Job Details

Lawrence Berkeley National Laboratory
  • Position Number: 2294486
  • Location: Berkeley, CA
  • Position Type: Computer and Information Technology
Cyber Security Engineer - 92649

Organization: IC-Information Technology

Lawrence Berkeley National Laboratory's Information Technology Division has an opening for a Cyber Security Engineer.

This position will support the operational goal of protecting the Laboratory from malicious and unauthorized computer activity. Working both independently and closely with other security engineers, the Computer Systems Engineer I will conduct Incident Response, including responding to alerts and anomalous activities, triaging tasks, engaging with IT support personnel and end-users on mitigations and resolutions, and proposing solutions to prevent future incidents. When not engaged in Incident Response, this position will assist with cyber security compliance/outreach activities, including identifying non-compliant or vulnerable systems and notifying their owners, reviewing and removing unused configurations, writing documentation, providing guidance on secure implementations, and proposing or implementing improvements to detection/automation.

What You Will Do:

In collaboration with team members, perform cyber security monitoring, incident response, forensic analysis, and resolution of cyber security incidents.

Maintain situational awareness of on-going cyber security threats in the broader community via mailing lists, chat channels, blog posts, social media, and news sources.

Independently examine a wide range of data, including Zeek logs, Netflow data, centralized syslog, and authentication logs to detect cyber security incidents with broad supervision.

Identify non-compliant or vulnerable systems and conduct outreach to system owners to work through resolution, or engage other IT staff for assistance.

Develop high quality documentation of technical systems, policies, processes, and procedures for use internally within the group, throughout the Lab, and externally by partner organizations.

Maintain Cyber Security training course material used by the Lab community, ensuring it is up-to-date, relevant, accurate, and concise.

Working with the Systems Security Architect, review designs and provide guidance to Lab staff and the R&E community on securing computer systems.

Assist with changes to cyber security infrastructure, including network devices, tap aggregation equipment, commodity servers, and specialized appliances.

Develop tools, scripts, or reports to enhance productivity of Incident Response and Threat Hunting.

What is Required:

Bachelor's degree and a minimum of 2 years of experience in the Information Technology field or an equivalent combination of education and experience.

Experience with TCP/IP networks and the functions and services of those networks, including: ARP, DNS, DHCP, wireless networking, IPv6, etc.

Ability to work in a Linux or UNIX environment and primarily at a Command Line Interface (CLI)

Understanding of campus-scale or enterprise-scale IT infrastructure and organizations in an open research network.

Ability to meet responsiveness expectations after-hours, with occasionally nights and weekends work to respond to priority issues.

Desired Qualifications:

The following skills are not required, but if you have expertise in any of these areas consider applying to this position, you\\\\'d fit in well with our team and technology stack.

Experience with computing in an open network environment and understanding the unique challenges of such an environment.

Experience with Active Directory, especially as it relates to securing Active Directory in an enterprise setting.

Experience with tcpdump, Wireshark, Zeek, Suricata, Snort, Netflow.

Experience provisioning cloud services such as AWS, GCP, Azure, or Cloudflare and integrating with on-premise resources.

Experience with virtualization technologies, including VMware ESXi, Hyper-V, Proxmox, KVM, Xen, etc.

Experience with automation or configuration management tools, such as Puppet, Ansible, Chef, Foreman, SCCM.

Knowledge or demonstrable skills of penetration testing, including vulnerability scanning, attack chaining, credential cracking, and social engineering.

Knowledge of container technologies, including Docker and Kubernetes.


This is a full-time career appointment, exempt (monthly paid) from overtime pay.

This position will be hired at a level commensurate with the business needs and the skills, knowledge, and abilities of the successful candidate.

This position may be subject to a background check. Any convictions will be evaluated to determine if they directly relate to the responsibilities and requirements of the position. Having a conviction history will not automatically disqualify an applicant from being considered for employment.

Work will be primarily performed at Lawrence Berkeley National Lab, 1 Cyclotron Road, Berkeley, CA.

How To Apply

Apply directly online at and follow the on-line instructions to complete the application process.

Equal Employment Opportunity: Berkeley Lab is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, or protected veteran status. Berkeley Lab is in compliance with the Pay Transparency Nondiscrimination Provision under 41 CFR 60-1.4. Click here ( to view the poster and supplement: \\\\"Equal Employment Opportunity is the Law.\\\\"


By continuing to use our site, you agree to our Terms of Service and Privacy Policy. Learn more about how we use cookies by reviewing our Cookie Policy.