Posting Title

Cybersecurity Engineering I/II

.

Location

CO - Golden

.

Position Type

Regular

.

Hours Per Week

40

.

Working at NLR

NLR is located at the foothills of the Rocky Mountains in Golden, Colorado is the nation's primary laboratory for energy systems research and development.

Join the National Laboratory of the Rockies (NLR), where world-class scientists, engineers, and experts are accelerating energy innovation through breakthrough research and systems integration. From our mission to our collaborative culture, NLR stands out in the research community for its commitment to an affordable and secure energy future. Spanning foundational science to applied systems engineering and analysis, we focus on solving complex challenges to deliver advanced, secure, reliable, and cost-effective energy solutions. Our work helps strengthen U.S. industries, support job creation, and promote national economic growth.

At NLR, you'll find a mission-driven environment supported by state-of-the-art facilities, multidisciplinary research teams, and strong collaborations with industry, academia, and other national laboratories. We offer robust professional development opportunities, and a competitive benefits package designed to support your career and well-being.

Job Description

The National Laboratory of the Rockies (NLR) is seeking a talented Cybersecurity Engineer to join the Computational Science Center (CSC) Advanced Computing Operations (ACO) group. This candidate must have an interest in making a difference in the world by helping to envision, develop, deploy, monitor, maintain, and analyze security posture and defense in an environment that supports a variety of applications and data-sharing platforms related to advancing integrated energy system technologies and markets.

 

This candidate will work to ensure information security is built into and maintained for systems deployed in and by the laboratory's Advanced Computing Operation Group. The ideal candidate excels at building relationships with project teams, effectively communicating complex security concepts in a clear and approachable manner. They are proactive and persistent in following up to ensure security best practices are implemented and maintained, with a collaborative and solutions-oriented approach to problem-solving. A strong sense of initiative and the ability to manage multiple priorities while fostering a culture of security across diverse teams are essential for success in this role.

 

In this position, you’ll join a tight‑knit team that implements systems security and configures the security posture of the platforms ACO oversees—spanning AWS, HPC, OpenStack, and purpose‑built environments. You’ll script and automate controls, produce security artifacts (screenshots, log exports), and monitor vulnerabilities across servers, networks, web applications, and cloud services. You’ll collaborate daily with developers, researchers, and system administrators to ensure appropriate security controls are considered at every stage of a project.

• Implement and harden security controls across heterogeneous environments; configure platform/security guardrails and verify enforcement.

• Script and automate security tasks using Bash and Python to meet control requirements (e.g., log collection, config checks, patch workflows).

• Monitor vulnerabilities and coordinate remediation with engineering teams across multiple platforms (servers, networks, web apps, cloud).

• Analyze logs using SIEM/log tools and produce meaningful reporting for stakeholders.

• Implement new capabilities required by DOE to enhance cybersecurity on ACO-managed systems.

• Partner closely with NLR Cyber Security, HPC Operations SAs, and Cloud Engineers; communicate clearly and confidently across diverse user and stakeholder groups.

 

You will need to develop a good rapport and work closely with the NLR Cyber Security group, HPC Operations systems administrators and Cloud engineers.

 

.

Basic Qualifications

Level I:
Relevant Bachelor's Degree or equivalent relevant education/experience. Limited use and/or application of basic principles, theories and concepts in specific field. Limited knowledge of related IS practices and standards. Good analytical and problem solving skills. Good written and verbal communication skills. Basic programming and/or maintenance ability with various computer software programs and information systems.

Level II:
Relevant Bachelor's Degree and 2 or more years of experience or equivalent relevant education/experience. Or, relevant Master's Degree or equivalent relevant education/experience. General knowledge and application of standards, principles, concepts and techniques in specific field. Some understanding of related IS practices and standards. Skilled in analytical techniques and practices, and problem solving. Skilled in written and verbal communication. Intermediate programming ability with various computer software programs and information systems.

Clearance: Must be able to obtain and maintain a DOE Q Security Clearance.
Eligibility requirements: To obtain a clearance, an individual must be at least 18 years of age and a U.S. citizen. See DOE O 472.2A for additional information.

* Must meet educational requirements prior to employment start date.

Additional Required Qualifications

​All candidates will need to have the following knowledge, skills and abilities:

• UNIX/Linux experience (administration, troubleshooting).

• Ability to script and automate with Bash and Python.

