This position can be located in Pittsburgh, PA or Arlington, VA.
Position Summary: The CERT Division is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Division engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.
The individual in this position will work as a member of the Cybersecurity Assurance (CA) Team within the Networked Systems Survivability Program. The CA team develops solutions (in the form of frameworks, models, tools, policies, practices, technical guidance, and training) that allow organizations to assess, analyze, and manage organizational, operational, and technical risks to mission-critical assets, processes, systems, and infrastructures.
MinimumQualifications and Requirements:
Education/Training: BS in Computer Science (or other technical field) with eight (8) years’ experience, or equivalent combination of training and experience.
Certifications: Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), and/or Certified Ethical Hacker (CEH)
Experience: Professional experience as a penetration tester, system or network administrator, information systems auditor, software engineer, information systems analyst, or similarly technical occupation.
Experience with and applied knowledge in:
Common penetration testing methodologies and tactics (PTES, OWASP testing guide, etc.)
Popular penetration testing toolsets (Metasploit framework, vulnerability scanners, web application scanners, Nmap)
Knowledge of common networking protocols and services
Basic knowledge of exploit development and application fuzzing
Windows and Linux Operating System environments, networking devices, and common database platforms
Cyber security, survivability, and resilience concepts and issues
Software and systems engineering
Building and maintaining customer relationships
Data analytics and quantitative measures
Strategic Planning and requirements definition
Program planning, budgeting, and management
Skills/Abilities: Must exhibit the following skills and abilities:
Understanding of information technology, penetration testing, and telecommunications systems
Working knowledge of network interoperability, cyber security, and survivability issues, including cyber security best practices and standards
Working knowledge of DHS critical infrastructure sectors and related security and resilience issues
Working knowledge of the DoD and Agency resilience needs and cyber security roadmaps
Development and delivery of information and infrastructure security risk and vulnerability evaluations
Ability to conduct analytical studies and investigations
Reasoning and problem-solving skills
Ability to work independently with limited supervision
Ability to interact effectively with diverse constituencies internally and externally
Ability to work well as a member of a cooperative team; ability to work in a matrix organizational structure
Ability to recognize and deal appropriately with confidential and sensitive information
Ability to implement project plans, monitor project budgets, and identify and mitigate project risks
Leadership and mentoring skills
Excellent written and oral communication skills; ability to contribute to technical research white papers and reports; ability to prepare papers and deliver presentations to technical and non-technical audiences; ability to contribute to customer technical exchanges and marketing presentations
Ability to work on customer sites with high-ranking members of the Federal Government and US
Participation in professional society activities, particularly IEEE and ACM
Physical/Mobility: Primarily sedentary in an office setting with some mobility. Ability to travel frequently to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings.
Environmental Conditions: Close contact with computer for extended periods of time.
Mental: Strong interest in the human, managerial, and technical aspects of cyber security is critical for this position as are these abilities:
Take or share leadership role in technical projects
Work meticulously with careful attention to detail
Meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities
Deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff
Ability to understand the direction, and goals of an effort; ability to develop and communicate innovative ideas; ability to demonstrate initiative and to quickly learn new procedures, techniques, approaches, etc.
Other: Must be able to work independently and travel as needed; this position requires frequent solo travel by car to customer sites in remote areas. Strong interest in cyber security and critical infrastructure protection analysis basis research, applied research, and development. Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information. Candidates must be able to obtain and maintain a Department of Defense security clearance.
Preferred Qualifications and Requirements:
Education/Training: MS in Computer Science (or related technical field) with five (5) years’ experience or equivalent experience.
Certifications: Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), and Certified Information Systems Auditor (CISA),
Expert proficiency with a variety of technical vulnerability analysis tools
Advanced penetration testing experience
Software development experience and advanced exploit development
Skills/Abilities: Strong presentation/platform skills and excellent writing skills.
Accountability: The individual will implement and participate in the planning and execution of projects leading to technical results. The individual will also contribute to project, department, or program objectives and planning document development. The individual will keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution.
Direction: The individual is expected to act independently using CMU, SEI, and NSS defined policies, practices, and procedures – within the scope of assigned work.
Decisions: The individual must make sound technical decisions with little supervision. The individual must accurately represent the program in interactions with customers, sponsors, and the public. The individual is expected to perform analysis on-site at customer locations and immediately assess potential vulnerabilities requiring further investigation.
Supervisory Responsibilities: This position could involve the training and oversight of the work of other staff members, graduate students, resident affiliates, visiting scientists, and independent contractors. Depending on research project or customer work plan, position may involve task leadership.
Job Functions or Responsibilities:
60% Participate in risk and vulnerability assessments operating in a technical leadership role; analyze assessment data to identify risk areas and propose mitigation alternatives.
15% Participate in research into innovative and cutting-edge tools, techniques, and methods to improve cyber security and penetration testing; transition research into applied knowledge for customers.
10% Deliver courses on offensive security tools and tactics and penetration testing management.
5% Contribute to conferences and meetings; participate in marketing calls and technical exchanges with clients; give talks and lectures as appropriate; participate on working groups for subjects of interest.
5% Contribute to and review the literature in cyber security, resilience, and software engineering.
5% Provide assistance and input to other teams and projects within the SEI.
100% Total Effort
Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran
Pursue your passion and work alongside world-recognized leaders in the field of software engineering. Our staff works with the highest levels of U.S. government and industry to secure the nation's critical infrastructure, improve mission-critical systems, and advance the state of the art.
Interested in working with us? To browse employment opportunities and apply for a position at the SEI, see ...our list of open positions at http://www.sei.cmu.edu/careers/. You can also visit the Carnegie Mellon site to learn about benefits for eligible employees, search for open positions that match your interests, and create a Job Agent that will notify you by e-mail when jobs that meet your criteria become available.
Resumes from recruiting firms will not be accepted.
Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran