Oak Ridge National Laboratory
HPC Cyber Security Engineer
Oak Ridge National Laboratory, Oak Ridge, Tennessee, United States, 37830
Overview
The National Center for Computational Sciences (NCCS) at Oak Ridge National Laboratory (ORNL) operates the fastest High Performance Computers (HPC) in the world. We are seeking innovative and creative Linux-focused engineers to play a key role in ensuring the security, performance, and reliability of the NCCS computing infrastructure. Our efforts support a highly-skilled user base of leading science teams globally. NCCS enables these teams to perform science that is not possible elsewhere. In return, instead of charging for compute and data allocations, we ask scientists to publish their work in open literature. If you are excited about applying DevSecOps best practices to HPCs, help us guarantee the integrity of open science publications that utilize NCCS supercomputing resources. The Team
The HPC Cybersecurity Engineering team is part of the NCCS Security and Information Engineering Group. It architects, develops, deploys, and maintains all facets of the Supercomputing-specific security program. We share incident response, blue team engineering, red team vulnerability research, policy architecture, and DevSecOps responsibilities, working with other teams to secure systems and acting as liaisons within ORNL's risk management framework. We are exclusively a Linux shop with challenges focused on scaling security tools in a high-performance environment and maintaining the integrity of scientific computing. About You
You deploy infrastructure and/or security controls as code, because automation lets you focus on difficult problems. You value collaboration and may have a GitHub account with projects. You may have more than a couple of our Preferred Qualifications and may or may not have prior HPC experience. You may have technical leadership experience and/or want to grow into this role. Major Duties / Responsibilities Translate complex technical concepts to communicate with scientific and management staff. Help shape the supercomputing security architectural vision and lead teams to evaluate novel scientific capabilities against core security values. Develop and maintain security applications deployed with container orchestration tools. Automate policy assessments to verify cybersecurity and operational policy. Engineer secure software development frameworks and tools. Define and implement best practices and standards within the organization. Analyze, triage, and respond to application, system, and network events. Install, maintain, and monitor common security systems such as NIDS/HIDS and SIEM. Interpret cybersecurity policy, recommend enhancements, and lead implementation efforts. Respond to system vulnerabilities and coordinate patches and updates. Perform approved penetration testing and verification. Document cybersecurity procedures. Participate in a 24/7 on-call incident response rotation.
Basic Qualifications
Bachelor's Degree in Computer Science or related field. Minimum of 5-7 years of relevant experience. Equivalent combination of education and experience will be considered.
Preferred Qualifications
Master's Degree in Computer Science or related field and 4-6 years of relevant experience. Strong understanding of cybersecurity concepts, best practices, and tools. Experience deploying and maintaining systems in UNIX/Linux environments. Solid understanding of networked computing environment concepts. DevSecOps mindset, including version control and scripting/programming experience. Ability to communicate effectively and work well in a team environment. Natural ability to understand and use new and emerging technologies. Experience with security tools such as NIDS/HIDS, vulnerability scanning, SIEM. Experience in a high-performance computing environment. Experience with incident response and forensics. Experience with automated configuration management tools such as Puppet or Ansible. Experience in network, application, and/or security architecture and design. Familiarity with common protocols such as DNS, DHCP, LDAP, SNMP, SMTP, HTTP, SSL.
Special Requirement
This position requires the ability to obtain and maintain a clearance from the Department of Energy. This is a Workplace Substance Abuse (WSAP) testing designated position requiring pre-placement drug testing and ongoing random drug testing.
Security, Credentialing, and Eligibility Requirements
For employment at ORNL, a Real ID compliant form of identification is required. ORNL is subject to DOE access restrictions. All employees must obtain and maintain a federal PIV card as mandated by HSPD-12 and DOE Order 473.1A, which requires a favorable post-employment background investigation. New employees must successfully complete a Federal Tier 1 background check investigation, including a declaration of illegal drug activities within the last year. Foreign nationals: if you have not resided in the U.S. for three consecutive years, you are not eligible for the PIV credential and will require a Local Site Specific Only (LSSO) risk determination to maintain employment; after three years, a PIV credential is required. About ORNL
ORNL is a DOE Office of Science national laboratory with an 80-year legacy. Our team comprises over 7,000 dedicated individuals. We value diverse perspectives to support our mission in addressing energy, environmental, and security challenges. ORNL offers competitive pay and benefits, including medical and retirement plans, flexible work hours, and on-site amenities. Benefits include prescription drug, dental, vision, 401(k), pension, life insurance, disability benefits, vacation and holidays, parental leave, legal insurance with identity theft protection, EAP, FSA, HSA, wellness programs, educational assistance, relocation assistance, and employee discounts. If you have difficulty applying or need an accommodation due to a disability, please email ORNLRecruiting@ornl.gov. This position will remain open for a minimum of 5 days after which it will close when a qualified candidate is identified and/or hired. We accept Word, PDF, RTF, and HTML resumes up to 5MB. Resumes from third-party vendors will not be accepted. If you have trouble applying, please email ORNLRecruiting@ornl.gov. ORNL is an equal opportunity employer. UT-Battelle is an E-Verify employer. #J-18808-Ljbffr