• Basic knowledge of security tools (IDS/IPS, firewalls, vulnerability scanners).

• Basic networking fundamentals (TCP/IP, DNS, common protocols).

• Basic understanding of encryption/cryptography (SSL/TLS, key management).

• Basic knowledge of access control & identity management.

In addition to each level requires:

IT Professional I - Advanced Computing:

• Skilled in analytical techniques and problem solving.

• Skilled in oral and written communication.

• Intermediate programming ability with various software programs and information systems.

IT Professional II - Advanced Computing:

• Strong leadership and project management skills; drive small initiatives

• Advanced analytical/problem solving with design and analysis abilities across software and information systems.

• Complete understanding and wide application of principles, concepts, and techniques in cybersecurity; general knowledge of related IS disciplines.

• Awareness of common threats, vulnerabilities, and attack vectors.

• Basic knowledge of incident response practices (identify, contain, mitigate).

• Effective communication (written and verbal), analytical mindset, and problem‑solving skills.

Preferred Qualifications

Preferred Qualifications:

Level I:

• Familiarity with enterprise/research computing (on‑prem/virtualized).
• SIEM/log analysis experience (e.g., Splunk, Elastic, Logstash).
• Experience identifying and remediating vulnerabilities; collaborates to address risk.
• Working knowledge of NIST SP 800‑53 and FIPS 199.

 

Level II:

• Experience implementing security controls across heterogeneous platforms (HPC, on‑prem/virtualized, applications).
• Incident response experience (investigation, containment, recovery, post‑incident review).
• Experience maintaining compliance with NIST SP 800‑53 and FIPS 199.

.

Job Application Submission Window

The anticipated closing window for application submission is up to 30 days and may be extended as needed.

Annual Salary Range (based on full-time 40 hours per week)

Job Profile: IT Professional II / Annual Salary Range: $83,600 - $150,500

Job Profile: IT Professional I / Annual Salary Range: $76,600 - $126,400

NLR takes into consideration a candidate’s education, training, and experience, expected quality and quantity of work, required travel (if any), external market and internal value, including seniority and merit systems, and internal pay alignment when determining the salary level for potential new employees. In compliance with the Colorado Equal Pay for Equal Work Act, a potential new employee’s salary history will not be used in compensation decisions.

Benefits Summary

Benefits include medical, dental, and vision insurance; short*- and long-term disability insurance; pension benefits*; 403(b) Employee Savings Plan with employer match*; life and accidental death and dismemberment (AD&D) insurance; personal time off (PTO) and sick leave; paid holidays; and tuition reimbursement*. NLR employees may be eligible for, but are not guaranteed, performance-, merit-, and achievement- based awards that include a monetary component. Some positions may be eligible for relocation expense reimbursement. Limited-term positions are not eligible for long-term disability or tuition reimbursement.

* Based on eligibility rules

Badging Requirement

NLR is subject to Department of Energy (DOE) access restrictions. All employees must also be able to obtain and maintain a federal Personal Identity Verification (PIV) card as required by Homeland Security Presidential Directive 12 (HSPD-12), which includes a favorable background investigation.

Drug Free Workplace

NLR is committed to maintaining a drug-free workplace in accordance with the federal Drug-Free Workplace Act and complies with federal laws prohibiting the possession and use of illegal drugs. Under federal law, marijuana remains an illegal drug.

If you are offered employment at NLR, you must pass a pre-employment drug test prior to commencing employment. Unless prohibited by state or local law, the pre-employment drug test will include marijuana. If you test positive on the pre-employment drug test, your offer of employment may be withdrawn.

Submission Guidelines

Please note that in order to be considered an applicant for any position at NLR you must submit an application form for each position for which you believe you are qualified. Applications are not kept on file for future positions. Please include a cover letter and resume with each position application.

.

Equal Opportunity Employer

All qualified applicants will receive consideration for employment without regard basis of age (40 and over), color, disability, gender identity, genetic information, marital status, domestic partner status, military or veteran status, national origin/ancestry, race, religion, creed, sex (including pregnancy, childbirth, breastfeeding), sexual orientation, and any other applicable status protected by federal, state, or local laws.

Reasonable Accommodations

E-Verify www.dhs.gov/E-Verify For information about right to work, click here for English or here for Spanish.

E-Verify is a registered trademark of the U.S. Department of Homeland Security. This business uses E-Verify in its hiring practices to achieve a lawful workforce.