Cyber Security Engineer

Lawrence Berkeley National Lab's (LBNL) National Energy Research Scientific Computing Center (NERSC) Division has an opening for a Cyber Security Engineer to join the team.

NERSC's mission is to accelerate scientific discovery through high performance computing and data analysis for the DOE Office of Science programs. NERSC provides critical HPC and data systems and support for NERSC's 10,000 users researching alternative energy sources, climate science, energy efficiency, environmental science and other DOE mission areas.

In this exciting role, you will be involved in all aspects of cyber security at NERSC, working both independently and collaboratively with the rest of the security team to monitor for malicious and unauthorized activity, perform vulnerability scanning and application security testing, participate or lead responses to security incidents, work with other NERSC staff and end-users to provide security guidance, perform security assessments and reviews, assist in the remediation or mitigation of cyber security issues, and contribute to the NERSC strategy as we move to exascale and beyond.

At NERSC, you will work in a collaborative, interdisciplinary environment with opportunities to explore emerging technologies, become involved in cross-team projects, and attend NERSC seminars on a wide range of scientific and technical subjects.

What You Will Do:

• Perform security duties including monitoring for potential threats, proactively examining network traffic and log data, investigating anomalous activity, forensic analysis, and resolution of security incidents.
• Support and/or lead cyber incident response activities, participating in the full incident response lifecycle, from initial detection through resolution and post-incident documentation.
• Maintain up-to-date awareness of cybersecurity threats and trends by monitoring a variety of information sources. Assess emerging security issues to determine risk and impact to the center, advise on appropriate response strategies, and coordinate mitigation efforts across teams.
• Assist with vulnerability assessment activities, including configuration of scanning tools, assessment of vulnerabilities reported from a variety of sources, prioritization and triage of discovered vulnerabilities, and working closely with NERSC staff and end users to guide remediation efforts.
• Participate in 24/7 on-call rotation, occasionally working outside of scheduled hours as needed.
• Contribute to the design and development of NERSC's security architecture, identify and address operational gaps in monitoring and detection capabilities, and help evaluate and develop new cyber security tools and technologies.
• Participate or lead efforts to upgrade existing systems to meet evolving needs, including the specification, purchase, installation, configuration, and deployment of new hardware and security services.
• Help maintain and manage existing cybersecurity systems using automation tools. Occasionally perform manual system administration tasks, troubleshooting, and hardware maintenance and support. Develop comprehensive documentation of the team's technical systems, processes, and procedures.
• Develop and add new signatures to IDS and monitoring infrastructure based on emerging threats and data from past incidents, ensuring detection capabilities align with the latest attack vectors and vulnerabilities. Regularly review and refine existing rules and signatures to enhance accuracy, reducing false positives and negatives.
• Lead or support the design and implementation of a Zero Trust strategy that reduces and mitigates risk while continuing to enable NERSC's open science mission.
• Promote a strong security culture through outreach, technical consulting, and security awareness activities. Provide guidance on security best practices, assist with the implementation of security controls, and effectively communicate security policies and requirements to NERSC staff and users.
• Collaborate closely with NERSC system engineers and software developers to integrate cyber security tools and processes throughout the center.
• Conduct in-depth security reviews and risk assessments, analyzing both technical and non-technical factors to identify weaknesses in existing and proposed deployments. Document review findings in detailed reports, providing actionable recommendations for addressing identified security issues and mitigating risk.
• Serve as a security subject matter expert on cross-functional projects and initiatives, offering guidance based on security best practices, identifying and communicating security issues, and collaborating with others to ensure security is a key consideration across all phases of the project.
• Contribute to the development of cybersecurity requirements, translating high-level policy into actionable security controls and guidelines. Assist with maintaining and updating documentation in a central repository.
• Create technical guides, best practices, and other resources to assist NERSC staff and users in understanding and adhering to cyber security policy.
• Project lead in one or more of the following areas




• Securing containerized environments
• Advanced security monitoring and detection capabilities
• Secure software development practices
• Automated security testing
• Zero Trust Architecture
• API Security
• eBPF for security
• Security for scientific workflows and real-time data streaming to HPC nodes
• Improvements to security log collection, aggregation, and analysis
• Vulnerability management and automated asset discovery
• Security guidance and oversight in the deployment of Federated Identity and Access Management systems

What is Required:

