Requisition Id 15329

­­Overview:

The National Center for Computational Sciences (NCCS) at Oak Ridge National Laboratory (ORNL) operates the fastest High Performance Computers (HPC) in the world. We are seeking innovative and creative Linux-types to play a key role in ensuring the security, performance, and reliability of the NCCS computing infrastructure. Our efforts support a highly-skilled user base consisting of the best-of-the-best science teams around the world. NCCS enables these teams to perform science that is just not possible anywhere else. In return, and instead of charging for compute and data allocations, we ask these scientists to publish their work in open literature. If you are excited about applying DevSecOps best practices to HPCs, come help us guarantee the integrity of open science publications that utilize NCCS supercomputing resources.

The Team:

The HPC Cybersecurity Engineering team is one half of the NCCS Security and Information Engineering Group. It is tasked with architecting, developing, deploying, and maintaining all facets of the Supercomputing-specific technical security program (which is an enclave of the broader ORNL network). We recognize that there are many security disciplines and keep ourselves sharp by sharing incident response, blue team engineering, red team vulnerability research, policy architecture, and DevSecOps responsibilities with each other. We work hand-in-hand with other teams to help them secure their systems and act as liaisons between ORNL’s broader risk management framework. We are exclusively a Linux shop without enterprise phishing and mobile device security headaches; instead our security problems revolve around unique challenges such as the scaling of security tools in a high performance environment and maintaining the integrity of scientific computing.

About You:

You deploy infrastructure and/or security controls as code because automation lets you focus on the more difficult and rewarding problems. You love working with others because the ‘best solutions’ to a problem are a product of collaboration. You may have a GitHub account with cool projects. You may have more than a couple of our Preferred Qualifications and probably do not yet have any prior HPC experience. You may have technical leadership experience and/or want to grow into this role. You may or may not think Hackers is an incredible movie.

Major Duties/Responsibilities:

• Translate complex technical concepts to better communicate with scientific and managment staff.
• Help shape the Supercomputing security architectural vision and lead teams to evaluate novel scientific capabilities against our core security values.
• Develop and maintain security applications deployed with container orchestration tools.
• Automate policy assessments to verify cyber security and operational policy.
• Engineer secure software development frameworks and tools.
• Define and implement best practices and standards within the organization.
• Analyze, triage, and respond to application, system, and network events. Install, maintain, and monitor common security systems such as (N/H)IDS and SIEM.
• Interpret cyber security policy, recommend enhancements to current policies, and lead subsequent implementation efforts.
• Respond to system vulnerabilities and coordinate system patches and updates. Perform approved penetration testing and verification.
• Document cyber security procedures.
• Participate in a 24-hour, 7-day on-call incident response rotation.

Basic Qualifications:

• Bachelor's Degree in Computer Science or related field.
• Minimum of 5-7 years of relevant experience.
• Equivalent combination of education and experience will be considered.

Preferred Qualifications:

• Master’s Degree in Computer Science or related field and 4-6 years of relevant experience.
• Strong understanding of cyber security concepts, best practices, and tools.
• Experience deploying and maintaining systems in UNIX/Linux environments.
• Solid understanding of networked computing environment concepts.
• A DevSecOps mindset, including version control and scripting/programming experience
• Ability to communicate effectively and work well in a team environment.
• Natural ability to understand and use new and emerging technologies
• Experience with security tools such as NIDS/HIDS, Vulnerability Scanning, SIEM
• Experience in a high-performance computing environment
• Experience with incident response and engaging in forensics
• Experience with automated configuration management tools such as Puppet or Ansible.
• Experience in network, application, and/or security architecture and design.
• Familiarity with common protocols such as: DNS, DHCP, LDAP, SNMP, SMTP, HTTP, SSL.

Special Requirement:

• This position requires the ability to obtain and maintain a clearance from the Department of Energy. As such, this position is a Workplace Substance Abuse (WSAP) testing designated position. WSAP positions require passing a pre-placement drug test and participation in an ongoing random drug testing program.
  
  

Security, Credentialing, and Eligibility Requirements:
For employment at Oak Ridge National Laboratory (ORNL), a Real ID compliant form of identification will be required. Additionally, ORNL is subject to Department of Energy (DOE) access restrictions. All employees must also be able to obtain and maintain a federal Personal Identity Verification (PIV) card as mandated by Homeland Security Presidential Directive 12 (HSPD-12) and Department of Energy (DOE) Order 473.1A, which requires a favorable post-employment background investigation.

To obtain this credential, new employees must successfully complete and pass a Federal Tier 1 background check investigation. This investigation includes a declaration of illegal drug activities, including use, supply, possession, or manufacture within the last year. This includes marijuana and cannabis derivatives, which are still considered illegal under federal law, regardless of state laws.

For foreign national candidates:
If you have not resided in the U.S. for three consecutive years, you are not eligible for the PIV credential and instead will need to obtain a favorable Local Site Specific Only (LSSO) risk determination to maintain employment. Once you meet the three-year residency requirement, you will be required to obtain a PIV credential to maintain employment.

About ORNL:

As a U.S. Department of Energy (DOE) Office of Science national laboratory, ORNL has an impressive 80-year legacy of addressing the nation’s most pressing challenges. Our team is made up of over 7,000 dedicated and innovative individuals! Our goal is to create an environment where a variety of perspectives and backgrounds are valued, ensuring ORNL is known as a top choice for employment. These principles are essential for supporting our broader mission to drive scientific breakthroughs and translate them into solutions for energy, environmental, and security challenges facing the nation.

ORNL offers competitive pay and benefits programs to attract and retain individuals who demonstrate exceptional work behaviors. The laboratory provides a range of employee benefits, including medical and retirement plans and flexible work hours, to support the well-being of you and your family. Employee amenities such as on-site fitness, banking, and cafeteria facilities are also available for added convenience.

Other benefits include the following: Prescription Drug Plan, Dental Plan, Vision Plan, 401(k) Retirement Plan, Contributory Pension Plan, Life Insurance, Disability Benefits, Generous Vacation and Holidays, Parental Leave, Legal Insurance with Identity Theft Protection, Employee Assistance Plan, Flexible Spending Accounts, Health Savings Accounts, Wellness Programs, Educational Assistance, Relocation Assistance, and Employee Discounts.

If you have difficulty using the online application system or need an accommodation to apply due to a disability, please email: ORNLRecruiting@ornl.gov.

This position will remain open for a minimum of 5 days after which it will close when a qualified candidate is identified and/or hired.

We accept Word (.doc, .docx), Adobe (unsecured .pdf), Rich Text Format (.rtf), and HTML (.htm, .html) up to 5MB in size. Resumes from third party vendors will not be accepted; these resumes will be deleted and the candidates submitted will not be considered for employment.

If you have trouble applying for a position, please email ORNLRecruiting@ornl.gov.

ORNL is an equal opportunity employer. All qualified applicants, including individuals with disabilities and protected veterans, are encouraged to apply. UT-Battelle is an E-Verify employer.

This position will remain open for a minimum of 5 days after which it will close when a qualified candidate is identified and/or hired.

We accept Word (.doc, .docx), Adobe (unsecured .pdf), Rich Text Format (.rtf), and HTML (.htm, .html) up to 5MB in size. Resumes from third party vendors will not be accepted; these resumes will be deleted and the candidates submitted will not be considered for employment.

If you have trouble applying for a position, please email ORNLRecruiting@ornl.gov.

ORNL is an equal opportunity employer. All qualified applicants, including individuals with disabilities and protected veterans, are encouraged to apply. UT-Battelle is an E-Verify employer.