Position Summary: The CMU/SEI Forensic Operations and Investigations team is a leading edge analytical resource focusing on critical U.S. Government (USG) needs. For the past 10 years, CERT has provided analytical and operational support to high-profile investigations including numerous activities of national or international significance. Through this work the FOI can see the current limitations of digital analysis and incident response in the field first hand. Combining applied research with the unique talents, operational experience, research capabilities, and the vast knowledge base of Carnegie Mellon University, FOI is unmatched in its ability to develop new tools and methods to address cyber security limitations and critical gap areas.
This individual will serve in a multi-disciplinary role providing ongoing support to federal law enforcement, defense agencies, and the national intelligence community. As a member of the FOI team this candidate will provide support to on-going operations in the areas of incident response and investigation, full-spectrum digital forensics and applied research in emerging areas of cybercrime. At times, this position will require the team member to develop and deliver training modules related the aforementioned domains.
The successful candidate must have proven computer forensics experience in multi-jurisdiction criminal investigations, be self-directed, have a track record of creating interdisciplinary approaches to problem solving, and demonstrate exceptionally strong presentation and instructional skills. The candidate must also be able to interact with clients and staff of all levels in a highly professional and competent manner.
Minimum Qualifications and Requirements:
Education/Training: BS Computer Science, Information Security or other related discipline and a minimum of ten (10) years of related experience; or equivalent combination of training and experience.
Licenses: Certified Encase Examiner, ACE. CISSP, GIAC, SSCP, OSCP or other related/relevant certifications preferred.
Experience: At least four or more (4+) year’s relevant experience in computer forensics, to include field and laboratory collection/imaging, analysis, with prior court room testimony preferred. Technical experience required with host and network based forensics investigations and tools, analysis of Microsoft Windows, Unix/Linux and Mac OS operating systems, and removable media data recovery.
Skills/Abilities: Candidate must be able to prioritize workload and complete deliverables on time, have good technical problem-solving skills, have strong analytical and information organization skills, have excellent oral and written communication skills, and strong technical teaching skills. Candidate must be skilled in instructional design, course development, and evaluation techniques. Candidate must be able to multi-task and work effectively with multiple project teams and sponsors/customers. Technical proficiency with operating systems and detailed knowledge of network protocols are required.
Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites.
Environmental Conditions: Close contact with CRT for long periods of time.
Mental: Ability to pay close attention to detail, meet deadlines, work under pressure, and communicate effectively.
Other: U.S. Citizenship is required. Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.
Preferred Qualifications and Requirements:
Education/Training: BS in Computer Science, Information Security or other related discipline with a minimum of ten (10) years of applicable experience; MS in Computer Science, Information Security or other related discipline with a minimum of eight (8) years of applicable experience; PhD in Computer Science, Information Security or other related discipline with a minimum of five (5) years of applicable experience; or equivalent combination of training and experience.
Experience: Experience with state or federal law enforcement organization; operational knowledge of recently enacted state and federal laws and procedures relating to computer forensics investigations; coordination with criminal investigators, including courtroom testimony.
Information and network security including experience with IDS/IPS
Knowledge of common vulnerabilities, exploits and mitigations
Digital Forensics (host, network and mobile devices)
Ability to research and characterize security threats including defining appropriate countermeasures
Hardware or software reverse engineering for either vulnerability discovery/assessment or malware analysis
Virtual infrastructure and hypervisors
Experience with common security controls including firewalls, proxies, IDS/IPS, Web Application Firewalls
Technical knowledge of fundamental Internet protocols, services, and technologies to include HTTP, TLS, DNS, SMTP, TCP/IP, ICMP, AJAX, JSON, REST
Accountability: The incumbent is accountable for the definition, creation, and maintenance of final deliverables and products.
Direction: The incumbent is expected to act independently using CMU and SEI defined policies, practices, and procedures.
Decisions: Required to design, develop, pilot and deliver products. Required to accurately represent NSS and its technical work in interactions with customers, sponsors, and the public.
Supervision: Contributes to hiring decisions of program staff; mentors junior staff; supervises student interns. The experienced candidate may perform project management responsibilities.