Pacific Northwest National Laboratory Cyber Security Analyst in RICHLAND, Washington

Organization and Job ID

Job ID: 308509

Directorate: Communications and Information Technology

Division: Cyber Security

Job Description

The Invitation:

Come and work for a billion-dollar international research institution with a diverse science portfolio with compelling missions across national security, energy, and environment. Our collaborative environment and commitment to work/life balance makes Pacific Northwest National Laboratory (PNNL) an ideal place to advance your career, pursue your passions, challenge yourself and make a difference in science and for our nation.

About PNNL:

Located in Richland, Washington, PNNL is powered by the creativity and innovation of 4,500 exceptional scientists and engineers that are advancing the frontiers of science and addressing some of the most challenging problems in energy, the environment and national security. Our science and technology inspires and enables the world to live prosperously, safely and securely. Our discoveries not only change the way people think, they increase our nation’s energy capacity and improve our national security efforts, making the world a cleaner and safer place. Cyber Security is a PNNL Strategic Lab Objective in 2018 – PNNL is reshaping the cyber landscape by revealing adversary strategies and tactics, countering cyber adversaries leading in cyber analytics and situational awareness in support of DOE and the nation’s critical infrastructures.

The Position:

The Cyber Security Division at Pacific Northwest National Laboratory (PNNL) is looking for a Cyber Security Analyst to join our Cyber Security Operations Center (CSOC) team. Leverage your experience and our team of cyber defenders that detect and respond to cyber adversaries who threaten PNNL’s business and research. We are seeking someone with a passion for cyber security who strives to deeply understand our adversaries, develop innovative analytics and detection solutions and proactively hunt and respond to adversary actions against PNNL. Equally, you’ll need to be comfortable operating as a member of a growing and learning cyber security team with a culture of collaboration, creativity, partnership, and execution. We’re looking for someone who will have a passion to keep up with cutting edge research in the field of adversary detection, vulnerability management, threat analytics, incident response, malware analysis, and more. This team member will help grow and create a culture of security innovation within the framework of an industry-standard security operations center.

You @ PNNL:

Your key responsibilities and accountabilities would include:

• Providing subject matter expertise on enterprise cyber security risks, threats, technologies, and their potential impacts to cyber security

• Providing an adversary mindset and understanding that drives a kill-chain activity-based approach to detection, response and recovery

• Providing continuous monitoring of authorized security control requirements and reporting system risks, application configurations or vulnerabilities

• Intercepting and preventing internal and external attacks against PNNL systems

• Assessing open source reporting and situational awareness data feeds to ensure the security of laboratory information and technology systems

• Partnering with cyber security researchers on data analysis, prototype implementation, collaboration, and feedback to operationalize our research solutions in security operations

• Interpreting, analyzing, and executing incident response actions for detected intrusions

• Preparing and presenting technical reports and briefings demonstrating the impact of security operations activities and actions

• Contributing to design, development and implementation of security operations tools, countermeasures and overall cyber security systems integration

• As necessary, sharing knowledge with external entities including law enforcement, intelligence and other government organizations and agencies

• Working in a cyber-program focused on collaboration, partnership, and “outside-the-box” creativity, while continually maturing our capabilities.

Envisioning Your Success @ PNNL:

Ultimately, success in this role comes as the cyber security capabilities and maturity across Protect, Detect and Respond at PNNL continuously improve and evolve in response to the changing threat, technology and business landscape. Your role and contributions, particularly in Detect and Respond, will be evident and visible to all stakeholders and your team. You will not only impact PNNL IT security, but your impact will extend to our R&D initiatives in cyber security. Success at PNNL requires a commitment to the mission, science and our sponsors, with a passion for leveraging your cyber security expertise to advance these.

Minimum Qualifications

• Technical field Bachelor of Science (B.S.) degree with 2-4 years’ experience in the cyber security field; Master’s Degree (M.S.) with 0-2 years’ in cyber security field

• Knowledge of network security architecture concepts including topology, protocols, components, and principles.

• Operating Systems knowledge and expertise in Windows, Unix or Linux

Preferred Qualifications

• Technical field Bachelor of Science (B.S.) degree in cyber security or computer science with 3-5 years’ specific experience in security operations

• Advanced Security Certification (CISSP, CISM, CEH, EnCE, SANS GIAC, etc.)

• Commitment to and experience with weekend or evening “on-call” duties in security operations roles

• Strong peer leadership, interpersonal, collaborative, and customer relationship skills are essential.

• Basic understanding of the cyber kill chain or attack vectors, red teaming and proactive cyber adversary hunting.

• Ability to conduct incident response lifecycle activities across detection & analysis, investigation & response and recovery

• Experience integrating threat intelligence into the incident response lifecycle

• Performing forensic analysis of digital information and gathers and handles evidence. Identifies network computer intrusion evidence and perpetrators.

• Clearly communicating technical information in various forms to leaders, peers, and customers.

• Ability to implement and operate intrusion detection/prevention systems, network penetration testing, vulnerability scanning, packet generators and sniffers, firewalls, and router systems.

• Working independently and leading collective team efforts to develop theories, ideas, and concepts around cyber security methodologies.

Equal Employment Opportunity

Battelle Memorial Institute (BMI) at Pacific Northwest National Laboratory (PNNL) is an Affirmative Action/Equal Opportunity Employer and supports diversity in the workplace. All employment decisions are made without regard to race, color, religion, sex, national origin, age, disability, veteran status, marital or family status, sexual orientation, gender identity, or genetic information. All BMI staff must be able to demonstrate the legal right to work in the United States. BMI is an E-Verify employer. Learn more at jobs.pnnl.gov.

Other Information

This position requires the ability to obtain and maintain a federal security clearance.

Requirements:

  • U.S. Citizenship

  • Background Investigation: Applicants selected will be subject to a Federal background investigation and must meet eligibility requirements for access to classified matter in accordance 10 CFR 710, Appendix B.

  • Drug Testing: All Security Clearance (L or Q) positions will be considered by the Department of Energy to be Testing Designated Positions which means that they are subject to applicant, random, and for cause drug testing. In addition, applicants must be able to demonstrate non-use of illegal drugs, including marijuana, for the 12 consecutive months preceding completion of the requisite Questionnaire for National Security Positions (QNSP).

Note: Applicants will be considered ineligible for security clearance processing by the U.S. Department of Energy until non-use of illegal drugs, including marijuana, for 12 consecutive months can be demonstrated.

Directorate: Comm & Information Technology

Job Category: Computation and Information Sciences

Group: Cyber Security Operations

Opening Date: 2018-10-24

Closing Date: 2019-01-21