CERT-SEI

Careers

Pursue your passion and work alongside world-recognized leaders in the field of software engineering. Our staff works with the highest levels of U.S. government and industry to secure the nation's critical infrastructure, improve mission-critical systems, and advance the state of the art.

Interested in working with us? To browse employment opportunities and apply for a position at the SEI, see our list of open positions below. You can also visit the Carnegie Mellon site to learn about benefits for eligible employees, search for open positions that match your interests, and create a Job Agent that will notify you by e-mail when jobs that meet your criteria become available.

Resumes from recruiting firms will not be accepted.

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

SEI Job Listings

The position you are looking for is not available. Please take a look at our current open positions listed below.

Select Job Location

Sort by Date Posted Title Location

18 Dec
2014
Cyber Security Engineer
Pittsburgh, PA

Position Summary:  The CERT Division is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Division engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.

The individual in this position will work as a member of the Cybersecurity Assurance (CA) Team within the Networked Systems Survivability Program. The CA team develops solutions (in the form of frameworks, models, tools, policies, practices, technical guidance, and training) that allow organizations to assess analyze, and manage organizational, operational, and technical risks to mission-critical assets, processes, systems, and infrastructures.

 

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science (or other technical field) with eight (8) years’ experience, or equivalent combination of training and experience.

Certifications:  Certified Information Systems Security Professional (CISSP).

Experience: Professional experience as a system or network administrator, information systems auditor, software engineer, information systems analyst, database administrator or similarly technical occupation.

Experience with and applied knowledge in:

  • Information technology and telecommunications systems
  • Cyber security, survivability, and resilience concepts and issues
  • Software and systems engineering
  • Building and maintaining customer relationships
  • Data analytics and quantitative measures
  • Strategic Planning and requirements definition
  • Process improvement
  • Program planning, budgeting, and management

Skills/Abilities: Must exhibit the following skills and abilities:

  • Understanding of information technology and telecommunications systems
  • Working knowledge of network interoperability, cyber security, and survivability issues, including cyber security best practices and standards
  • Working knowledge of DHS critical infrastructure sectors and related security and resilience issues
  • Working knowledge of the DoD and Agency resilience needs and cyber security roadmaps
  • Development and delivery of information and infrastructure security risk and vulnerability evaluations
  • Ability to conduct analytical studies and investigations
  • Reasoning and problem-solving skills
  • Ability to work independently with limited supervision
  • Ability to interact effectively with diverse constituencies internally and externally
  • Ability to work well as a member of a cooperative team; ability to work in a matrix organizational structure
  • Ability to recognize and deal appropriately with confidential and sensitive information
  • Ability to implement project plans, monitor project budgets, and identify and mitigate project risks
  • Leadership and mentoring skills
  • Excellent written and oral communication skills; ability to contribute to technical research white papers and reports; ability to prepare papers and deliver presentations to technical and non-technical audiences; ability to contribute to customer technical exchanges and marketing presentations
  • Ability to work on customer sites with high-ranking members of the Federal Government and US
  • Participation in professional society activities, particularly IEEE and ACM

Physical/Mobility: Primarily sedentary in an office setting with some mobility. Ability to travel frequently to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings.

Environmental Conditions: Close contact with computer for extended periods of time.

Mental: Strong interest in the human, managerial, and technical aspects of cyber security is critical for this position as are these abilities:

  • Take or share leadership role in technical projects
  • Work meticulously with careful attention to detail
  • Meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities
  • Deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff
  • Ability to understand the direction, and goals of an effort; ability to develop and communicate innovative ideas; ability to demonstrate initiative and to quickly learn new procedures, techniques, approaches, etc.

Other: Strong interest in cyber security and critical infrastructure protection analysis basis research, applied research, and development. U.S. Citizenship is required.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.

 

Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science (or related technical field) with five (5) years’ experience or equivalent experience.

Certifications:  Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and Offensive Security Certified Professional (OSCP).  

Experience: proficiency with a variety of technical vulnerability analysis tools, penetration testing experience, assessment/auditor experience and programming experience.

Skills/Abilities: Strong presentation/platform skills and excellent writing skills.

           

Accountability: The individual will implement and participate in the planning and execution of projects leading to technical results. The individual will also contribute to project, department, or program objectives and planning document development. The individual will keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution.

Direction: The individual is expected to act independently using CMU, SEI, and NSS defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual must make sound technical decisions with little supervision. The individual must accurately represent the program in interactions with customers, sponsors, and the public. The individual is expected to perform analysis on-site at customer locations and immediately assess potential vulnerabilities requiring further investigation.

Supervisory Responsibilities: This position could involve the training and oversight of the work of other staff members, graduate students, resident affiliates, visiting scientists, and independent contractors. Depending on research project or customer work plan, position may involve task leadership.

 

Job Functions or Responsibilities:

30% Participate in the examination, analysis, and documentation of assessments, diagnostics, and analysis techniques for information and infrastructure security; examine data on cyber security and technology risks to identify problem areas and propose mitigation alternatives.

25% Participate in the delivery of existing NSS cyber security, resilience, and risk assessment and analysis approaches with customers and partners; participate in research, analysis, and documentation of cyber security issues, concerns, and risks at customer locations.

20% Participate in research into innovative and cutting-edge tools, techniques, and methods to improve cyber security and resilience; transition research into applied knowledge for customers.

10% Deliver courses in operational resilience management, cyber security management, and information security risk management.

SECONDARY FUNCTIONS

5% Contribute to conferences and meetings; participate in marketing calls and technical exchanges with clients; give talks and lectures as appropriate; participate on working groups for subjects of interest.

5% Contribute to and review the literature in cyber security, resilience, and software engineering.

5% Provide assistance and input to other teams and projects within the SEI.                     

100% Total Effort

 

Organizational ChartDirector, CERT Division < Technical Director, Cyber Security Solutions Directorate < Deputy Director, Cyber Security Solutions Directorate < Technical Manager, Cybersecurity Assurance Team < Cyber Security Engineer

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

 

10 Dec
2014
Senior Project Manager - 101260
Pittsburgh, PA

Position Summary:  The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Program engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.  

