Business Technology Integrators (BTI) is a Service-Disabled Veteran-Owned Small Business (SDVOSB) with more than 25 years of experience delivering innovative and reliable IT and engineering solutions to the Federal Government. BTI supports mission-critical programs across defense and civilian agencies, with core expertise in cybersecurity, program management, enterprise IT, and technical oversight services.

Job Description Summary

BTI is seeking an experienced Cybersecurity SIEM (Security Information and Event Management) Engineer to support the National Renewable Energy Laboratory (NREL) in Golden, Colorado.

This role is responsible for administering, maintaining, and tuning SIEM technologies to maximize threat detection, security visibility, and operational effectiveness across NREL’s enterprise environment.

The ideal candidate is a self-starter with strong collaboration skills and hands-on experience implementing and maintaining SIEM platforms and related components such as log aggregators, forwarders, and observability tools.

Prior experience in cybersecurity testing, incident response, or security analysis is highly desirable.

This position may be performed onsite at NREL’s Golden, CO campus or remotely, depending on mission needs.

Key Responsibilities

The Cybersecurity SIEM Engineer shall:

• Operate, maintain, and optimize SIEM tools and components, including log aggregators, forwarders, and data observability systems

• Test, implement, and tune on-premises and cloud-based environments to support infrastructure visibility, threat analysis, automation, and secure data retention

• Develop SIEM content to enhance cybersecurity operations, including dashboards, workflows, integrations, alerts, and automated response tasks

• Collaborate with Information Technology Services and cybersecurity teams to integrate SIEM platforms with enrichment, analysis, orchestration, and system management tools

• Create and maintain architectural diagrams, technical documentation, and operational procedures describing SIEM scope, configuration, use, and maintenance

• Contribute to cybersecurity program improvement initiatives, including workflow optimization, automation expansion, tool enhancements, strategic initiatives, and user awareness training

• Support projects independently or as assigned to improve the efficiency, effectiveness, and maturity of NREL’s cybersecurity posture

Required Qualifications

• Bachelor’s degree with 5+ years of relevant experience, or
  Master’s degree with 3+ years of relevant experience, or
  Equivalent combination of education and experience

• Demonstrated ability to research technical issues, interpret documentation, and independently learn new technologies

• Self-starter with the ability to work independently and within collaborative teams

• Strong critical thinking and problem-solving skills

• Excellent written and verbal communication skills, including technical documentation and presentations

• Ability to obtain and maintain an HSPD-12 compliant credential

Preferred Qualifications

• At least 3 years of experience in a dedicated SIEM engineering role or equivalent position with significant SIEM responsibilities (tool selection, installation, tuning, and maintenance)

• One or more cybersecurity or systems engineering certifications, such as GIAC (SANS), Security+, CISSP, or progress toward certification

• Technical experience across multiple disciplines, including:

  • Windows and Linux system administration

  • TCP/IP networking concepts and protocols

  • Bash command-line usage

  • Security controls and defense-in-depth architectures

• Experience managing and troubleshooting production cybersecurity tools and enterprise infrastructure

• Familiarity with common cybersecurity threats and the ability to clearly explain risks and mitigations to technical and non-technical audiences

• Intermediate scripting or programming skills (preferably Python) to support security automation and orchestration

• Experience or training with Splunk SIEM and/or Cribl strongly preferred

• Understanding of cloud security architectures (AWS, Azure, Google Cloud) and cloud-based event collection and aggregation

Additional Information

• U.S. work authorization required

• Employment contingent upon background check and credentialing requirements

• BTI is an Equal Opportunity Employer