Internet Storm Center

Job Description

Lawrence Berkeley National Lab’s (LBNL) National Energy Research Scientific Computing Center (NERSC) Division has an opening for a Cyber Security Engineer to join the team.

In this exciting role, you will be involved in all aspects of cyber security at NERSC, working both independently and collaboratively with the rest of the security team to monitor for malicious and unauthorized activity, perform vulnerability scanning and application security testing, participate or lead responses to security incidents, and work with other NERSC staff and end-users to provide security guidance, perform security assessments and reviews, and assist in the remediation or mitigation of cyber security issues.

NERSC is one of the premier supercomputer centers, and our systems are used by more than 7000 users from around the world. We deploy the latest high-performance computing technologies to support our mission to accelerate scientific discovery. The cyber security team helps to make this possible by keeping NERSC computers, networks, and storage accessible and secure.

At NERSC, you will work in a collaborative, interdisciplinary environment with opportunities to explore new emerging technologies, become involved in cross-team projects, attend NERSC seminars on a diverse range of scientific and technical subjects, and continue to expand your cyber security knowledge by attending conferences and training sessions.


What You Will Do:

Monitoring and incident response
- Perform security duties including threat awareness, proactive network traffic analysis, incident response, forensic analysis, monitoring ticketing queue, and resolution of security incidents.
- Track security issues, and work closely with NERSC staff and end-users to advise and assist in remediation of vulnerabilities within proper timeframes.
- Support and/or lead cyber incident response activities and participate in the full incident response lifecycle.
- Maintain awareness of cybersecurity threats by monitoring a variety of information sources.
- Participate in 24/7 on-call rotation, occasionally working outside of scheduled hours as needed.

Maintenance and improvement of security infrastructure
- Maintain existing security systems using automated tools and occasionally perform manual system administration tasks.
- Participate or lead efforts to upgrade existing systems to meet evolving needs, including the specification, purchase, and deployment of new security systems and infrastructure.
- Improve monitoring and data analysis including improvements in security data management and log analysis.
- Create, modify, and add signatures to existing IDS and security monitoring infrastructure.

Security consulting and compliance
- Promote a strong security culture through outreach and technical security consulting.
- Collaborate with system owners and application developers to assess and advise on proposed deployments, perform in-depth security reviews, and ensure cyber security best practices and policies are followed.
- Assist with developing and documenting cyber security guidance, policies, standards, and procedures.

Project lead in one or more of the following areas
- Secure deployment of containerized environments.
- Development and improvement of automated tools, techniques, and documentation used in existing operations.
- Security guidance and oversight in the deployment of Federated Identity and Access Management systems.
- Evaluate Edge Computing Networks and Zero Trust architectures by working with internal and external collaborators.
- Apply data modeling, visualization, machine learning, and statistical analysis techniques to large datasets from a wide range of sources in order to identify unusual and suspicious activity.


What is Required:

- Bachelor’s degree and a minimum of 8 years of related experience; or 6 years and a Master’s degree; or equivalent experience.
- Experience with Linux/Unix system administration, including the use of configuration automation tools such as Puppet or Ansible.
- Experience with intrusion detection systems (e.g. Snort/Suricata/Zeek), firewalls, log analysis, and network traffic analysis.
- Prior experience in threat hunting, security monitoring and analysis, incident response, penetration testing, vulnerability management and risk assessment, cyber threat intelligence, or similar cyber security role.
- Experience leading a project or team, leading the implementation or administration of systems, or providing direction for a project or team.
- Demonstrated proficiency using vulnerability scanning and application security testing tools.
- Ability to troubleshoot and solve complex issues where analysis of situations or data requires an in-depth evaluation of variable factors.
- Knowledge of system and application security threats and vulnerabilities, attacker exploit techniques, and general cyber security principles and standards.
- Knowledge of network security and upper layer protocols.
- Demonstrated ability to work both independently and collaboratively in an interdisciplinary team.
- Excellent verbal and written communication skills.


Desired Qualifications:

- Cloud technologies and deployment models.
- Federated Identity and Access Management systems.
- Edge Computing Networks and Zero Trust architectures.
- Data analytics tools and their application to security analysis.
- Scripting or programming in C/C++, Java, Python, Shell, or other languages.
- Policy compliance management and technical documentation.
- Prior work in High Performance Computing, higher education or a research environment.


Notes:

- This is a full-time, career appointment, exempt (monthly paid) from overtime pay.
- This position may be subject to a background check. Any convictions will be evaluated to determine if they directly relate to the responsibilities and requirements of the position. Having a conviction history will not automatically disqualify an applicant from being considered for employment.
- Work may be performed on-site, hybrid, full-time telework or remote modes.