The National Center for Computational Sciences (NCCS) at Oak Ridge National Laboratory (ORNL) operates the fastest High Performance Computers (HPC) in the world. We are seeking innovative and creative Linux-focused engineers to play a key role in ensuring the security, performance, and reliability of the NCCS computing infrastructure. Our efforts support a highly-skilled user base of leading science teams globally. NCCS enables these teams to perform science that is not possible elsewhere. In return, instead of charging for compute and data allocations, we ask scientists to publish their work in open literature. If you are excited about applying DevSecOps best practices to HPCs, help us guarantee the integrity of open science publications that utilize NCCS supercomputing resources. The Team
The HPC Cybersecurity Engineering team is part of the NCCS Security and Information Engineering Group. It architects, develops, deploys, and maintains all facets of the Supercomputing-specific security program. We share incident response, blue team engineering, red team vulnerability research, policy architecture, and DevSecOps responsibilities, working with other teams to secure systems and acting as liaisons within ORNL's risk management framework. We are exclusively a Linux shop with challenges focused on scaling security tools in a high-performance environment and maintaining the integrity of scientific computing. About You
You deploy infrastructure and/or security controls as code, because automation lets you focus on difficult problems. You value collaboration and may have a GitHub account with projects. You may have more than a couple of our Preferred Qualifications and may or may not have prior HPC experience. You may have technical leadership experience and/or want to grow into this role. Major Duties / Responsibilities Translate complex technical concepts to communicate with scientific and management staff. Help shape the supercomputing security architectural vision and lead teams to evaluate novel scientific capabilities against core security values. Develop and maintain security applications deployed with container orchestration tools. Automate policy assessments to verify cybersecurity and operational policy. Engineer secure software development frameworks and tools. Define and implement best practices and standards within the organization. Analyze, triage, and respond to application, system, and network events. Install, maintain, and monitor common security systems such as NIDS/HIDS and SIEM. Interpret cybersecurity policy, recommend enhancements, and lead implementation efforts. Respond to system vulnerabilities and coordinate patches and updates. Perform approved penetration testing and verification. Document cybersecurity procedures. Participate in a 24/7 on-call incident response rotation.
Basic Qualifications
Bachelor's Degree in Computer Science or related field. Minimum of 5-7 years of relevant experience. Equivalent combination of education and experience will be considered.
Preferred Qualifications
Master's Degree in Computer Science or related field and 4-6 years of relevant experience. Strong understanding of cybersecurity concepts, best practices, and tools. Experience deploying and maintaining systems in UNIX/Linux environments. Solid understanding of networked computing environment concepts. DevSecOps mindset, including version control and scripting/programming experience. Ability to communicate effectively and work well in a team environment. Natural ability to understand and use new and emerging technologies. Experience with security tools such as NIDS/HIDS, vulnerability scanning, SIEM. Experience in a high-performance computing environment. Experience with incident response and forensics. Experience with automated configuration management tools such as Puppet or Ansible. Experience in network, application, and/or security architecture and design. Familiarity with common protocols such as DNS, DHCP, LDAP, SNMP, SMTP, HTTP, SSL.
Special Requirement
This position requires the ability to obtain and maintain a clearance from the Department of Energy. This is a Workplace Substance Abuse (WSAP) testing designated position requiring pre-placement drug testing and ongoing random drug testing.
Security, Credentialing, and Eligibility Requirements
For employment at ORNL, a Real ID compliant form of identification is required. ORNL is subject to DOE access restrictions. All employees must obtain and maintain a federal PIV card as mandated by HSPD-12 and DOE Order 473.1A, which requires a favorable post-employment background investigation. New employees must successfully complete a Federal Tier 1 background check investigation, including a declaration of illegal drug activities within the last year. Foreign nationals: if you have not resided in the U.S. for three consecutive years, you are not eligible for the PIV credential and will require a Local Site Specific Only (LSSO) risk determination to maintain employment; after three years, a PIV credential is required. About ORNL
ORNL is a DOE Office of Science national laboratory with an 80-year legacy. Our team comprises over 7,000 dedicated individuals. We value diverse perspectives to support our mission in addressing energy, environmental, and security challenges. ORNL offers competitive pay and benefits, including medical and retirement plans, flexible work hours, and on-site amenities. Benefits include prescription drug, dental, vision, 401(k), pension, life insurance, disability benefits, vacation and holidays, parental leave, legal insurance with identity theft protection, EAP, FSA, HSA, wellness programs, educational assistance, relocation assistance, and employee discounts. If you have difficulty applying or need an accommodation due to a disability, please email ORNLRecruiting@ornl.gov. This position will remain open for a minimum of 5 days after which it will close when a qualified candidate is identified and/or hired. We accept Word, PDF, RTF, and HTML resumes up to 5MB. Resumes from third-party vendors will not be accepted. If you have trouble applying, please email ORNLRecruiting@ornl.gov. ORNL is an equal opportunity employer. UT-Battelle is an E-Verify employer. #J-18808-Ljbffr