Share this Job

Cyber Digital Investigator & Engineer

Date: Sep 25, 2022

Location: Oak Ridge, TN, US, 37830

Company: Oak Ridge National Laboratory

Requisition Id 7209 


Oak Ridge National Laboratory seeks a Cyber Digital Investigator & Engineer to join the Cyber Security Operations and Engineering group to assist with digital investigations, forensics, incident response, and cyber engineering enhancements.


This position will support all aspects of Cyber Security Operations and Engineering to include technical advice, design, and implementation of innovative projects, though primary duties will be to conduct digital investigations and forensics for incident response, threat hunting, authorized support of external entity investigations, and cyber engineering enhancements as required. The candidate will also work collaboratively with Cyber Security Operations Center, Cyber Policy & Risk Management, Security Plans & Exercises, Networking, Platform Services, Cyber Security Research teams, and assorted internal and external collaborators in order to improve cyber security visibility and posture. The candidate will be expected to have experience conducting digital investigations and formal training or certifications in appropriate field. Experience in law enforcement investigative techniques will be adequately weighed.


Major Duties/Responsibilities: 

  • Conduct digital and forensics investigations, to include malware analysis, image capturing and analysis for incident response, and other investigations as necessary by request of authorized officials
  • Help develop and modify tools to analyze forensic data and provide accurate information for activity review, to include remote access 
  • Provide support for cyber capabilities enhancement, collaborating with operations and research
  • Ability to create threat hunting hypotheses, then plan and scope Threat Hunting missions
  • Use Endpoint Detection and Response (EDR) tools to create new detection rules, identify threats and resolve alerts
  • Participate in penetration testing activities and exercises
  • Review and make recommendations to ensure secure implementation of both business systems and Industrial Controls Systems (ICS)
  • Collaborate with cyber security, network, data center operations, security operations center, cyber security research, and other staff to ensure appropriate configuration and implementation of security tools, both existing and emergent 
  • Standardize, document, maintain, and automate processes for monitoring, analyzing, responding to, and reporting of events
  • Create tactical, ad hoc scripts to supplement existing tool base as needed 
  • Extract and correlate large data sets (Elastic)
  • Must have experience with the following technologies: SIEM (Elastic), EDR (Endgame), Encase, FTK, F-Response, and other open-source forensic tools, CASB/SASE, vulnerability scanning tools, and others as needed
  • Assorted peripheral security tasks


Qualifications Required:  

Bachelor’s degree with a concentration in Computer Science, Cyber, or Forensics, with 5 years of experience in investigative techniques and experience in cyber or related field. Experience / certifications in digital forensics and investigations. A combination of education and experience may be considered for exceptional candidates with background in engineering, programming, and investigative techniques, and who possess an active security clearance.


  • Digital Forensics background and experience required, will be expected to succinctly discuss methodology throughout the investigative process in multiple scenarios
  • Solid understanding of MITRE ATT&CK methodology
  • Experience with SIEM Administration
  • Working knowledge of Azure or similar technologies
  • Experience with tool integration via API
  • Scripting and configuration language familiarity
  • Working knowledge of Active Directory with a focus in cyber security
  • Intermediate to advanced Linux skills with a focus in cyber security
  • Knowledge of end-to-end flow and understanding of networking concepts such as ports, protocols, listeners, perimeter traversal, packet analysis, etc.
  • Should have a basic understanding of SOAR development that will lead to better KPI and metrics for dashboards that filter out noise during IR engagements
  • Strong interpersonal and communication skills
  • This position requires the ability to obtain and maintain a clearance from the Department of Energy. As such, this position is a Workplace Substance Abuse (WSAP) testing designated position. WSAP positions require passing a pre-placement drug test and participation in an ongoing random drug testing program.


Qualifications Preferred:

  • Master’s Degree in Computer Science, Cyber, or Forensics
  • 2 + years of experience in investigative techniques
  • Penetration Testing experience or certifications
  • Industry certifications such as GIAC (SANS) certifications
  • Active DOE Q or Top-Secret clearance


This position will remain open for a minimum of 5 days after which it will close when a qualified candidate is identified and/or hired.

We accept Word (.doc, .docx), Adobe (unsecured .pdf), Rich Text Format (.rtf), and HTML (.htm, .html) up to 5MB in size. Resumes from third party vendors will not be accepted; these resumes will be deleted and the candidates submitted will not be considered for employment.

If you have trouble applying for a position, please email

ORNL is an equal opportunity employer. All qualified applicants, including individuals with disabilities and protected veterans, are encouraged to apply.  UT-Battelle is an E-Verify employer.

Nearest Major Market: Knoxville