Cyber Security Engineer

Position Overview

Lawrence Berkeley National Lab’s (LBNL) National Energy Research Scientific Computing Center (NERSC) Division is seeking a Cyber Security Engineer to safeguard critical high performance computing systems and data. Working in a collaborative, interdisciplinary environment, you will be involved in monitoring potential threats, conducting vulnerability assessments, responding to security incidents, and shaping the security strategy as NERSC advances to exascale computing. This role directly supports the DOE Office of Science programs and provides essential support to roughly 10,000 users researching energy and environmental challenges.

Key Responsibilities

• Perform security duties including monitoring for threats, analyzing network traffic and log data, forensic analysis, and resolving security incidents.
• Support and/or lead cyber incident response activities throughout the full incident lifecycle.
• Maintain up-to-date awareness of cybersecurity threats and trends, assess emerging risks, and coordinate cross-team mitigation efforts.
• Assist with vulnerability assessments by configuring scanning tools, evaluating vulnerabilities, and guiding remediation efforts with staff and end-users.
• Participate in a 24/7 on-call rotation with occasional work outside scheduled hours.
• Contribute to the design and development of NERSC’s security architecture and evaluate new cyber security tools and technologies.
• Participate in or lead system upgrades including hardware deployment, configuration, and implementation of new security services.
• Manage cybersecurity systems through automation and manual administration while documenting technical processes and procedures.
• Develop and refine IDS signatures and monitoring rules to align with the latest attack vectors, reducing false positives and negatives.
• Lead or support the implementation of a Zero Trust strategy that mitigates risk while supporting NERSC’s open science mission.
• Promote a strong security culture through outreach, technical consulting, and security awareness activities.
• Collaborate with system engineers and software developers to integrate cybersecurity tools and processes across the center.
• Conduct in-depth security reviews and risk assessments, and document findings with actionable recommendations.
• Serve as a security subject matter expert on cross-functional projects ensuring that security is integrated at every phase.
• Contribute to the development of cybersecurity requirements, translating high-level policy into actionable controls and guidelines.
• Create technical guides, best practices, and other resources to assist staff and users in adhering to cybersecurity policies.
• Lead technical initiatives addressing containerized environments, secure software practices, Zero Trust Architecture, and secure data movement within HPC workflows.

Required Qualifications

• Bachelor’s degree in Computer Science or a related field with a minimum of 8 years of related experience; or 6 years with a Master’s degree; or equivalent experience.
• Proven experience in network defense, security monitoring, intrusion detection, vulnerability and risk assessment, penetration testing, or threat intelligence.
• Hands-on expertise in incident response activities including investigation, forensic analysis, and remediation of security events.
• Experience with configuration and management of security tools such as IDS (e.g., Snort, Suricata, Zeek), firewalls, and log analysis platforms.
• Skilled in collecting, parsing, and analyzing log data from diverse systems to detect and investigate security incidents.
• Familiarity with security tools used for code analysis, penetration testing, and vulnerability scanning, with demonstrated expertise in one or more tools.
• Strong knowledge of common security vulnerabilities, attacker TTPs, cybersecurity frameworks, and mitigation strategies.
• Understanding of network security concepts and upper-layer protocols.
• Experience developing scripts or programs in languages such as C, C++, Python, or Shell.
• Proven ability to work in Linux/Unix environments, including extensive command-line administration.
• Familiarity with configuration management tools like Ansible or Puppet.
• Demonstrated experience leading a project or team, or providing direction on technical initiatives.
• Strong troubleshooting, analytical, and multi-tasking skills to address complex issues.
• Ability to work both independently and collaboratively in interdisciplinary teams.
• Excellent verbal and written communication skills.

Preferred Qualifications

• Experience securing large-scale computing or open network environments.
• Background in High Performance Computing (HPC), higher education, or research environments.
• Experience designing and implementing Zero Trust architectures with a focus on authentication, authorization, and identity federation.
• Knowledge in securing container orchestration platforms and containerized workloads, including runtime security monitoring and secrets management.
• Experience integrating security tools into development and deployment pipelines and conducting security-focused code reviews.
• Understanding of API security including OAuth 2.0, JWT, and API key management.
• Familiarity with data analytics, machine learning, or statistical models applied to security analysis.

Benefits & Perks

• Full-time, career appointment with a monthly paid exempt status (no overtime).
• Compensation: Salary range between $129,948 to $219,276 per year with a targeted range of $146,184 to $178,668 per year based on skills, experience, and certifications.
• Eligible for flexible work modes with a hybrid schedule allowing on-site work at Berkeley Lab and telework (must reside within 150 miles of Berkeley Lab).
• Subject to a background check.
• Opportunities for interdisciplinary collaboration, professional development, and attendance at NERSC seminars covering diverse scientific and technical subjects.
• A supportive environment committed to scientific discovery, excellence, and open science.