Location: Amarillo, TX - Pantex Plant
Job Title: Cyber Senior Systems Engineer
Career Level From: Senior Associate
Career Level To: Specialist
Organization: Cyber Operations (51130640)
Job Specialty: Cyber Security
What You'll Do
Pantex is seeking a highly skilled and motivated Senior Systems Engineer with a specialized focus on Cybersecurity Operations. In this critical role, you will be the cornerstone for designing, implementing, and optimizing the vital infrastructure that secures our enterprise. We are looking for a seasoned System Engineer with a profound operational understanding of cybersecurity principles, capable of transforming complex security requirements into robust, scalable, and resilient technical solutions across on-premise, cloud, virtualized, and containerized environments. You will be instrumental in developing, maintaining, and enhancing the proactive defense and rapid response mechanisms that protect our organization from an ever-evolving threat landscape.
Your core responsibilities will include:
- Cybersecurity Operations Platform Engineering: Lead the engineering, deployment, and operational sustainment of core cybersecurity platforms. This includes serving as a subject matter expert for Splunk (Enterprise Security highly desired), optimizing its performance for security logging, correlation, and advanced threat detection. You will also manage and enhance Cisco network security devices (e.g., Firewalls, Intrusion Prevention System (IPS), Proxies), Corelight Open Network Detection and Response (NDR) platform sensors, and critical network visibility infrastructure like Gigamon packet brokers and other (NDR) platforms.
- Secure System Architecture & Hardening (Linux/Windows/Red Hat): Architect and implement secure configurations and hardening standards for enterprise operating systems, with a strong focus on Red Hat Enterprise Linux and Microsoft Windows Server. You will ensure the resilience and integrity of these systems in support of cybersecurity operations.
- Cloud Security Operations & Infrastructure (Azure/M365): Design, implement, and maintain the operational security posture within our Azure/M365 environment. This includes managing secure configurations, implementing and monitoring cloud security controls, and integrating cloud-native security services with our broader security operations framework.
- Advanced Virtualization & Container Security Engineering: Develop and implement operational security for Virtual Desktop Infrastructure (VDI), virtualized platforms, and containerized environments (e.g., Docker, Kubernetes). You will engineer solutions for secure image deployment, runtime protection, and integration of container security into monitoring and response workflows.
- Endpoint Security Management & Automation: Engineer, deploy, and manage enterprise-wide Endpoint Detection and Response (EDR) platforms. You will be responsible for creating, automating, and optimizing security policies, ensuring effective endpoint protection, detection, and integration with incident response playbooks.
- Email Security System Ownership: Own the engineering, configuration, and operational management of enterprise Email Security Gateways (e.g., Cisco Secure Email / IronPort). You will develop and enforce advanced email security policies to combat phishing, malware, and other sophisticated threats impacting our users.
What You'll Do Continued
- Proactive Threat Detection, Hunting & Incident Response Integration: Collaborate with security analysts and incident responders to enhance our threat detection capabilities. You will engineer and automate data collection, correlation rules within Splunk, and operationalize threat intelligence to support proactive threat hunting and rapid incident response, leveraging rich network evidence from platforms like Corelight and Gigamon.
- Network Security Infrastructure & Data Flow Optimization (Cisco, Corelight, Gigamon Focus): Design and optimize network security infrastructure, including Cisco devices, Corelight sensors, and Gigamon packet brokers, to ensure comprehensive visibility and efficient data flow for security monitoring. You will apply advanced knowledge of networking protocols (e.g., Transmission Control Protocol/Internet Protocol (TCP/IP), Domain Name Server (DNS), Hypertext Transfer Protocol Secure (HTTP/S), Simple Mail Transfer Protocol (SMTP) for analysis and defense, utilizing Corelight's deep packet insights and Gigamon's traffic optimization capabilities.
- Application Security Operations Support: Provide operational support for Application Security Testing (AST) platforms (e.g., Burp Suite) and Web Application Firewalls (WAFs), translating application security findings into actionable system-level defenses.
- Application Security Operations Support: Provide operational support for Application Security Testing (AST) platforms (e.g., Burp Suite) and Web Application Firewalls (WAFs), translating application security findings into actionable system-level defenses.
