PNNL Careers

Deputy CISO, Security Operations


Job Description

Job ID: 308001
Full/Part Time: Full-Time
Regular/Temporary: Regular

Job Description

The Invitation:
Come and work for a billion-dollar international research institution with a diverse science portfolio with compelling missions across national security, energy, and environment. Our collaborative environment and commitment to work/life balance makes Pacific Northwest National Laboratory (PNNL) an ideal place to advance your career, pursue your passions, challenge yourself and make a difference in science and for our nation.

About PNNL:
Located in Richland, Washington, PNNL is powered by the creativity and innovation of 4,300 exceptional scientists and engineers that are advancing the frontiers of science and addressing some of the most challenging problems in energy, the environment and national security. Our science and technology inspires and enables the world to live prosperously, safely and securely. Our discoveries not only change the way people think, they increase our nation’s energy capacity and improve our national security efforts, making the world a cleaner and safer place. Cyber Security is a PNNL Strategic Lab Objective in 2018 – PNNL is reshaping the cyber landscape by revealing adversary strategies and tactics, countering cyber adversaries leading in cyber analytics and situational awareness in support of DOE and the nation’s critical infrastructures.

The Position:
The Cyber Security Division at Pacific Northwest National Laboratory (PNNL) is looking for a Deputy CISO and team Leader for the Cyber Security Operations Center (CSOC). This position is responsible for leading the team of cyber defenders that detect and respond to cyber adversaries who threaten PNNL’s business and research. We are seeking someone with a passion for leading a team of cyber defenders who strive to deeply understand our adversaries, develop innovative analytics and detection solutions and proactively hunt and respond to adversary actions against PNNL. Equally, you’ll be a member of an experienced cyber security team with a culture of collaboration, creativity, partnership, and execution, so you will need to work well in that environment as well. We’re looking for someone who keeps up with cutting edge research in the field of adversary detection, vulnerability management, threat analytics, attack path visualizations, incident response, malware analysis, and more. This leader will sustain, grow and create a culture of security innovation within the framework of an industry leading security operations center.

You @ PNNL:
Your key responsibilities and accountabilities would include:
-Provides subject matter expertise on enterprise cyber security risks, threats, technologies, and potential impact.
-Maintain an adversary understanding that drives a kill-chain activity based approach to detection, respond and recovery
-Continually monitors against authorized security control requirements and reports system risks and application configurations or vulnerabilities.
-Intercepts and prevents internal and external attacks or attempts against PNNL systems.
-Partners with cyber security researchers on data analysis, prototype implementation, collaboration, and feedback to operationalize our research solutions in security operations.
-Interprets, analyzes, and executes incident response actions for detected intrusion anomalies and events.
-Conducts system, network, and software vulnerability assessments and penetration testing.
-Prepares and presents technical reports and briefings demonstrating the impact of security operations activities and actions.
-Contributes to design, development and implementation of countermeasures, cyber security systems integration, and leverages tools specific to cyber security operations.
-As necessary, shares knowledge with external entities including law enforcement, intelligence and other government organizations and agencies.
-Work in a cyber-program focused on collaboration, partnership, and “out of the box” creativity.
-Manages the Cyber Security Operations Center (CSOC) activities, personnel and budget in accordance with PNNL and DOE requirements.

Envisioning Success:
Ultimately, success in this role comes as the cyber security capabilities and maturity across Protect, Detect and Respond at PNNL continuously improve and evolve in response to the changing threat, technology and business landscape. Your role and contributions, particularly in Detect and Respond, will be evident and visible to all stakeholders. You will not only impact PNNL IT security but your impact will extend to leadership in our across R&D initiatives in cyber security. Further, your leadership, results and impact will be known across PNNL, our partners, our sponsors and in the cyber security industry. Success at PNNL requires a commitment to the mission and science and our sponsors and a passion for leveraging your cyber security expertise to advance these.

Equal Employment Opportunity

Battelle Memorial Institute (BMI) at Pacific Northwest National Laboratory (PNNL) is an Affirmative Action/Equal Opportunity Employer and supports diversity in the workplace. All employment decisions are made without regard to race, color, religion, sex, national origin, age, disability, veteran status, marital or family status, sexual orientation, gender identity, or genetic information. All BMI staff must be able to demonstrate the legal right to work in the United States. BMI is an E-Verify employer. Learn more at

Minimum Qualifications

Technical field Bachelors of Science (B.S.) degree with 9-13 years of experience in IT; Masters with 7-11 years of experience; PhD with 4-8 years of experience;

Preferred Qualifications

-Minimum of 7 years in the Information Security/Cyber Security field
-3 years in security operations lead or management role
-Knowledge of network security architecture concepts including topology, protocols, components, and principles.
-Operating Systems knowledge and expertise in Windows, Unix or Linux
-Advanced Security Certification (CISSP, CISM, CEH, EnCE, SANS GIAC, etc.)
-Experience with weekend or evening “on-call” duties in security operations
-Exceptionally strong peer leadership, interpersonal, collaborative, and customer relationship skills are essential.
-Thorough understanding of the cyber kill chain or attack vectors.
-Experience red teaming and proactive cyber adversary hunting.
-Keen ability to anticipate and recognize cyber security threats.
-Use practical knowledge to effectively remediate threats, and modify activities and priorities to anticipate and respond to changing conditions.
-Experience working in, leading and building an industry-leading security operations center.
-Network protocols, uses, and potential exploitation by malicious software.
-Applying layered computer network defense techniques and network policy architectures
-Tracking malware infections across a wide enterprise
-Clearly communicating technical information in various forms to senior management, peers, and customers.
-Ability to implement and operate intrusion detection/prevention systems, network penetration testing, vulnerability scanning, packet generators and sniffers, firewalls, and router systems.
-Working independently and leading collective team efforts to develop theories, ideas, and concepts around cyber security methodologies.

Organization and Job ID

Job ID: 308001
Directorate: Communications and Information Technology Directorate
Division: Cyber Security
Group: Cyber Analytics and Forensics

Other Information

This position requires the ability to obtain and maintain a federal security clearance.

* U.S. Citizenship
* Background Investigation: Applicants selected will be subject to a Federal background investigation and must meet eligibility requirements for access to classified matter in accordance 10 CFR 710, Appendix B.
* Drug Testing: All Security Clearance (L or Q) positions will be considered by the Department of Energy to be Testing Designated Positions which means that they are subject to applicant, random, and for cause drug testing. In addition, applicants must be able to demonstrate non-use of illegal drugs, including marijuana, for the 12 consecutive months preceding completion of the requisite Questionnaire for National Security Positions (QNSP).

Note: Applicants will be considered ineligible for security clearance processing by the U.S. Department of Energy until non-use of illegal drugs, including marijuana, for 12 consecutive months can be demonstrated.