Senior Electric Grid Cybersecurity Researcher

The Cybersecurity Threat Analysis Group (CTAG) within the National Laboratory of the Rockies (NLR) Cybersecurity Research Center performs research to make cybersecurity an enabling part of the nation’s energy ecosystem. This is primarily accomplished through engaging with energy sector partners, government program offices, and national security organizations. Research areas within CTAG includes energy system modeling and simulation, threat to consequence risk analysis, and hardware & software supply chain security.   

CTAG is seeking an experienced senior electric grid cybersecurity research professional to lead our Energy Threat Analysis Center (ETAC) portfolio of work. The ETAC is an operational collaborative that convenes experts from the U.S. Department of Energy and the U.S. energy sector to collectively identify, analyze, and mitigate cyber threats to America’s critical energy infrastructure. The successful candidate will bring a combination of strong technical security background and power systems engineering. This role also requires proficiency in developing and executing cybersecurity research within a laboratory environment, knowledge of cutting-edge adversarial Tactics, Techniques, and Procedures, experience leading complex cybersecurity programs across a matrixed organization, a passion for leading and driving new research, and the ability to collaborate with partners from across the national laboratory complex, the Department of Energy, industry, and national security partners.  

Responsibilities include: 

• Provide technical leadership supporting multi-partner programs, coordinating with program office leadership, tasking and mentoring staff in support of program objectives 

• Lead adversarial research initiatives targeting energy sector systems, including threat emulation, cyber range experimentation, and model-based simulation, defining experimental objectives and strategies 

• Independently design, execute, and evaluate complex adversary–defender studies, including multi-stage attack-chain modeling, vulnerability exploration, and defense validation, ensuring reproducible and rigorous research outcomes 

• Proven leadership in offensive cybersecurity research and program management, including planning and executing complex experiments with strategic impact 

• Advanced proficiency in Python, PowerShell, C/C++, or other languages, enabling automation, data-driven analysis, and modeling integration across projects 

• Expert-level knowledge of ICS, OT, and energy sector systems, including protocols, architectures, and security considerations 

• Writing high-quality intelligence assessments and briefings for both senior-level and technical audiences 

• Contribute specialized knowledge to collaborative response efforts based on cyber incidents 

• Provide technical thought-leadership by proposing and leading new areas of work 

• Support quick reaction tasking requiring research into areas of government concern 

• Serve as a Subject Matter Expert (SME) in adversarial TTPs, cybersecurity mitigations, best practices, and reverse engineering 

• Serve as a SME within our growing supply chain security portfolio of work 

• Collaborate with fellow researchers, Department of Energy staff as well as industrial partners to ensure research relevance and impact 

• Must be able to obtain and maintain a DOE security clearance at the Q/TS/SCI level. Eligibility requirements: To obtain a clearance, an individual must be at least 18 years of age; U.S. citizenship is required except in very limited circumstances. See  DOE O 472.2A for additional information. Polygraph may be required.

• Knowledge of and demonstrated experience in power systems engineering principles and practices 

• Demonstrated experience leading cybersecurity programs for national security partners 

• Demonstrated experience in adversarial cybersecurity practices (e.g., red teaming, reverse engineering, threat hunting)

• Demonstrated experience with threat hunting or detection engineering  

• Experience deploying and configuring operational technology system components (e.g., SCADA RTUs, PLCs, and HMI) 

• Familiarity with applicable security frameworks, best practices and guidance as provided by IEC62443, NERC CIP, NIST and IEEE 

• Understanding of MITRE ATT&CK for ICS to develop real-world security test strategies 

• Excellent leadership, communication, problem solving and project management skills 

• Strong writing and public speaking skills demonstrated through proposals, presentations, business development and/or customer engagement