The individual in this position will work as a Senior Project Manager (PM) providing expert project management services to large and complex projects across the Cyber Security Solutions (CS2) Directorate in CERT. The Senior PM is accountable for project planning, scheduling, and budget and risk assessment throughout project cycle. AS a lead for the CS2 Project Management Office (PMO), the Senior PM defines and solidifies decision making methodologies and project governance across a portfolio of work plans with a total annual revenue of $40M.

 

Minimum Qualifications and Requirements:

Education/Training: Master’s Degree in Business or a related field or equivalent in education and experience.

Licenses:  PMP certification or equivalent formal training and education.

Experience: Seven to ten (7-10) years of increasingly more complex and responsible project management experience using a structured methodology and formal tools/approaches. Experience should include managing projects of various sizes and complexity; project teams with more than 25 members, managing budgets greater than $500K, involving multiple phases and with stakeholders from various departmental units. Position requires managing multiple projects simultaneously, experience in business process analysis and redesign, testing methodologies, and quality assurance and change management processes.

Skills/Abilities: Must exhibit the following skills and abilities:

  • Supervisory skills to manage a team of project managers
  • Understanding of information technology and telecommunications systems
  • Managing multiple projects simultaneously
  • Experience in business process analysis and redesign, testing methodologies, and quality assurance and change management processes
  • Strong technical project planning and management skills
  • Ability to consult with management on short-term and longer-term technical planning needs
  • General understanding and application of project management theory and technologies
  • Ability to function in a team environment, providing constructive feedback
  • Excellent interpersonal skills including conflict resolution and facilitation
  • Excellent oral and written communication skills with technical and non-technical staff
  • Strong documentation skills
  • Strong knowledge and experience in Microsoft products including: Word, Excel, Access, Project, Visio and PowerPoint
  • Ability to work independently with limited supervision
  • Ability to interact effectively with diverse constituencies internally and externally, including senior executives and managers in government and industry
  • Ability to work well in a cooperative team environment and a matrix organization structure, and participate routinely in multi-disciplinary project and activities
  • Ability to recognize and deal appropriately with confidential and sensitive information
  • Ability to develop project plans, prepare project budgets, and identify and mitigate project risks
  • Leadership and mentoring skills
  • Active participation in professional society activities, particularly PMI

Physical/Mobility: Primarily sedentary in an office setting with some mobility.  Ability to travel frequently to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings.

Environmental Conditions: Close contact with computer for extended periods of time.

Mental: Ability to work under pressure; meet inflexible deadlines; deal with difficult individuals while maintaining composure. Ability to creatively solve problems.  Other capabilities:

  • Work meticulously with careful attention to detail
  • Meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities
  • Deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff
  • Ability to understand the big picture, direction, and goals of an effort; ability to develop and communicate innovative ideas; ability to demonstrate initiative and to quickly learn new procedures, techniques, approaches, etc.

Other: Strong interest in managing cyber security and critical infrastructure protection analysis basis research, applied research, and development.  U.S. Citizenship is required.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.

 

Preferred Qualifications and Requirements:

Education/Training: MS in computer science, software engineering, information systems, or a related scientific/technical field with eight (8) years’ experience.

Licenses: CISSP, CISM, GIAC, or similar; certifications from the audit discipline (such as CISA) are also acceptable.

Experience: In addition to the minimum experience above, preferred experience includes:

  • Experience in both physical and cyber aspects of security; familiarity with resilience concepts
  • Familiarity with process improvement models such as CMMI or SixSigma, TQM, ISO9000, CERT-RMM
  • Familiarity with standards for measurement (including ISO 15939)
  • Familiarity with NIST 800-series standards for information security
  • Familiarity with the DoD DIACAP standard for information assurance certification and accreditation
  • Familiarity with standards for security (ISO 27000), business continuity (BS 25999), and IT operations (ISO 20000)
  • Working in a team environment on collaborative projects in critical infrastructure sectors involving network, system or data security
  • Working knowledge of measurement standards and techniques

Skills/Abilities: In addition to the minimum skills/abilities above, preferred skills/abilities include the ability to lead cross-program teams and consulting skills.

 

Accountability:  Defines project or program requirements and priorities with the project stakeholders, vendors and end users, including feasibility cost and time requirements. Allocates resources and manages implementation and ongoing support as well as planning for future needs. Ensures appropriate standards and procedures are followed. Accountable to project sponsors. Gives advice and counsel to senior administration that significantly influences decisions. Revises priorities and project plans as appropriate. Creates project teams and delegates appropriate responsibilities to maximize departmental effectiveness. Supervises team progress and holds team accountable towards fulfillment of goals and ensures adherence to deadlines and budget. Provides updates on project progress.

Direction:  The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work.

Decisions:  The individual must make sound technical decisions with little supervision.  The individual must accurately represent the program in interactions with SEI leadership, customers, sponsors, and the public.

Supervisory:  This position could involve the training and supervision of other project managers, graduate students, resident affiliates, and independent contractors.  

 

Job Functions or Responsibilities:

30%      Plans, monitors, and manages projects from initiation to completion.

20%      Prepares project plans, which include definition scope, resources and schedule.

10%      Allocates resources based upon the magnitude and necessity of the project.

10%      Establishes priorities and revises priorities and plans as appropriate in order to achieve project objectives.

20%      Contributes to developing project best practices, processes, and policy to ensure alignment with corporate strategies and goals.

10%      Ensures adequate communication is maintained regarding all project status and priorities.

100% Total Effort

 

Organizational Chart:   Director, CERT Program > Technical Director, Cyber Security Solutions Directorate > Deputy Director, Cyber Security Solutions Directorate > Senior Project Manager

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

26 Nov
2014
Senior Threat Analyst - 101240
Pittsburgh, PA or Arlington, VA

Position Description:  The CERT program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, PA.  The CERT Threat Analysis group is an applied research and development group that provides strategic threat analysis, conducts quantitative studies of large-scale USG networks and builds prototype tools in support of operational sponsors.  This group has diverse expertise to include security analysts, network engineers, malware analysts, statisticians, and developers in the Pittsburgh and Washington DC area.  The position of Threat Analyst is responsible for performing in-depth analysis of cyber threat data to include: identification of active security threats, development of new analytic methods, reverse engineering of malicious code, and documenting and transitioning results in reports, presentations, and technical exchanges.

Minimum Qualifications and Requirements:

Education/Training:  MS/MA in Computer Science or scientific/technical field with eight (8) years’ experience; PhD in a technical field with five (5) years’ experience; or equivalent combination of training and experience.

Experience: 

·         Experience in analyzing cyber threat data

·         Experience in development of analysis techniques

·         Knowledge of static and dynamic code analysis techniques and tools, to include existing gap areas

·         Experience publishing research and academic papers

 Skills/Abilities:  The ability to:

·         Reverse engineer malicious code

·         Develop code in Python or Java

·         Communicate complex designs or plans to sponsors, project managers and technical staff in clear concise language tailored to the audience

·         Meet deadlines while working on multiple tasks often with shifting priorities

·         Deal collaboratively and successfully with customers, co-workers and other professional colleagues, managers, and staff

·         Knowledge of USG networks, policies and missions areas/owners in cyber security

·         Knowledge of Internet protocols, operations, and governance

Physical Mobility: Primarily sedentary in an office setting with some mobility.  Requires travel to various domestic locations within the SEI and CMU community to include the SEI Pittsburgh office; sponsor sites; conferences; and offsite meetings with routine frequency (2-3 trips a month).

Environmental Conditions:  Normal office conditions; close contact with computer display for extended periods of time.

Mental:  The ability to:

·         Work meticulously with careful attention to detail

·         Meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities

·         Deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff

·         Ability to grasp the big picture, direction, and goals of an effort

·         Develop and communicate innovative ideas

·         Excellent oral and written communication skills

Other: U.S. Citizenship is required.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.

 

Preferred Qualifications and Requirements:

Education/Training: MS/MA in a scientific, technical, or business field with ten (10) years’ experience, or equivalent; PhD in a technical field with six (6) years’ experience.

 Experience: 

·         Experience on an incident response; intelligence or security operations floor

·         Participation in broad public forums through activities such as standards, open source development, or publication

·         Experience working with the government, or within a critical infrastructure sector

·         Expertise in Cyber intelligence tradecraft

·         Knowledge of current challenges and threats faced by USG network security and intelligence organizations

Skills/Abilities: 

·         Knowledge of multiple modern operating systems

·         Strong background with mathematical programming and visual analysis systems

·         Working knowledge of all of the following technologies: code analysis tools (e.g., IDA Pro, OllyDbg, WinDBG), run-time environments, virtual machines, relational databases, anti-virus systems, secure systems and network architecture practices, intrusion detection systems and passive DNS

 

Accountability:  This position is accountable for ensuring that the Threat Analysis technical area delivers on the execution of the statement of work for a specific customer.

Direction:  The individual in this position is expected to act autonomously using CMU, SEI, and NSS, defined policies, practices, and procedures.  Additionally, this position will assist in setting Threat Analysis direction based on an understanding of customer needs.

Decisions:  The individual in this position is expected to participate in the decision-making and problem solving process of designing, building and operating systems for network security; suggesting and implementing policies and procedures to support these activities; and creating prototyping implementations of tools and approaches for threat analysis.

Supervisory Responsibilities:  This position has no supervisory responsibilities.

 

Job Functions or Responsibilities:

30%      Design, prototype, and transition new analysis methods and tools.

30%      Identify and document high-impact, emerging, and complex active security threats.

30%      Perform in-depth reverse engineering of malicious code, document and transition results in reports, presentations, and technical exchanges.                   

10%      Participate in and/or lead presentations to customers, analyst technical exchanges, training sessions and public speaking engagements.

100% Total Effort

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

26 Nov
2014
Threat Analyst - 101239
Pittsburgh, PA or Arlington, VA

Position Summary:  The CERT program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, PA.  The CERT Threat Analysis group is an applied research and development group that provides strategic threat analysis, conducts quantitative studies of large-scale USG networks and builds prototype tools in support of operational sponsors.  This group has diverse expertise to include security analysts, network engineers, malware analysts, statisticians, and developers in the Pittsburgh and Washington DC area.  The position of Threat Analyst is responsible for performing in-depth analysis of cyber threat data to include: identification of active security threats, development of new analytic methods, reverse engineering of malicious code, and documenting and transitioning results in reports, presentations, and technical exchanges.

Minimum Qualifications and Requirements:

Education/Training:  Bachelor’s Degree in Computer Science or scientific/technical field with three (3) years’ experience; MS/MA in a scientific or technical field with one (1) year of experience; or equivalent combination of training and experience.

Experience: 

·         Experience in analyzing cyber threat data

·         Experience in development of analysis techniques

·         Knowledge of static and dynamic code analysis techniques and tools, to include existing gap areas

Skills/Abilities: The ability to:

·         Reverse engineer malicious code

·         Develop code in Python or Java

·         Communicate complex designs or plans to sponsors, project managers and technical staff in clear concise language tailored to the audience

·         Meet deadlines while working on multiple tasks often with shifting priorities

·         Deal collaboratively and successfully with customers, co-workers and other professional colleagues, managers, and staff

Physical Mobility: Primarily sedentary in an office setting with some mobility.  Requires travel to various domestic locations within the SEI and CMU community to include the SEI Pittsburgh office; sponsor sites; conferences; and offsite meetings with routine frequency (2-3 trips a month).

Environmental Conditions:  Normal office conditions; close contact with computer display for extended periods of time.

Mental:  The ability to:

·         Work meticulously with careful attention to detail

·         Meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities

·         Deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff

·         Ability to grasp the big picture, direction, and goals of an effort

·         Develop and communicate innovative ideas

·         Excellent oral and written communication skills

Other: U.S. Citizenship is required.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.

 

Preferred Qualifications and Requirements:

Education/Training: MS/MA in a scientific, technical, or business field with one (1) year of experience. PhD in a technical field.

Experience: 

·         Experience on an incident response; intelligence or security operations floor

·         Participation in broad public forums through activities such as standards, open source development, or publication

·         Experience publishing research and academic papers

·         Experience working with the government, or within a critical infrastructure sector.

·         Expertise in Cyber intelligence tradecraft

·         Knowledge of current challenges and threats faced by USG network security and intelligence organizations

Skills/Abilities: 

·         Knowledge of multiple modern operating systems

·         Strong background with mathematical programming and visual analysis systems

·         Knowledge of USG networks, policies and missions areas/owners in cyber security

·         Knowledge of Internet protocols, operations, and governance

 

Accountability:  This position is accountable for ensuring that the Threat Analysis technical area delivers on the execution of the statement of work for a specific customer.

Direction:  The individual in this position is expected to act autonomously using CMU, SEI, and NSS, defined policies, practices, and procedures.  Additionally, this position will assist in setting Threat Analysis direction based on an understanding of customer needs.

Decisions:  The individual in this position is expected to participate in the decision-making and problem solving process of designing, building and operating systems for network security; suggesting and implementing policies and procedures to support these activities; and creating prototyping implementations of tools and approaches for threat analysis.

Supervisory Responsibilities:  This position does not supervise others.

 

Job Functions or Responsibilities:

30%      Design, prototype, and transition new analysis methods and tools.

30%      Identify and document high-impact, emerging, and complex active security threats.

30%      Perform in-depth reverse engineering of malicious code, document and transition results in reports, presentations, and technical exchanges.                     

10%      Participate in and/or lead presentations to customers, analyst technical exchanges, training sessions and public speaking engagements.

100% Total Effort

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

17 Nov
2014
Cyber Security Engineer - Exercise Developer - 101223
Pittsburgh, PA or Arlington, VA

This position has multiple openings and can be located in Pittsburgh, PA or Arlington, VA.

Position Summary:  As a member of CERT's Workforce Development program, the candidate will work with other team members in developing cyber-security training exercises and simulations, primarily for US military/government customers. This involves interacting directly with customers, gathering training requirements and objectives, producing and facilitating creative and engaging exercise scenarios, and building supporting physical and virtualized systems and network topologies. As such, the candidate will work regularly with a wide range of software and hardware technologies within CERT labs. The candidate may also assist in developing and teaching cyber security training content to external customers. The candidate will also be involved software and hardware prototype development.  Additionally, the position requires the candidate to have demonstrated and effective leadership/management abilities as he/she may supervise and evaluate full time direct reports as well as the activities of graduate student assistants. The successful candidate must be self-directed, have an interdisciplinary approach to problem solving, and work well communicating technical information to technical and non-technical users. The candidate must also be able to interact with clients and staff of all levels in a highly professional and competent manner.

 

Minimum Qualifications and Requirements:

Education/Training:  Bachelor’s degree in Computer Science, Information Science, or related discipline with eight (8) years applicable working experience in information technology, Master’s degree in Computer Science, Information Science, or related discipline with five (5) years applicable working experience in information technology, PhD Computer Science, Information Science, or related discipline with two (2) years applicable working experience in information technology, or equivalent combination of training or experience.

Experience: Successful candidates must possess "hands-on" experience with Computer/Network Security and I.T. system and network administration. Additionally, he/she must have practical experience with Windows server and desktop platforms and Linux/Unix operating systems. The candidate must have experience in network design and troubleshooting and implementing standard networking protocols. Additionally, demonstrated practical experience working with common commercial and open-source cyber security tools is required. The candidate should have some experience teaching technical content to students, peers, and non-technical individuals and must enjoy doing so.

Skills/Abilities: Candidate must be able to prioritize workload and complete deliverables on time, have good technical problem-solving skills, strong analytical and information organization skills, excellent oral and written communication skills, and strong technical teaching skills. Candidate must be able to multitask and work effectively with multiple project teams and sponsors/customers. Experience with virtualization technologies, particularly VMWare ESX server is highly desired. Programming experience in C, C++, C#, Python, and Java is also highly desirable.

Physical Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites.

Environmental Conditions: Close contact with computer for long periods of time.

Mental: Ability to pay close attention to detail, meet deadlines, work under pressure, and communicate effectively.

Other:  U.S. Citizenship is required.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.

 

Preferred Qualifications and Requirements:

Education/Training: BS and MS in Computer Science; training in enterprise security tools (i.e. McAfee ePO/HIPS, ArcSight, etc.)

Licenses: CISSP, Network+, Security+ and/or other industry standard certifications

Experience: US military service in a series of positions involving information technology, cyber security, and management of large scale government networks.

Skills/Abilities: Strong presentation/platform skills and excellent writing skills.

 

Accountability:  The incumbent is accountable for the definition, creation, and maintenance of final deliverables and products and may manage unclassified/classified DoD projects in excess of $3M annually.

Direction:  The incumbent is expected to act independently using CMU and SEI defined policies, practices, and procedures.

Decisions: The incumbent must use good judgment to solve customer and personnel problems and is required to envision, design, develop, pilot, and deliver new capabilities, products, and services.  Candidate will also be required to accurately represent SEI/CERT and its technical work in interactions with customers, sponsors, and the public.

Supervisory Responsibilities:  The incumbent may have at least 2 direct reports as well as up to 15 secondary reports and will be required to provide performance management, career guidance, and take personnel corrective actions as required.

 

Job Functions or Responsibilities:

10%      Design and develop technical documents and instructional materials.

10%      Research, evaluate, develop, install/configure hardware and software including promising new technologies that require examination for cyber security research and development.

10%      Deliver technical and management training to customers.

55%      Mentor, guide and interact with team and other staff.

15%      Contribute to transition planning and strategy.

