Pacific Northwest National Laboratory Manager, Security Operations in RICHLAND, Washington

Organization and Job ID

Job ID: 309002

Directorate: Communications and Information Technology

Division: Cyber Security

Job Description

The Cyber Security Division at Pacific Northwest National Laboratory (PNNL) is looking for a manager and Deputy CISO for the Cyber Security Operations Center (CSOC). This position is responsible for leading the team of cyber defenders that detect and respond to cyber adversaries who threaten PNNL’s business and research. We are seeking someone with a passion for leading a team of cyber defenders who strive to deeply understand our adversaries, develop innovative analytics and detection solutions and proactively hunt and respond to adversary actions against PNNL. Equally, you’ll be a member of an experienced cyber security team with a culture of collaboration, creativity, partnership, and execution, so you will need to work well in that environment as well. We’re looking for someone who keeps up with cutting edge research in the field of adversary detection, vulnerability management, threat analytics, attack path visualizations, incident response, malware analysis, and more. This leader will sustain, grow and create a culture of security innovation within the framework of an industry leading security operations center.

  • Provides subject matter expertise on enterprise cyber security risks, threats, technologies, and potential impact.

  • Maintain an adversary understanding that drives a kill-chain activity based approach to detection, respond and recovery

  • Continually monitors against authorized security control requirements and reports system risks and application configurations or vulnerabilities.

  • Intercepts and prevents internal and external attacks or attempts against PNNL systems.

  • Partners with cyber security researchers on data analysis, prototype implementation, collaboration, and feedback to operationalize our research solutions in security operations.

  • Interprets, analyzes, and executes incident response actions for detected intrusion anomalies and events.

  • Conducts system, network, and software vulnerability assessments and penetration testing.

  • Prepares and presents technical reports and briefings demonstrating the impact of security operations activities and actions.

  • Contributes to design, development and implementation of countermeasures, cyber security systems integration, and leverages tools specific to cyber security operations.

  • As necessary, shares knowledge with external entities including law enforcement, intelligence and other government organizations and agencies.

  • Work in a cyber-program focused on collaboration, partnership, and “out of the box” creativity.

  • Manages the Cyber Security Operations Center (CSOC) activities, personnel and budget in accordance with PNNL and DOE requirements.

Minimum Qualifications

  • Technical field Bachelors of Science (B.S.) degree with 9-13 years of experience in IT; Masters with 7-11 years of experience; PhD with 4-8 years of experience;

  • Minimum of 7 years in the Information Security/Cyber Security field

  • 3 years in security operations lead or management role

  • Knowledge of network security architecture concepts including topology, protocols, components, and principles.

  • Operating Systems knowledge and expertise in Windows, Unix or Linux

Preferred Qualifications

  • Advanced Security Certification (CISSP, CISM, CEH, EnCE, SANS GIAC, etc.)

  • Experience with weekend or evening “on-call” duties in security operations

  • Exceptionally strong peer leadership, interpersonal, collaborative, and customer relationship skills are essential.

  • Thorough understanding of the cyber kill chain or attack vectors.

  • Experience red teaming and proactive cyber adversary hunting.

  • Keen ability to anticipate and recognize cyber security threats.

  • Use practical knowledge to effectively remediate threats, and modify activities and priorities to anticipate and respond to changing conditions.

  • Experience working in, leading and building an industry-leading security operations center.

The candidate should be able to demonstrate hands-on experience in:

  • Network protocols, uses, and potential exploitation by malicious software.

  • Applying layered computer network defense techniques and network policy architectures

  • Tracking malware infections across a wide enterprise

  • Clearly communicating technical information in various forms to senior management, peers, and customers.

  • Ability to implement and operate intrusion detection/prevention systems, network penetration testing, vulnerability scanning, packet generators and sniffers, firewalls, and router systems.

  • Working independently and leading collective team efforts to develop theories, ideas, and concepts around cyber security methodologies.

Equal Employment Opportunity

Battelle Memorial Institute (BMI) at Pacific Northwest National Laboratory (PNNL) is an Affirmative Action/Equal Opportunity Employer and supports diversity in the workplace. All employment decisions are made without regard to race, color, religion, sex, national origin, age, disability, veteran status, marital or family status, sexual orientation, gender identity, or genetic information. All BMI staff must be able to demonstrate the legal right to work in the United States. BMI is an E-Verify employer. Learn more at

Other Information

This position requires the ability to obtain and maintain a federal security clearance.


  • U.S. Citizenship

  • Background Investigation: Applicants selected will be subject to a Federal background investigation and must meet eligibility requirements for access to classified matter in accordance 10 CFR 710, Appendix B.

  • Drug Testing: All Security Clearance (L or Q) positions will be considered by the Department of Energy to be Testing Designated Positions which means that they are subject to applicant, random, and for cause drug testing. In addition, applicants must be able to demonstrate non-use of illegal drugs, including marijuana, for the 12 consecutive months preceding completion of the requisite Questionnaire for National Security Positions (QNSP).

Note: Applicants will be considered ineligible for security clearance processing by the U.S. Department of Energy until non-use of illegal drugs, including marijuana, for 12 consecutive months can be demonstrated.

Directorate: Comm & Information Technology

Job Category: Managers

Group: Cyber Security - CIT

Opening Date: 2019-02-27

Closing Date: 2019-03-28