Operations System Administrators, and Cloud Engineers; communicate clearly and confidently across diverse user and stakeholder groups.

• Relevant Bachelor’s Degree or equivalent education/experience.
• Basic knowledge of information security practices, principles, and standards.
• Good analytical and problem‑solving skills.
• Good written and verbal communication skills.
• Basic programming and/or maintenance ability with various computer software programs and information systems.

• Relevant Bachelor’s Degree and 2 or more years of experience, or a relevant Master’s Degree, or equivalent education/experience.
• General knowledge and application of standards, principles, concepts, and techniques in the field.
• Some understanding of related information security practices and standards.
• Skilled in analytical techniques and problem solving.
• Skilled written and verbal communication.
• Intermediate programming ability with various software programs and information systems.

• UNIX/Linux experience (administration, troubleshooting).
• Ability to script and automate with Bash and Python.
• Basic knowledge of security tools (IDS/IPS, firewalls, vulnerability scanners).
• Basic networking fundamentals (TCP/IP, DNS, common protocols).
• Basic understanding of encryption/cryptography (SSL/TLS, key management).
• Basic knowledge of access control & identity management.

• IT Professional I:
  Skilled in analytical techniques and problem solving; oral and written communication; intermediate programming ability.
• IT Professional II:
  Strong leadership and project management; advanced analytical/problem solving; wide application of cybersecurity principles; awareness of common threats, vulnerabilities, and attack vectors; basic incident response knowledge; effective communication.

• Familiarity with enterprise/research computing (on‑prem/virtualized).
• SIEM/log analysis experience (e.g., Splunk, Elastic, Logstash).
• Experience identifying and remediating vulnerabilities; collaborates to address risk.
• Working knowledge of NIST SP 800‑53 and FIPS 199.

• Experience implementing security controls across heterogeneous platforms (HPC, on‑prem/virtualized, applications).
• Incident response experience (investigation, containment, recovery, post‑incident review).
• Experience maintaining compliance with NIST SP 800‑53 and FIPS 199.

Medical, dental, and vision insurance; short‑term and long‑term disability insurance; pension benefits; 403(b) Employee Savings Plan with employer match; life and accidental death and dismemberment insurance; personal time off (PTO) and sick leave; paid holidays; tuition reimbursement.

All qualified applicants will be considered for employment regardless of age, color, disability, gender identity, genetic information, marital status, domestic partner status, military status, national origin, race, religion, creed, sexual orientation, or any other status protected by law.

Must obtain and maintain a DOE Q Security Clearance; must be able to obtain and maintain a federal Personal Identity Verification (PIV) card.