100% TOTAL EFFORT

 

Organizational Chart: Director, CERT Division < Technical Director, Cyber Security Solutions Directorate < Technical Manager, Cyber Workforce Development Initiative < Cyber Workforce Development Team Lead < Cyber Security Engineer - Exercise Developer

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

17 Nov
2014
Cyber Security Engineer - Exercise Developer - 101224
Pittsburgh, PA or Arlington, VA

This position has multiple openings and can be located in Pittsburgh, PA or Arlington, VA.

Position Summary:  As a member of CERT's Workforce Development program, the candidate will work with other team members in developing cyber-security training exercises and simulations, primarily for US military/government customers. This involves interacting directly with customers, gathering training requirements and objectives, producing and facilitating creative and engaging exercise scenarios, and building supporting physical and virtualized systems and network topologies. As such, the candidate will work regularly with a wide range of software and hardware technologies within CERT labs. The candidate may also assist in developing and teaching cyber security training content to external customers. The candidate will also be involved software and hardware prototype development.  Additionally, the position requires the candidate to have demonstrated and effective leadership/management abilities as he/she may supervise and evaluate full time direct reports as well as the activities of graduate student assistants. The successful candidate must be self-directed, have an interdisciplinary approach to problem solving, and work well communicating technical information to technical and non-technical users. The candidate must also be able to interact with clients and staff of all levels in a highly professional and competent manner.

Minimum Qualifications and Requirements:

Education/Training:  Bachelor’s degree in Computer Science, Information Science, or related discipline with three (3) years applicable working experience in information technology, Master’s degree in Computer Science, Information Science, or related discipline with one (1) years applicable working experience in information technology; or equivalent combination of training or experience.

Experience: Successful candidates must possess "hands-on" experience with Computer/Network Security and I.T. system and network administration. Additionally, he/she must have practical experience with Windows server and desktop platforms and Linux/Unix operating systems. The candidate must have experience in network design and troubleshooting and implementing standard networking protocols. Additionally, demonstrated practical experience working with common commercial and open-source cyber security tools is required. The candidate should have some experience teaching technical content to students, peers, and non-technical individuals and must enjoy doing so.

Skills/Abilities: Candidate must be able to prioritize workload and complete deliverables on time, have good technical problem-solving skills, strong analytical and information organization skills, excellent oral and written communication skills, and strong technical teaching skills. Candidate must be able to multitask and work effectively with multiple project teams and sponsors/customers. Experience with virtualization technologies, particularly VMWare ESX server is highly desired. Programming experience in C, C++, C#, Python, and Java is also highly desirable.

Physical Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites.

Environmental Conditions: Close contact with computer for long periods of time.

Mental: Ability to pay close attention to detail, meet deadlines, work under pressure, and communicate effectively.

Other:  U.S. Citizenship is required.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.

 

Preferred Qualifications and Requirements:

Education/Training: BS and MS in Computer Science; training in enterprise security tools (i.e. McAfee ePO/HIPS, ArcSight, etc.)

Licenses: CISSP, Network+, Security+ and/or other industry standard certifications

Experience: US military service in a series of positions involving information technology, cyber security, and management of large scale government networks.

Skills/Abilities: Strong presentation/platform skills and excellent writing skills.

 

Accountability:  The incumbent is accountable for the definition, creation, and maintenance of final deliverables and products and may manage unclassified/classified DoD projects in excess of $3M annually.

Direction:  The incumbent is expected to act independently using CMU and SEI defined policies, practices, and procedures.

Decisions: The incumbent must use good judgment to solve customer and personnel problems and is required to envision, design, develop, pilot, and deliver new capabilities, products, and services.  Candidate will also be required to accurately represent SEI/CERT and its technical work in interactions with customers, sponsors, and the public.

Supervisory Responsibilities:  The incumbent may have at least 2 direct reports as well as up to 15 secondary reports and will be required to provide performance management, career guidance, and take personnel corrective actions as required.

 

Job Functions or Responsibilities:

10%      Design and develop technical documents and instructional materials.

10%      Research, evaluate, develop, install/configure hardware and software including promising new technologies that require examination for cyber security research and development.

10%      Deliver technical and management training to customers.

55%      Mentor, guide and interact with team and other staff.

15%      Contribute to transition planning and strategy.

100% TOTAL EFFORT

 

Organizational Chart: Director, CERT Division < Technical Director, Cyber Security Solutions Directorate < Technical Manager, Cyber Workforce Development Initiative < Cyber Workforce Development Team Lead < Cyber Security Engineer - Exercise Developer

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

10 Nov
2014
User Experience (UX) Strategist - 101213
Pittsburgh, PA

Position Summary: Carnegie Mellon University seeks a UX Strategist at our Software Engineering Institute (SEI) in Pittsburgh, PA to shape and communicate SEI's user experience strategy and design.  Responsible for defining the UX vision; facilitating strategic, customer-centric decision making; identifying user needs; analyzing and interpreting user research to identify opportunities and recommend design direction; creating and executing effective research plans to provide deeper understanding of people, context of use and usability; developing high level and/or detailed documents, mockups and prototypes to effectively communicate interaction and user experience ideas; organizing and structuring complex information systems to make them intuitive and accessible; and communicating research results and presenting design recommendations in clear and compelling ways.

Minimum Qualifications and Requirements:

Education/Training: Master's degree in Design or a directly related field and one year of experience in the job offered or a directly related position required.

Experience: Experience must include: design thinking and design theory; user experience strategy; content strategy, typography and layout; color and image use; and ActionScript 3.0, HTML and CSS and its application in design and website deployment.  Must also know (through academic background or experience):  human centered design process as well as exploratory, generative and evaluative design research methods.


ORGANIZATIONAL CHART: Chief of Staff, Deputy Director < Web Services, Manager > User Experience (UX) Strategist

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

 

05 Nov
2014
Cyber Intelligence Analyst - 101204
Pittsburgh, PA or Arlington, VA

Position SummaryThe CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania.  The CERT Threat Analysis group supports government customers by developing cutting-edge, network and threat analysis capabilities and techniques to support intelligence requirements and operational missions in high-impact areas.

