Requisition Id 1326
The Information Technology Services Division (ITSD) in the Business Services Directorate at the Oak Ridge National Laboratory is seeking qualified applicants for the position of Cyber Security Engineer. Our team is currently seeking a highly technical and motivated individual with an understanding of all aspects of cyber security to provide technical advice, design and implement innovative projects, and integrate with cyber security research and development to improve our cyber security posture. The selected individual will ensure an effective monitoring program as the subject matter expert for our Elastic Stack and implementation of a tiered operational support model.
- Provide technical advice and identify cyber security areas in need of improvement, including operational as well as research capabilities.
- Use data analysis techniques to identify internal and external cyber security threats and malicious activity based on relevant indicators. Develop, modify, and/or acquire tools to analyze data to generate reports or visualizations.
- Support cyber security activities regarding intrusion incidents, malicious activity, protective actions, and remediation on ORNL classified and unclassified systems.
- Collaborate with cyber security, network, data center operations, security operations center, cyber security research, and other staff to ensure appropriate configuration and implementation of our security tools, with a focus on Elastic to provide effective capture of security relevant data for alerting of performance problems and security concerns.
- Standardize, document, maintain, and automate the network and cyber processes for monitoring, analyzing, and responding to events.
- Develop written and oral presentations that convey complex technical concepts and issues, including evaluation of cyber security incidents, to ORNL and DOE staff with varying levels of experience and technical expertise.
- Prepare assessments, develop dashboard, document results, and provide status reports and recommendations to the Cyber Security Group Leader, CISO, and ITSD management.
- Bachelor`s Degree in Computer Science or related field or combination of experience and education will be considered.
- Minimum 5-7 years of experience in Cyber Security
- Experience utilizing a SIEM in a production Security Operations Center (SOC)
- Experience with Hadoop, Accumulo, Elastic Stack, Spark, and/or related technologies
- Experience planning, designing, and implementing cyber security improvements and associated metrics to assess impact.
- Extensive knowledge of information technology and cyber security topics, including network flow, log analysis, cyber security visualization, and programming.
- Ability to perform network-centric forensic analysis (Network Security Monitoring and related disciplines)
- Ability to perform log-centric analysis (application logs, operating system events, authentication data, etc.)
- Engage in cyber threat hunting activities
- Possess strong analytical skills - able to efficiently evaluate data sources and communicate analysis effectively.
- Experience integrating with cyber security research organizations to develop new capabilities and leverage expertise in analysis of large data sets.
- Demonstrated ability to create tactical, ad hoc scripts to supplement existing tool base as needed.
- Experience with network security monitoring tools (Snort, Suricata, Bro, Wireshark, tcpdump, NSM, etc.) and with the techniques required to properly analyze and respond to information security events
- Experience extracting and correlating large data sets (Elastic Stack)
- In-depth experience reading and evaluating computer-generated logs (i.e., Kafka, IDS logs, virus logs, etc.).
- Able to communicate effectively at all levels of an organization.
- Ability to work in a fast-paced, enterprise environment.
- Demonstrated ability to work in a team environment, able to coach and mentor other team members.
- Must provide outstanding customer support and possess the ability to work well with peer security professionals, researchers, system administrators, desktop support specialists, and help desk specialists.
- A highly motivated individual who strives for excellence and will drive success regardless of obstacles.
- This position may require some after-hours work and occasional travel.
- Master`s Degree in Computer Science or related field.
- 10-15 years of relevant experience.
- Experience with Agile methodologies and Atlassian products
- Security industry certifications are a plus, e.g. CISSP, GCIA, GCIH
- Comprehensive understanding of cyber threat actors and their corresponding methods/tactics.
- Experience in data visualizations, machine learning, batch/streaming analytics, program data flow, reverse engineering, vulnerability research, emulation, symbolic execution, network security, block-chain applications, bot detection, natural language processing, or other related area.
- Ability to perform host-centric analysis (tactical forensic analysis, memory analysis, malware detonation, and reverse engineering)
- Experience evaluating suspect assets using forensics applications and other host based tools (file, memory, and disk analyzers)
- Advanced understanding of Linux, Unix, Mac and Windows operating systems.
- Experience with business strategy, improving processes, and making recommendations in business processes and policies for operational metrics and results
- Experience planning, developing, and/or integration SOAR with SIEM
- Experience with UEBA
- Effective at communicating clearly to technical and business audiences.
- Able to grasp and learn new technologies and applications. Technical skills on par with system administrator, developer, security engineer, or security researcher.
- Experience with DOE facilities or other government entities is a plus.
- Experience working in large scale (> 5000) employee research environments is a plus.
This position requires the ability to obtain and maintain a Q clearance from the Department of Energy. As such, this position is a Workplace Substance Abuse program (WSAP) testing designed position which requires passing a pre-placement drug test and participation in an ongoing random drug testing program in which employees are subject to being randomly selected for testing. The occupant of this position will also be subject to an ongoing requirement to report to ORNL any drug-related arrest or conviction or receipt of a positive drug test result.
This position will remain open for a minimum of 5 days after which it will close when a qualified candidate is identified and/or hired.
We accept Word (.doc, .docx), Adobe (unsecured .pdf), Rich Text Format (.rtf), and HTML (.htm, .html) up to 5MB in size. Resumes from third party vendors will not be accepted; these resumes will be deleted and the candidates submitted will not be considered for employment.
If you have trouble applying for a position, please email THIS EMAIL .
ORNL is an equal opportunity employer. All qualified applicants, including individuals with disabilities and protected veterans, are encouraged to apply. UT-Battelle is an E-Verify employer.
Oak Ridge National Laboratory
ORNL is an equal opportunity employer. All qualified applicants, including individuals with disabilities and protected veterans, are encouraged to apply. UT-Battelle is an E-verify Employer.