Cyber Security Engineer

We have an opening for a Cybersecurity Engineer to independently and collaboratively perform a wide range of activities associated with supporting the Cyber Security Operations Center (CSOC) infrastructure. This position is in the Information Technology Solutions Division (ITSD) within the Computing Directorate matrixed to the Cyber Security Program (CSP), in support of the Livermore Information Technology (LivIT) Program.

This position offers a hybrid schedule, blending in-person and virtual presence. You will have the flexibility to work from home one or more days per week.

This position will be filled at either level based on knowledge and related experience as assessed by the hiring team. Additional job responsibilities (outlined below) will be assigned if hired at the higher level.

You will 

• Protect enterprise systems and information by promptly responding to security threats and incidents, acting individually and as part of a team.
• Proactively hunt for cyber threats and enact identification, containment and eradication measures while supporting recovery efforts.
• Perform analysis on LLNL intrusion detection systems.
• Provide security monitoring and incident response support including troubleshooting and resolution of issues.
• Work closely with staff to ensure timely patching and mitigation of identified vulnerabilities.
• Provide computer science and software development support using industry standard software development practices leveraging modern programming languages such as Python within Linux, UNIX, and/or Windows environments.
• Develop scripting and automation to provide solutions to common problems and reduce operational overhead.
• Promote and support plans to promote diversity, equity and inclusion within the program. 
• Perform other duties as assigned.

Additional job responsibilities, at the SES.2 level

• Manage moderately complex to complex technical parallel tasks and priorities of customers and stakeholders, ensuring deadlines are met, while leveraging team member skills.
• Develop methods, tools, and procedures to improve incident response capabilities or vulnerability management processes and automate various complex tasks.
• Provide technical guidance to team members in Cybersecurity best practices and procedures.

• Ability to secure and maintain a U.S. DOE Q-level security clearance which requires U.S. citizenship.
• Bachelor’s degree in Computer Science, Computer Engineering, Computer Information Systems, or related field, or the equivalent combination of education and related experience.
• Experience developing software in Python or other programming languages.
• Technical experience with operating systems, virtual environments, and/or related hardware in a moderately complex server environment.
• Effective written and verbal communication and strong interpersonal skills, ability to interact with all levels of management and staff.
• Ability to work in a dynamic, technical team environment with competing priorities and meet deadlines that are important to project success.
• Experience with approaching difficult problems with enthusiasm and creativity, and to change focus when necessary.
• Ability to work off-hours and on-call to respond to incidents (intermittently, either as-needed or as part of a rotation).

Additional qualifications at the SES.2 level

• Proficient knowledge of SIEM solutions, EDR’s, threat hunting, incident response, incident management or vulnerability management.
• Comprehensive experience conducting host forensics, network forensics, log analysis, or malware analysis in support of incident response investigations or leading vulnerability assessments.
• Current industry specific certifications including but not limited to Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Global Information Assurance Certification (GIAC).

Qualifications We Desire

• Master’s degree in Computer Science, Computer Engineering, or a related field, or equivalent level of knowledge.                                                     
• Significant incident response or vulnerability management experience, including experience with cloud services such as AWS/Azure.
• Experience with programming or scripting languages such as C, C#, Python, Java, PowerShell and PHP.

#LI-Onsite

Position Information

This is a Career Indefinite position, open to Lab employees and external candidates.

Why Lawrence Livermore National Laboratory?

• Included in 2024 Best Places to Work by Glassdoor!
• Flexible Benefits Package
• 401(k)
• Relocation Assistance
• Education Reimbursement Program
• Flexible schedules (*depending on project needs)
• Inclusion, Diversity, Equity and Accountability (IDEA) - visit https://www.llnl.gov/diversity
• Our core beliefs - visit https://www.llnl.gov/diversity/our-values 
• Employee engagement - visit https://www.llnl.gov/diversity/employee-engagement

Site 300

Site 300 is an experimental test site operated by LLNL.  Situated on 7,000 acres in rural foothills approximately six miles southwest of downtown Tracy and 15 miles southeast of Livermore, Site 300 hosts approximately 200 employees with expertise in such fields as engineering, chemistry, biology, and environmental restoration. Employees assigned to work at Site 300 may be exposed to the organism that causes San Joaquin Valley Fever (coccidioidomycosis).

Security Clearance

This position requires a Department of Energy (DOE) Q-level clearance.  If you are selected, we will initiate a Federal background investigation to determine if you meet eligibility requirements for access to classified information or matter. Also, all L or Q cleared employees are subject to random drug testing.  Q-level clearance requires U.S. citizenship. 

Pre-Employment Drug Test

External applicant(s) selected for this position must pass a post-offer, pre-employment drug test. This includes testing for use of marijuana as Federal Law applies to us as a Federal Contractor.

Wireless and Medical Devices

Per the Department of Energy (DOE), Lawrence Livermore National Laboratory must meet certain restrictions with the use and/or possession of mobile devices in Limited Areas. Depending on your job duties, you may be required to work in a Limited Area where you are not permitted to have a personal and/or laboratory mobile device in your possession.  This includes, but not limited to cell phones, tablets, fitness devices, wireless headphones, and other Bluetooth/wireless enabled devices.  

If you use a medical device, which pairs with a mobile device, you must still follow the rules concerning the mobile device in individual sections within Limited Areas.  Sensitive Compartmented Information Facilities require separate approval. Hearing aids without wireless capabilities or wireless that has been disabled are allowed in Limited Areas, Secure Space and Transit/Buffer Space within buildings.

How to identify fake job advertisements

Please be aware of recruitment scams where people or entities are misusing the name of Lawrence Livermore National Laboratory (LLNL) to post fake job advertisements. LLNL never extends an offer without a personal interview and will never charge a fee for joining our company. All current job openings are displayed on the Career Page under “Find Your Job” of our website. If you have encountered a job posting or have been approached with a job offer that you suspect may be fraudulent, we strongly recommend you do not respond.

To learn more about recruitment scams: https://www.llnl.gov/sites/www/files/2023-05/LLNL-Job-Fraud-Statement-Updated-4.26.23.pdf

Equal Employment Opportunity

We are an equal opportunity employer that is committed to providing all with a work environment free of discrimination and harassment. All qualified applicants will receive consideration for employment without regard to race, color, religion, marital status, national origin, ancestry, sex, sexual orientation, gender identity, disability, medical condition, pregnancy, protected veteran status, age, citizenship, or any other characteristic protected by applicable laws.

We invite you to review the Equal Employment Opportunity posters which include EEO is the Law and Pay Transparency Nondiscrimination Provision.

Reasonable Accommodation

Our goal is to create an accessible and inclusive experience for all candidates applying and interviewing at the Laboratory.  If you need a reasonable accommodation during the application or the recruiting process, please use our online form to submit a request. 

California Privacy Notice

The California Consumer Privacy Act (CCPA) grants privacy rights to all California residents. The law also entitles job applicants, employees, and non-employee workers to be notified of what personal information LLNL collects and for what purpose. The Employee Privacy Notice can be accessed here.