The CERT Coordination Center develops analysis techniques for some of the largest networks in the world, and supports a wide range of computer network operations activities across the intelligence, planning, and operations execution lifecycle. The analyst will develop new analysis techniques and finished products focused on defending against emerging threats, support customers’ requirements with novel analytic techniques and reports, and take a lead role in preparing research for publication.  The successful candidate will have some combination of academic training, experience in or supporting the US Intelligence Community or Federal Law Enforcement in addition to applied network security or cyber intelligence experience. The individual will be expected to serve in a lead role for the design, execution, and documentation of one or more tasks, as well as to serve as a liaison with customers, potential customers, vendors, and the Internet community as a whole.

This position can be primarily located in the Arlington, VA or Pittsburgh, PA offices of the SEI.

 

Minimum Qualifications and Requirements:

Education/Training: Bachelor’s Degree in Computer Science, Intelligence Studies, or a related analytic/scientific/technical field with eight (8) years’ experience; Master’s Degree in Computer Science, Intelligence Studies, or a related analytic/scientific/technical field with five (5) years’ experience; PhD in Computer Science, Intelligence Studies, or a related analytic/scientific/technical field with two (2) years’ experience; or equivalent combination of training and experience.

Experience: Professional experience listed above is in network security research and/or cyber intelligence—the successful applicant will likely have both.  Applicants should have a record of significant contribution to the US Intelligence and security community, such as publication or involvement in open source projects. 

Skills/Abilities:

  • Capable of conducting analytical studies and investigations of incident and network security data.

  • Capable of performing original research in security analysis and cyber intelligence.

  • Familiarity and prior experience with US Intelligence Community elements, structure and products.

  • Understanding of advanced threat actors and/or typical techniques, tactics and procedures.

  • Understanding of Intelligence Community standards and directives for analytic tradecraft.

  • Experience with scripting and/or programming in a high level language.

  • Deep understanding of and practical experience with various Internet protocols (e.g., TCP/IP, DNS, SMTP, BGP, TLS).

  • Deep knowledge of at least one modern operating system (e.g., Linux, Solaris, Windows 2000/2003/XP/7).

  • Understanding of network security issues at all protocol layers.

  • Understanding of host/operating system security issues.

  • Familiarity with and deep understanding of: IDS, firewalls, SIM/SEM, network and vulnerability scanning, routing.

  • Ability to set strategic direction and agenda for a diverse group of developers and researchers.

  • Ability to function in the role of a consultant.

  • Planning and organizational skills.

  • Strong problem solving skills.

  • Excellent oral and written communication skills.

  • Ability to work both independently and with teams.

  • Experience with statistics.

Physical Mobility: Primarily sedentary in an office setting with some mobility.  Flexibility to travel to various locations within the SEI and CMU community, including sponsor sites, conferences, and meetings.                                

Environmental Conditions:  Normal office conditions; loose contact with computer display for extended periods of time.

Mental:  Ability to work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort, ability to develop and communicate innovative ideas; ability to take leadership role in technical projects; ability to quickly learn new procedures, techniques, approaches, etc. 

Other: U.S. Citizenship is required.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.

 

Preferred Qualifications and Requirements:

Experience: Experience working:

  • in a team environment leading collaborative projects with diverse skills and roles;

  • in the public forum of the broader information security community;

  • directly with customers from government and/or industry (multiple critical infrastructure);

  • in exploratory data analysis;

  • in data visualization;

  • in human-computer interface (HCI) design;

  • technical writing.

 

AccountabilityThe individual is accountable for:

  • Active participation in the overall Threat Analysis R&D effort.

  • Producing original publications in network security analysis.

  • Mentoring junior analysts and researchers.

  • Participating in public speaking engagements, including at remote locations.

Direction:  The individual is expected to act independently using CMU, SEI, NSS, and CERT/CC defined policies, practices, and procedures – within the scope of assigned work.

Decisions:  The individual is expected to participate in the decision-making and problem-solving processes of strategic research direction and strategy of transition of research to engineered technology.

Supervisory Responsibilities:  This position does not formally supervise others.  However, the individual will act in a technical leadership (non-supervisory) role in regard to specific work products and activities, or in regard to student interns, etc. 

 

Job Functions or Responsibilities:

70%     Perform and publish original work in network security analysis and cyber intelligence, including work leading to various government and private sector releases. 

10%     Contribute to overall strategic direction for a diverse security and intelligence R&D team 

10%     Mentor and guide junior analysts.

10%     Participate in and/or lead presentations to customers, analyst jam sessions, training sessions and public speaking engagements.  

100% TOTAL EFFORT

 

Organizational Chart:  Manager, Networked Systems Survivability Program > Technical Director, CERT Coordination Center > Technical Manager, CERT/CC Threat Analysis > Team Lead, CERT/CC Threat Intelligence > Network Intelligence Analyst

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

05 Nov
2014
Network Intelligence Analyst Intern - 101209
Pittsburgh, PA

Position SummaryNetwork Intelligence Analysts are the bridge between decision makers in the government and private sector, and the information security engineers that operate and protect their networks.  During this internship, applicants can expect to learn the fundamentals of intelligence analysis, apply and refine intelligence analysis methodologies to technical data sets, and become familiar with cutting edge network defense tools and practices.  Interns will support CERT technical staff in the research and production of unclassified network intelligence reports and collect/aggregate best practices in intelligence collection management for government sponsors. Interns will also work with USG customers to produce threat studies tailored to critical infrastructure sectors. 

 

Minimum Qualifications and Requirements:

Education/Training: Liberal Arts major with strong interest in network and computer security.

Experience: Experience drafting and formatting reports and correlating research using multiple formatted and unformatted data sources; knowledge of developing deliverables for senior leadership in government or industry; basic understanding of security vulnerabilities.

Skills/Abilities:  Successful candidates will:  possess excellent analytical and technical problem-solving skills; have a strong interest in and possess basic knowledge of network and computer security issues; be able to make decisions independently and in a self-directed manner in support of the goals of the team and organization; be motivated to tackle challenging problems; have excellent organizational skills; be able to work meticulously with careful attention to detail; strong customer service skills; ability to work in a team environment with other team members with variety of skills; ability to work remotely at a customer site with minimal direct supervision; be able to communicate effectively within a team environment; be able to effectively prioritize work; be able to develop and explain technical decisions; recognize and deal appropriately with confidential and sensitive information; interact effectively with technical and non-technical audiences via both verbal and written communications (e.g., technical writing, user guide development, requirements analysis); be able to quickly learn new procedures, techniques, and approaches.