• Bachelor's degree in Computer Science or a related field and a minimum of 8 years of related experience; or 6 years and a Master's degree; or equivalent experience.
• Experience with Linux/Unix system administration, and some familiarity in the use of configuration automation tools such as puppet or ansible.
• Experience with intrusion detection systems (e.g., Snort/Suricata/Zeek), firewalls, log analysis, SIEM systems, and network traffic analysis.
• Prior experience performing incident response, including investigation, forensic analysis, incident timeline reconstruction, and resolution of security incidents.
• Previous experience with network security, incident response, intrusion detection, forensics, vulnerability assessments, threat hunting, penetration testing, cyber threat intelligence, or similar cyber security role.
• Experience in collecting, parsing, and analyzing log data from a variety of systems (e.g., servers, network devices, user sessions) to detect potential security incidents.
• Experience leading a project or team, leading the implementation or administration of systems, or providing direction for a project or team.
• Experience developing scripts or programs in C, C++, Python, Shell, or other languages.
• Familiarity with a wide range of security tools used for code analysis, penetration testing, and vulnerability scanning, with demonstrated expertise in one or more tools.
• Ability to troubleshoot and solve complex issues where analysis of situations or data requires an in-depth evaluation of variable factors.
• Ability to work in a Linux or UNIX environment and primarily at a Command Line Interface (CLI).
• Knowledge of common security vulnerabilities and mitigations, attacker TTPs (tactics, techniques, and procedures) and associated detection methods, familiarity with one or more cybersecurity frameworks, and a solid understanding of core cybersecurity principles.
• Knowledge of network security and upper layer protocols.
• Demonstrated ability to work well independently as well as collaboratively in an interdisciplinary team.
• Ability to work on multiple tasks and respond to rapidly changing priorities.
• Excellent verbal and written communication skills.

Desired Qualifications:

• Experience designing and implementing Zero Trust architectures or a strong understanding of Zero Trust principles.
• Experience with optical network taps or network traffic analysis tools to monitor high-speed networks.
• Experience securing container orchestration platforms and containerized workloads, including implementing solutions for runtime security monitoring, container image scanning, and secrets management.
• Experience integrating tools for application security testing, artifact signing, and dependency scanning into development and deployment processes.
• Prior experience in policy compliance, auditing against cybersecurity frameworks such as NIST, ISO 27001, or CIS Controls, or conducting vulnerability and risk assessments.
• Experience securing large-scale computing environments or open network environments.
• Prior work in High Performance Computing, higher education, or research environment.
• Knowledge of API security, including understanding of secure API design principles, how to perform security assessments of API infrastructure and familiarity with OAuth 2.0, JWT, and API key management.
• Knowledge of secure coding practices (e.g., input validation, output encoding, and proper error handling), demonstrated ability to conduct security-focused code reviews to identify vulnerabilities within source code, and the ability to collaborate with development teams to implement secure coding practices.
• Familiarity with Federated Identity and Access Management solutions and an understanding of security best practices for authentication, authorization, and identity federation across systems.
• Knowledge of data analytics, machine learning, or statistical models and their application to security analysis.

Notes:

• This is a full-time, career appointment, exempt (monthly paid) from overtime pay.
• The full salary range of this position is between $129,948 to $219,276 per year and is expected to pay between a targeted range of $146,184 to $178,668 per year depending upon candidates' full skills, knowledge, and abilities, including education, certifications, and years of experience.
• This position is subject to a background check. Any convictions will be evaluated to determine if they directly relate to the responsibilities and requirements of the position. Having a conviction history will not automatically disqualify an applicant from being considered for employment.
• This position requires substantial on-site presence, but is eligible for a flexible work mode, and hybrid schedules may be considered. Hybrid work is a combination of performing work on-site at Lawrence Berkeley National Lab, 1 Cyclotron Road, Berkeley, CA and some telework. Individuals working a hybrid schedule must reside within 150 miles of Berkeley Lab. Work schedules are dependent on business needs.

Want to learn more about working at Berkeley Lab? Please visit: careers.lbl.gov

Equal Employment Opportunity Employer: The foundation of Berkeley Lab is our Stewardship Values: Team Science, Service, Trust, Innovation, and Respect; and we strive to build community with these shared values and commitments. Berkeley Lab is an Equal Opportunity and Affirmative Action Employer. We heartily welcome applications from all who could contribute to the Lab's mission of leading scientific discovery, inclusion, and professionalism. In support of our rich global community, all qualified applicants will be considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, or protected veteran status.

Misconduct Disclosure Requirement: As a condition of employment, the finalist will be required to disclose if they are subject to any final administrative or judicial decisions within the last seven years determining that they committed any misconduct, are currently being investigated for misconduct, left a position during an investigation for alleged misconduct, or have filed an appeal with a previous employer