Share this Job

Cyber Security Engineer - Associate Level

Date: Jun 22, 2022

Location: Oak Ridge, TN, US, 37830

Company: Oak Ridge National Laboratory

Requisition Id 8496 


Oak Ridge National Laboratory seeks a Cyber Security Engineer to join the Cyber Operations, Governance, Integrated Research Liaison Group to assist with tool integration, threat hunting, and cyber engineering enhancements.


This position will support all aspects of Cyber Security Operations to include technical advice, design, and implementation of innovative projects, though primary duties will be Cyber tool integration and administration, threat hunting, and cyber engineering enhancements as required. You will also work collaboratively with assorted internal and external collaborators in order to improve cyber security visibility and posture. You will be expected to have experience conducting engineering tasks and should have experience with administration of log aggregation platforms, significant programming skills, and solid understanding of data streaming architecture.


Major Duties/Responsibilities:

  • Help develop and modify Cybersecurity tools to analyze data and provide accurate information for activity review, to include remote access
  • Provide support for cyber capabilities enhancement, collaborating with operations and research
  • Ability to create threat hunting hypotheses, then plan and scope Threat Hunting missions
  • Use Endpoint Detection and Response (EDR) tools to create new detection rules, identify threats and resolve alerts
  • Participate in penetration testing activities and exercises
  • Review and make recommendations to ensure secure implementation of both business systems and Industrial Controls Systems (ICS)
  • Collaborate with cyber security, network, data center operations, security operations center, cyber security research, and other staff to ensure appropriate configuration and implementation of security tools, both existing and emergent
  • Standardize, document, maintain, and automate processes for monitoring, analyzing, responding to, and reporting of events
  • Create tactical, ad hoc scripts to supplement existing tool base as needed
  • Extract and correlate large data sets (Elastic)
  • Parse data via Logstash or other data parsing toolsets
  • Must have experience with the following technologies: SIEM (Elasticsearch/Splunk), vulnerability scanning tools, and others as needed
  • Assorted peripheral security tasks


Basic Qualifications Required:  

  • Bachelor’s degree with a concentration in computer science, cyber, networking, or information technology, with a minimum of 2 years of experience in programming or automation, though a combination of education and experience may be considered for exceptional candidates.
  • Experience with SIEM Administration/ Data pipeline infrastructure
  • Programming experience required, multi-lingual preferred
  • Experience with Hadoop, Accumulo, Elastic Stack, Spark, and/or related technologies
  • Should have scripting and configuration language familiarity such as bash, json, markup (yaml) and be familiar with git version control 
  • Intermediate to advanced Linux skills with a focus in cyber security, as well as familiarity with containerization technologies such as Docker 
  • Should have in-depth understanding of threat hunting (taking the tools, logs, data, and attack frameworks and creating actionable hypothesis to investigate) 
  • Strong interpersonal and communication skills


Qualifications Preferred:

  • Working knowledge of information technology and cyber security topics, including network flow, log analysis, cyber security visualization, and programming
  • Experience with tool integration via API
  • Strong understanding of Operating Systems Architecture
  • Strong understanding of Networking Fundamentals
  • Industry certifications such as CompTIA (A+, Net+, or Sec)+, CEH, Linux, or GIAC (SANS) certifications
  • Active Top Secret or DOE Q clearance


Special Requirement:

This position requires the ability to obtain and maintain a clearance from the Department of Energy. As such, this position is a Workplace Substance Abuse (WSAP) testing designated position. WSAP positions require passing a pre-placement drug test and participation in an ongoing random drug testing program.


Benefits at ORNL:  

UT Battelle offers an exceptional benefits package to include matching 401K, Pension Plan, Paid Vacation and Medical / Dental plan. Onsite amenities include Credit Union, Medical Clinic and free Fitness facilities.   

For more information about our benefits, working here, and living here, visit the “About” tab at




This position will remain open for a minimum of 5 days after which it will close when a qualified candidate is identified and/or hired.

We accept Word (.doc, .docx), Adobe (unsecured .pdf), Rich Text Format (.rtf), and HTML (.htm, .html) up to 5MB in size. Resumes from third party vendors will not be accepted; these resumes will be deleted and the candidates submitted will not be considered for employment.

If you have trouble applying for a position, please email

ORNL is an equal opportunity employer. All qualified applicants, including individuals with disabilities and protected veterans, are encouraged to apply.  UT-Battelle is an E-Verify employer.

Nearest Major Market: Knoxville