- Enterprise Vulnerability Management & Remediation Engineering: Design and implement automated processes for vulnerability scanning, analysis, and remediation tracking across all IT assets. You will engineer solutions to efficiently address vulnerabilities identified in systems, applications, and networks.
- Security Controls Engineering & Effectiveness: Translate security architecture requirements into robust, operational security controls across various technologies. You will continuously assess their effectiveness and optimize their performance within the operational environment.
- Automation & Integration for Security Operations: Lead initiatives for automating security tasks, integrating disparate security tools, and developing scripts to streamline security operations workflows, enhancing overall efficiency and response times, including leveraging data from Corelight and Gigamon for automated responses.
Who You Are
- A Hands-On Security Operations Leader: You are a highly experienced Systems Engineer with a deep operational understanding of cybersecurity. You are passionate about building and securing robust infrastructure, and ready to lead by example.
- Proactive & System-Oriented Problem-Solver: You possess an exceptional ability to anticipate complex security challenges within systems and networks, proactively identify issues, and engineer practical, scalable solutions.
- Deep Technical Expertise: You bring a profound skill set in system administration, networking, and security tool engineering, with verified experience in Splunk, Cisco, Corelight, Gigamon, and Red Hat.
- Autonomous & Adaptable Engineer: You are a self-starter who consistently seeks to deepen technical knowledge and adapt solutions to an ever-changing threat landscape and evolving technologies.
- Analytical & Detail-Oriented: You excel at dissecting complex system and security data, identifying root causes, and implementing precise, effective operational changes, including analyzing rich network telemetry from Corelight and traffic data from Gigamon.
- Effective Communicator & Collaborator: You can clearly articulate complex technical system and security challenges and solutions to both technical and non-technical audiences, fostering strong collaboration across engineering and security teams.
Preferred Skills & Expertise
- Expert-level engineering and operational management of Splunk, especially Splunk Enterprise Security (ES), for security logging, correlation, and advanced threat detection.
- Proven, hands-on experience with Cisco network security devices, including firewalls, IPS, and proxy solutions, with a strong emphasis on operational configuration and troubleshooting.
- Extensive experience in system administration, hardening, and securing enterprise operating systems, including deep expertise with Red Hat Enterprise Linux and Microsoft Windows Server environments.
- Demonstrated experience with Corelight sensors and the Corelight Open NDR platform, including deployment, configuration, optimization, and leveraging its network telemetry for advanced threat detection and incident response.
- Proven experience with Gigamon packet brokers (GigaVUE Fabric Manager, GigaSMART features for traffic mapping, deduplication, slicing, and tool load balancing), including deployment, maintenance, and integration with security tools like Security Information and Event Management (SIEM) and Intrusion Detection Systems and Intrusion Prevention Systems (IDS/IPS) systems.
- Strong experience in designing, implementing, and securing cloud environments, particularly Azure/M365, including Azure Security Center, Entra ID, and cloud-native security controls.
- Proficient engineering skills for Endpoint Detection and Response (EDR) platforms (e.g., CrowdStrike, SentinelOne, Microsoft Defender for Endpoint), including policy creation, automation, and incident response integration.
- Demonstrated experience with Email Security Gateway solutions (e.g., Cisco Secure Email / IronPort), including advanced policy configuration to prevent phishing and malware.
- Solid experience in engineering and operationalizing security for virtualized environments (e.g., VMware, Hyper-V) and Virtual Desktop Infrastructure (VDI).
- Deep practical experience in securing containerization and orchestration technologies (e.g., Docker, Kubernetes), including image scanning, registry security, and runtime protection for operational environments.
- Advanced understanding of networking protocols (e.g., TCP/IP, DNS, HTTP/S, SMTP) and significant experience using tools like Gigamon packet brokers and Corelight sensors for network traffic analysis and security monitoring.
- Ability to perform vulnerability scans, analyze results from an operational perspective, and engineer effective remediation strategies across diverse system types.
- Strong scripting and automation skills (e.g., Python, PowerShell, Bash) to streamline security operations tasks and integrate security tools, potentially leveraging data from Corelight and Gigamon for automated responses.
