Cybersecurity SIEM Engineer

The Cybersecurity SIEM (Security Information Event Management) Engineer at NREL is responsible for administering and tuning the technology required to detect and analyze cybersecurity threats, ensuring maximum value and effectiveness. This role is crucial in maintaining the integrity of NREL's cybersecurity infrastructure. The ideal candidate will be a self-starter and a strong collaborator, possessing multiple years of experience in installing and maintaining SIEMs and related components such as log aggregators and forwarders. Familiarity with cybersecurity testing, incident response, or analysis is a plus, as the role requires a proactive approach to identifying and mitigating potential threats. In this position, the engineer will operate and maintain SIEM tools and components, including log aggregators, forwarders, and data observability systems. They will be tasked with testing, implementing, and tuning new on-premises and cloud-based technical environments that support infrastructure visibility, analysis, automation, and secure data retention. The engineer will also develop content that enables cybersecurity personnel to maximize the capabilities of existing tools, including workflows, integrations, and automated tasks. Collaboration is key, as the engineer will work across Information Technology Services teams to integrate SIEM components with cybersecurity enrichment and analysis platforms and systems management tools. Additionally, they will create and maintain architectural documentation and operational procedures that describe the scope, purpose, configuration, use, and maintenance of the SIEM tools and environments. The engineer will contribute to various projects aimed at improving the effectiveness and efficiency of NREL's cybersecurity program, including workflow improvements, automation expansion, management tool enhancements, and user awareness training.