Preferred candidates will: Manipulate large amounts of data into valuable metrics, trends, and findings; identify patterns and associations between open/closed source data; experience analyzing technical data, including categorizing sets of network intrusion events or criminal campaigns; have the ability to adjust quickly to shifting priorities and make quick decisions with limited information.

Physical Mobility: Normally sedentary position with some mobility; i.e., able to travel to other campus locations; may require some bending, stretching, pushing as well as lifting.

Environmental Conditions: Usual office setting; close contact with CRT for long periods of time. 

Mental:  Ability to pay close attention to detail, meet deadlines and remain composed when dealing with difficult people.

Other:  U.S. Citizenship is required.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information. 

 

Accountability:  This candidate will contribute to network analysis and computer security issues.

Direction:  Expected to work independently in most instances. Works with supervisors to manage changing workloads or priorities.

Decisions:  Makes decisions based on knowledge and understanding of the practices, policies, and procedures of the department and demonstrates general knowledge in areas outside the department. Answers questions or inquires directly or routes to the most appropriate person.

Supervisory Responsibilities:  This position does not supervise others. 

 

Job Functions or Responsibilities:

90%                Use analytical and technical problem-solving skills in drafting and formatting reports and correlating research using multiple formatted and unformatted data sources; knowledge of developing deliverables for senior leadership in government or industry; basic understanding of security vulnerabilities.

10%                Have the ability to adjust quickly to shifting priorities and make quick decisions with limited information.

100% TOTAL EFFORT

 

Organizational Chart:  CERT Director < CERT/CC Technical Director < Threat Analysis Technical Manager < Threat Analysis Team < Network Intelligence Analyst Intern

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

05 Nov
2014
Senior Editor - 101208
Pittsburgh, PA

Position SummaryThe person in this position is a member of Technical Communication, which develops and disseminates information, in a variety of forms, about the software engineering research and methods of the Software Engineering Institute (SEI), as well as products and services of the SEI. This position is primarily responsible for editing technical research reports; writing, editing, and organizing content for the SEI website; and producing and editing presentations for senior executives and technical staff. The individual must strive to improve the technical research communications of the SEI, including producing flawless technical reports and clear, user-centered web content. The person in this position must work collaboratively with SEI technical staff. The individual must be able to thrive in a fast-paced environment, respond quickly and with composure to rapidly changing priorities, and manage multiple projects concurrently.

 

Minimum Qualifications and Requirements:

Education/Training: Bachelor’s degree or equivalent in a communications-related major and eight years of experience, training in online communication and technical document development; or an equivalent combination of training and work.

Experience:  Eight (8) years’ experience working collaboratively on publications, websites, and presentations in a technical field, including handling multiple writing tasks simultaneously, acting as a consultant and/or co-writer with technical authors, performing substantive editing and copyediting, creating and revising web pages, and collaborating with technical teams to produce or revise presentations in real time. Experience with Microsoft Office applications, particularly Word and PowerPoint, is a must.

Skills/Abilities:  Outstanding writing, document planning, substantive editing, and copyediting skills; strong organizational, time management, project management, and interpersonal skills. Proven ability to work effectively in a team environment with technical experts, executives, professional writers, information designers, and support staff. Proven ability to handle multiple tasks, respond to shifting priorities, meet deadlines, follow internal procedures and pay attention to details. Ability to work with minimal or no supervision and participate in team decision-making. Poise while interacting with a variety of individuals and teams. Ability to remain calm under pressure. A keen eye for detail with a strong focus on quality control. Commitment to quality and to customer service, and a willingness to be a strong advocate for the reader.

Mobility:  Normal sedentary position with some mobility, i.e., able to travel throughout SEI facilities and to various campus locations.

Environmental Conditions: Office setting, possibly shared with another staff member. Use of keyboard for prolonged periods. Occasional need to be available for editorial and web support outside of regular business hours.

Mental:   Discretion - the ability to keep sensitive information confidential. Flexibility - the ability to adapt quickly to changes in the work environment, and shifting and competing priorities.

Other:  U.S. Citizenship is required.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.

 

Preferred Qualifications and Requirements:

Education/Training:  Master’s degree in a technical writing-related field.

Experience:  Experience with content-management systems for web communication. Experience editing content concerning software engineering or other software-related field. Experience in an academic or technical research setting.

Skills/Abilities:  Expertise in technical communication principles for print and for online reading and understanding of the differences. Ability to recast materials for a variety of audiences. Familiarity with basic principles of document design. Ability to perform substantive editorial reviews of technical material. Ability to estimate and track effort for communication products. Experience with marketing writing for a highly technical or DoD audience a plus.            

 

Accountability:  Responsible for the clarity, usability, and readability of reports, other technical and non-technical documents, and web pages. Responsible for planning and tracking work and meeting competing/changing deadlines. Responsible for eliciting and managing required information, negotiating schedules with collaborators, and managing review and revision activities.

Responsible for ensuring that documents, web pages, and presentations meet the needs of the audience, that they meet usage and style standards set by style guides and policy, that they conform to current templates, and that they have no formatting or typographical errors. Expected to troubleshoot problems with minimal supervision.

 

Responsible for ensuring that content is consistent among presentations and documents on similar topics, revising as necessary and propagating revisions to appropriate information archives.

 

DirectionExpected to act independently, often with minimal or no supervision, while following policies and general guidelines of the SEI and Technical Communications.

 

Policies and procedures that must be followed include those for keeping sensitive information confidential, as well as templates and processes for publishing technical reports and other documents.

 

Decisions:  Sets priorities based on project requirements. Makes audience-related and editorial decisions regularly. Participates in team planning and decision-making activities. Determines and manages own schedule and schedules for projects. Expected to adjust project plans to meet special requests from management.