- Experience with Application Security Testing (AST) tools (e.g., Burp Suite) and Web Application Firewalls (WAFs) from an operational management and configuration standpoint.
- Ability to design and validate security controls to meet operational objectives across various technological landscapes.
- Knowledge of critical infrastructure systems and associated information communication technology security considerations.
- Proven ability to design and implement robust system access controls for sensitive information systems and networks.
- Experience with technology integration processes, especially in complex hybrid, virtualized, and containerized environments.
- Familiarity with industry standards and frameworks (e.g., NIST, ISO 27001) as they apply to operational cybersecurity.
Minimum Job Requirements
- Bachelor's degree in engineering/science/information technology discipline: Minimum 2 years of relevant experience. Typical engineering/science/information technology experience ranging from 3 to 7 years.
- OR Master's degree in engineering/science/information technology discipline.
- OR applicants without a bachelor's degree may be considered based on a combination of at least 10 years of completed education and/or relevant experience
Department of Energy (DOE) Order 426.2A Requirements
Preferred Job Requirements
- A minimum of 7+ years of hands-on experience in Systems Engineering with a significant focus on Cybersecurity Operations.
- Demonstrated experience and/or certifications in Splunk, Cisco network security, Corelight, Gigamon packet brokers, and Red Hat Enterprise Linux.
- Relevant advanced industry certifications such as Corelight Certified Engineer, Gigamon Certified Professional, Splunk Enterprise Certified Admin/Architect, Cisco Certified Network Professional Security (CCNP Security), Red Hat Certified Engineer (RHCE), Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC) GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA).
- Extensive experience with Splunk Enterprise Security (ES) implementation and optimization.
- Experience with security automation and orchestration platforms (SOAR).
- Demonstrable expertise in architecting and implementing Data Loss Prevention (DLP) strategies and technologies.
- Proven background in designing and enforcing Data Protection principles and navigating complex regulatory compliance frameworks related to operational data security.
- Experience in a senior engineering role within a Security Operations Center (SOC) environment, leveraging Corelight and Gigamon for advanced analysis.
#JointheMission: Your Impact Starts Here
At Pantex, you won't just find a job—you’ll discover a career of purpose safeguarding national security through work performed nowhere else on Earth. We empower dedicated, innovative individuals like you to achieve their greatest impact surrounded by exceptional talent and limitless opportunities for professional growth.
When you #JointheMission, you choose a lifetime career where your commitment is genuinely valued and rewarded. At Pantex, we believe that extraordinary talent thrives when supported by a balanced life. Discover the flexibility that empowers you to excel, coupled with a benefits package designed for your total peace of mind from comprehensive health coverage and robust retirement planning, to opportunities for continuous learning through education reimbursement.
Notes
The minimum education and experience for the lowest career level in the job posting range are listed under Minimum Job Requirements. Successful candidates hired into a higher career level than the minimum in the range must meet the requirements listed in the job leveling charts for the career level into which they are being hired.
If a range of Career Levels is posted, i.e., Senior Associate to Senior Specialist, internal applicants already in one of the Career Levels would come across at their current Career Level. Internal applicants currently in a lower level Career Level would move to the lowest posted Career Level.
Requires a Q clearance; however all qualified candidates will be considered regardless of their current clearance status. The ability to obtain and maintain a Department of Energy Q clearance is required.
Position may require entry into Materials Access Areas (MAA) and participation in the Human Reliability Program (HRP). If HRP is required, candidate must complete a counterintelligence-scope polygraph, pursuant to 10 Code of Federal Regulations (CFR) 709. Medical requirements may apply.
Pantex is a drug-free workplace. Candidates accepting a job offer will be required to pass a pre-placement physical, drug screening and background investigation. As an employee, you may be required to receive and maintain a security clearance from the United States Department of Energy in order to meet eligibility requirements for access to sensitive information or matter. U.S. citizenship is a requirement for security clearance applicants. All employees are subject to random selection for drug testing without advance notification.
Pantex is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, age, religion, national origin, ancestry, genetic information, disability or veteran status.