NLR is seeking a mid-career cyber defense operations researcher to join its Cybersecurity Research Center (CRC). The CRC conducts applied research at the intersection of cybersecurity, energy systems, and national resilience—developing the tools, methods, and scientific foundations necessary to secure and sustain the nation’s evolving energy infrastructure.
Requirements
- Advanced experience in Incident Response, threat hunting, forensics, malware analysis, preferably in critical infrastructure environments.
- Deep understanding of detection engineering and monitoring at enterprise/OT scale; ability to architect solutions.
- Strong proficiency in automation/scripting applied to tooling development and scalable IR workflows.
- Applied expertise in Industrial Control Systems (ICS)/OT systems and energy sector architectures; recognized in this technical space.
- Working knowledge of detection and monitoring architectures (SIEM, EDR/XDR, packet capture tools, basic OT visibility).
- Proficiency with scripting/automation languages (Python, PowerShell, Bash) to support workflows.
- Familiarity with ICS/OT and energy sector concepts (Modbus, DNP3, IEC standards) or willingness to learn.
Responsibilities
- Lead incident-response and detection research strategy, shaping experiment design, modeling approach, and scientific rigor.
- Architect and direct incident-response exercises spanning IT/OT/cyber-physical environments; develop crisis-response workflows.
- Design, validate, and operationalize advanced detection engineering solutions, drive automation strategy.
- Extend cybersecurity frameworks to produce new research methodologies and defense evaluation techniques.
- Lead forensic investigations; produce reproducible analysis packages suitable for publication/Department of Energy (DOE) deliverables.
- Translate research outcomes into resilience strategies, quantitative performance metrics, and sponsor-ready deliverables.
- Build and lead cross-functional research teams; set objectives, track deliverables, manage schedules, and brief leadership.
Other
- Must be able to obtain and maintain a DOE security clearance at the Q/TS/SCI level. A polygraph may be required.
- Understanding and application of project management principles, concepts, practices, and standards
- Ability to travel as needed up to 25%
- Excellent leadership, communication, problem solving and project management skills.
- Very good writing, interpersonal and communication skills.
