- Manages, troubleshoots, and tunes Cyber Security tools and sensors, such as log aggregation (SIEM), automation/orchestration (SOAR), analysis, enrichment, alerting, and forensic data retention systems
- Collaborates with the Cyber Security Analysts and Cyber Security Architect to select, test, implement, and tune new on-premises and cloud-based technical environments to support infrastructure visibility, analysis, automation, and secure data retention
- Develops content that enables Cyber Analysts to take maximum advantage of existing tool capabilities, including workflows, integrations, and automated tasks.
- Serves as a member of the Cybersecurity Incident Response Team during incident investigations and response
- Collaborates across Information Technology Services teams to integrate distributed network and endpoint security products with cybersecurity enrichment and analysis platforms
- Creates and maintains architectural documentation and operational procedures that describe the scope, purpose, configuration, use, and maintenance of the cybersecurity operations tools and environments
- Leads projects (as assigned or independently) that improve the effectiveness and efficiency of NREL’s cybersecurity program, including but not limited to workflow improvements, automation expansion, management tool enhancements, program or NREL strategic initiatives, and user awareness training
Relevant Bachelor's Degree and 5 or more years of experience or equivalent related education/experience. Or, related Master's Degree and 3 or more years of experience or equivalent related education/experience. Or, related PhD or equivalent related education/experience.
Additional Required Qualifications
Requirements and Qualifications
- Experience includes at least 3 years in an Information Technology role working specifically in a security engineering, or a role that includes significant time performing security engineering (tool selection, installation, and maintenance)
- One or more professional security and/or systems engineering certifications, such as GIAC (SANS) certifications, Security+, CISSP, or training evidencing effort to attain future certification
- Technical background in multiple disciplines, including experience with: Windows and Linux server and workstation system administration; TCP/IP networking concepts, Bash command-line expertise, network protocols and architecture; security measures/defense-in-depth
- Experience managing, and troubleshooting both network- and host-based security tools and significant infrastructure (ex. SIEM, IDS, IPS, full packet capture) in a production (live) environment