National Laboratory of the Rockies · 1 month ago
Cyber Defense Operations Researcher
Golden, CO
Full-time
Onsite
Mid, Senior Level
$117K/yr - $211K/yr
3+ years expThe National Renewable Energy Laboratory (NREL) is the nation's primary laboratory for energy systems research and development. They are seeking a mid-career Cyber Defense Operations Researcher to join their Cybersecurity Research Center, focusing on applied research at the intersection of cybersecurity and energy systems to secure the nation's energy infrastructure.
Clean EnergyCleanTechEnergyRenewable Energy
No H1B
Security Clearance RequiredU.S. Citizen Only
Responsibilities
Lead incident-response and detection research strategy, shaping experiment design, modeling approach, and scientific rigor
Architect and direct incident-response exercises spanning IT/OT/cyber-physical environments; develop crisis-response workflows
Design, validate, and operationalize advanced detection engineering solutions, drive automation strategy
Extend cybersecurity frameworks to produce new research methodologies and defense evaluation techniques
Lead forensic investigations; produce reproducible analysis packages suitable for publication/Department of Energy (DOE) deliverables
Translate research outcomes into resilience strategies, quantitative performance metrics, and sponsor-ready deliverables
Lead proposal development and serve as primary/lead author on technical publications or conference presentations
Build and lead cross-functional research teams; set objectives, track deliverables, manage schedules, and brief leadership
Guide the development of defensible architecture and automated incident response exercise pipelines in the cyber range
Provide sustained mentorship to junior researchers, act as a technical resource and role model within the laboratory
Conduct cyber range experimentation to support incident response and detection research (malware/log analysis, defensive modeling)
Execute incident-response exercises (live-fire, playbook testing, crisis workflows) with guidance from senior staff
Develop and refine detection artifacts (Security Information and Event Management (SIEM) rules, use-cases, enrichment logic, automation scripts)
Apply standard cybersecurity frameworks (MITRE ATT&CK / ICS ATT&CK, NIST IR lifecycle) to inform experiment design
Perform forensic evidence collection and contribute timelines, artifacts, and post-incident analysis
Document research outcomes and integrate findings into resilience models and incident-response playbooks
Contribute written sections to research proposals, reports, and publications
Collaborate with interdisciplinary teams (modeling, energy systems, cyber monitoring) to support experimental execution
Support development of the cyber range monitoring infrastructure and automation scripts
Share knowledge and assist interns or junior researchers when appropriate
Qualification
Required
Relevant PhD and 4 or more years of experience. Or, relevant Master's Degree and 7 or more years of experience. Or, relevant Bachelor's Degree and 9 or more years of experience
Demonstrated in-depth knowledge of laws, regulations, principles, procedures and practices related to specific field
Excellent leadership, communication, problem solving and project management skills
Ability to use various computer software programs
Must be able to obtain and maintain a DOE security clearance at the Q/TS/SCI level. A polygraph may be required
Understanding and application of project management principles, concepts, practices, and standards
Ability to travel as needed up to 25%
Preferred
Advanced experience in Incident Response, threat hunting, forensics, malware analysis, preferably in critical infrastructure environments
Deep understanding of detection engineering and monitoring at enterprise/OT scale; ability to architect solutions
Strong proficiency in automation/scripting applied to tooling development and scalable IR workflows
Applied expertise in Industrial Control Systems (ICS)/OT systems and energy sector architectures; recognized in this technical space
Demonstrated record of producing reproducible research-grade results (peer-reviewed publications, conference papers)
Skilled communicator able to brief DOE sponsors, industry partners, and senior leadership
Proven ability to lead cross-functional research efforts, secure research funding, and mentor staff
Hands-on experience in incident response, Security Operation Center (SOC) operations, threat hunting, forensics, or malware analysis
Working knowledge of detection and monitoring architectures (SIEM, EDR/XDR, packet capture tools, basic OT visibility)
Proficiency with scripting/automation languages (Python, PowerShell, Bash) to support workflows
Familiarity with ICS/OT and energy sector concepts (Modbus, DNP3, IEC standards) or willingness to learn
Demonstrated ability to produce defensible IR findings and contribute to reports and after-action documentation
Effective written and verbal communication in multidisciplinary research environments
Ability to work independently while collaborating across functional research teams
Benefits
Benefits include medical, dental, and vision insurance
Short- and long-term disability insurance
Pension benefits
403(b) Employee Savings Plan with employer match
Life and accidental death and dismemberment (AD&D) insurance
Personal time off (PTO) and sick leave
Paid holidays
Tuition reimbursement
Company
National Laboratory of the Rockies
The U.S. Department of Energy's primary national laboratory for energy systems research and development.
1001-5000 employees
Funding
Current Stage
Late StageTotal Funding
$166.09MKey Investors
US Department of EnergyARPA-E
2024-09-04Grant
2023-09-21Grant· $1M
2023-05-22Grant· $150M
Leadership Team
Clay Sumner
Deputy Chief Financial Officer
Jennifer L.
Chief Financial Officer
Recent News
Clean Technica
2025-11-27
2025-11-12
2025-11-07
Company data provided by crunchbase