Posting Title

Senior Researcher – Industrial Control Systems Security

.

Location

CO - Golden

.

Position Type

Regular

.

Hours Per Week

40

.

COVID-19 Safety Protocols

Employment at NREL is contingent upon your compliance with all NREL and U.S. Department of Energy (DOE) safety protocols and mitigation efforts directed at the COVID-19 pandemic.

Working at NREL
The National Renewable Energy Laboratory (NREL), located at the foothills of the Rocky Mountains in Golden, Colorado is the nation's primary laboratory for research and development of renewable energy and energy efficiency technologies.

From day one at NREL, you’ll connect with coworkers driven by the same mission to save the planet. By joining an organization that values a supportive, inclusive, and flexible work environment, you’ll have the opportunity to engage through our eight employee resource groups, numerous employee-driven clubs, and learning and professional development classes.

NREL supports inclusive, diverse, and unbiased hiring practices that promote creativity and innovation. By collaborating with organizations that focus on diverse talent pools, reaching out to underrepresented demographics, and providing an inclusive application and interview process, our Talent Acquisition team aims to hear all voices equally. We strive to attract a highly diverse workforce and create a culture where every employee feels welcomed and respected and they can be their authentic selves.

Our planet needs us! Learn about NREL’s critical objectives, and see how NREL is focused on saving the planet.

Note: Research suggests that potential job seekers may self-select out of opportunities if they don't meet 100% of the job requirements. We encourage anyone who is interested in this opportunity to apply. We seek dedicated people who believe they have the skills and ambition to succeed at NREL to apply for this role.

Job Description

The Cybersecurity Evaluation and Application Group (CEAG), within NREL’s Energy and Security Resilience Center, performs research to better understand the threats, detection strategies and mitigation opportunities for renewable energy infrastructure and distributed energy resources.  Our efforts include technical assessments of existing technologies and near-term innovations, research into industrial control systems security, network architectures and protocols, as well as informing the development and application of cybersecurity frameworks and policy.  CEAG researchers collaborate with government and industry partners to contribute to a more secure and resilient renewable energy infrastructure with global impact. 

Cybersecurity Evaluation and Application Group applied cybersecurity researchers perform hands-on technical research and assessments. Researchers have the opportunity to drive NREL research in ICS security and help advance a rapidly growing cybersecurity portfolio. Team members work alongside current NREL research staff to utilize the best-in-class cyber range to deploy applicable large scale test environments, perform hardware-in-the-loop technology assessments, and research ICS threats, detection, and mitigation strategies as they pertains to renewable energy.  Research spans across ICS and renewable energy technologies and includes collaboration and partnership with utility and cyber security solution providers as well as government stakeholders.

NREL is seeking an experienced industrial control systems security professional to drive new research initiatives focused on current and emerging threats to the evolving electric grid. The successful candidate will bring a strong technical security background, a familiarity with cybersecurity best practices for distributed energy, a passion for leading and driving new research in the space as well as the ability to collaborate with partners from across national labs, Department of Energy, industry, and academia.  

Responsibilities

• Drive new research initiatives related to the current and evolving threats facing the security of distributed energy systems
• Collaborate with fellow researchers, Department of Energy staff as well as industrial partners to ensure research relevance and impact
• Provide applied technical leadership in performing security research
• Maintain familiarity with applicable security guidance and best practices applied in industry
• Coordinate with Cyber Range development and operations staff to further lab capabilities
• Mentor junior researchers and postdoctoral researchers
• In addition to technical research, the role requires significant technical writing, presentation of research materials at conferences, symposia, and sponsor review meetings, direct customer and stakeholder engagement

.

Basic Qualifications
Relevant PhD and 4 or more years of experience . Or, relevant Master's Degree and 7 or more years of experience . Or, relevant Bachelor's Degree and 9 or more years of experience . Demonstrated in-depth knowledge of laws, regulations, principles, procedures and practices related to specific field. Excellent leadership, communication, problem solving and project management skills. Ability to use various computer software programs.

.

Additional Required Qualifications

• Demonstrated experience securing distributed critical infrastructure systems through involvement with system architecture, deployment, operations, and monitoring
• Experience deploying and configuring operational technology system components such as Supervisory Control and Data Acquisition (SCADA), RTUs, PLCs, and HMIs
• Familiarity with applicable security frameworks, best practices and guidance as provided by IEC62443, NERC CIP, NIST and IEEE
• Understanding of MITRE ATT&CK for ICS to develop real-world security test strategies
• Excellent leadership, communication, problem solving and project management skills
• Strong writing and public speaking skills demonstrated through proposals, presentations, business development and/or customer engagement

Preferred Qualifications

• Demonstrated knowledge of and experience with distributed energy system deployments and operations (ex. wind, solar, battery storage systems)
• Experience leveraging complex simulated/emulated environments to facilitate security assessment, testing or research
• Experience with power systems modeling and simulation tools such as OpenDSS and PowerWorld
• Experience with red or purple team engagements against OT systems
• Basic knowledge of networking fundamentals (routing, switching, VLANs, etc.)
• Certifications that demonstrate proficiency in cybersecurity best practices, ICS security and/or vulnerability assessment (Examples: GICSP, CSSA, GPEN, OSCP, CISSP)
• Experience with wireless communications for industrial applications
• Experience with Python, Bash, C or other programming/scripting languages
• Experience working with both Windows and Linux operating systems

.

Annual Salary Range (based on full-time 40 hours per week)
Job Profile: Researcher IV / Annual Salary Range: $90,600 - $163,100

Job Profile: Researcher III / Annual Salary Range: $75,500 - $135,900

NREL takes into consideration a candidate’s education, training, and experience, as well as the position's work location, expected quality and quantity of work, required travel (if any), external market and internal value, including seniority and merit systems, and internal pay alignment when determining the salary level for potential new employees. In compliance with the Colorado Equal Pay for Equal Work Act, a potential new employee’s salary history will not be used in compensation decisions.

Benefits Summary
Benefits include medical, dental, and vision insurance; short*- and long-term disability insurance; pension benefits*; 403(b) Employee Savings Plan with employer match*; life and accidental death and dismemberment (AD&D) insurance; personal time off (PTO) and sick leave; paid holidays; and tuition reimbursement*. NREL employees may be eligible for, but are not guaranteed, performance-, merit-, and achievement- based awards that include a monetary component. Some positions may be eligible for relocation expense reimbursement. Limited-term positions are not eligible for long-term disability or tuition reimbursement.

* Based on eligibility rules

Submission Guidelines

Please note that in order to be considered an applicant for any position at NREL you must submit an application form for each position for which you believe you are qualified. Applications are not kept on file for future positions. Please include a cover letter and resume with each position application.

.

EEO Policy

NREL is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard basis of age (40 and over), color, disability, gender identity, genetic information, marital status, military or veteran status, national origin/ancestry, race, religion, creed, sex (including pregnancy, childbirth, breastfeeding), sexual orientation, and any other applicable status protected by federal, state, or local laws.

EEO is the Law | Pay Transparency Nondiscrimination | Reasonable Accommodations

E-Verify www.dhs.gov/E-Verify |For information about right to work, click here for English or here for Spanish.

E-Verify is a registered trademark of the U.S. Department of Homeland Security. This business uses E-Verify in its hiring practices to achieve a lawful workforce.