 

Supervisory Responsibilities:  May be called upon to supervise other editors and support staff to manage communications work. Contributes to hiring decisions in TC. May be called upon to cover the responsibilities of the TC team leader in the leader’s absence.

 

Job Functions or Responsibilities:

50%      Writing, editing, formatting, and proofreading publicly available information and restricted-access information about the SEI’s technical programs. These responsibilities include identifying audience needs and the author’s goals, eliciting content, conducting reviews, collaborating with subject matter experts or other technical communicators, and contributing to and maintaining historical archives.

30%      Collaborating with technical team members to produce and revise web content.

10%      Participating in project team activities that lead to the creation of key SEI communication products. Includes creation and review of content and facilitation of and participation in group decision-making processes.

10%      Project management: planning, managing, scheduling, and tracking projects for the creation of key SEI communication products.

100%      TOTAL EFFORT

 

Organizational Chart:  Manager of Communication Services > Manager of Corporate and Technical Communications > Senior Editor

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

31 Oct
2014
Associate Director of Research - 101197
Arlington, VA

The Software Engineering Institute (SEI) at Carnegie Mellon University is seeking a highly experienced, dynamic and visionary individual to fill the position of Associate Director of Research. This individual is responsible for helping to develop SEI’s technology strategy, interacting with the institute’s sponsors and customers, mentoring SEI’s engineers and researchers, and helping to assess the institute’s technical competitiveness and quality.

The SEI works closely with defense and government organizations, industry, and academia to continually improve software-reliant systems. To accomplish this, the SEI:

  • Performs research in the areas of software systems, cybersecurity and government acquisition processes
  • Identifies and creates technology and methods as solutions
  • Tests  and  refines  the  solutions  through  pilot  programs  that  help  industry  and government solve their problems
  • Widely disseminates mature solutions through training, licensing, publication, and through advice to government stakeholders
  • The SEI is recognized internationally for its work in software engineering and cyber security. For more information, please visit the SEI web site at www.sei.cmu.

Position Summary: The Associate Director of Research will assist the CTO in maintaining a close working partnership with the Chief Executive Officer (CEO) and Chief Operating Officer (COO).  This position reports directly to the CTO. The venue is at SEI’s Washington area office in Arlington, VA.

Key Responsibilities:

The Associate Director of Research primary responsibility is to assist with the development, promulgation and execution of the SEI’s technical strategy. The Associate Director of Research role is to support the CTO and CTO’s technical council in formulating technical and business strategies that are responsive to the needs of sponsors and that demonstrate SEI’s capabilities and technologies. Total budget for the SEI is approximately $140 million and the CTO office is directly responsible for roughly $20 million. A key focus is to help ensure that DoD research funding is sustained or increased over time. The Associate Director of Research will continue to foster a reputation of world-class technical work by engaging in internal processes for awarding and assessing ongoing R&D projects. The incumbent will also participate with technical staff on the execution of customer engagements.

The CTO’s office has paramount responsibility for the creation and maintenance of the SEI’s technical plan, which communicates the SEI’s technical strategy to its sponsor. The CTO develops this plan based on current and predicted technology trends with knowledge of the prioritized needs in industry and government.  The CTO also gathers results and knowledge from other ongoing SEI technical work and performance measures.  The CTO is responsible for the technical and business reviews of DoD funded research projects, and for an exploratory research program that nurtures the creation of new projects that help achieve the technology strategy.

The key responsibilities of the Associate Director of Research are to assist the CTO with the following:

  • Managing and reviewing DoD funded research projects
  • Moving long range visions into an aggressive—but achievable—research strategy plan
  • Evolving leading-edge thinking that projects SEI as a visionary institution relative to DoD focused software engineering and development
  • Creating and overseeing an exploratory research program
  • Supporting the CTO, CEO and COO in conducting reviews (programmatic, financial, technical)
  • Presenting the SEI research strategy plan and technical overviews at professional and technical meetings (for example, representing the SEI at professional meetings such as IEEE or ACM Conferences, ASD(R&E) and DARPA program reviews, etc.)
  • Identifying and enabling opportunities for technical integration among initiatives from different SEI technical programs
  • Actively participating on research and science advisory boards, such as the Science Advisory Board (SAB), Defense Science Board (DSB), and the National Academy of Science ( NAS)

Minimum Qualifications and Requirements:

Education/Training: The qualified candidate will have a PhD in Computer Science, Engineering, or a related discipline. He/she must have a minimum of five (5) years of progressively increasing CTO-like responsibilities managing large, complex research projects in a University, the DoD, or in a large-scale software-reliant systems R&D environment. He/she will have deep domain expertise in software-reliant systems and have high-level DoD and Intelligence Community credibility.

Experience: The ideal candidate must have experience in building and managing high technology teams and projects, expert knowledge of software systems and the government R&D enterprise, and some understanding of government software acquisition processes. The successful candidate must be able to demonstrate experience managing large, complex, research projects that are strategic in nature and the content of which have focused on information technology, software technology, software engineering, and/or cyber security. Management experience within a university, government or military R&D laboratory, and/or Fortune 500 technology-based organization is preferred.

Skills/Abilities: Additionally, the candidate must possess:

  • Experience in securing or allocating competitive DoD research funding
  • Strong  business  acumen  and  be a  visionary,  with  a  strong  sense  of  purpose  and urgency
  • Prior tier one academic center research experience
  • Gravitas and credibility to develop strong and sustainable relationship with SEI’s sponsors and lead technology development
  • Skills to lead and mentor technology research
  • A reputation for applied and/or theoretical research and be well published
  • DARPA  and  program  and  grant  experience;  OSD/ODNI/DHS  experience  is a distinct plus
  • Track record of accomplishment in leading the research agenda for technology- based organizations
  • Strong influencing skills
  • Reputation for highest level of integrity
  • High comfort level with ambiguity
  • Success at building consensus within a matrixed organization
  • Excellent oral, written, and presentation skills

Physical Mobility: Flexibility to travel to various locations within the SEI and CMU community, sponsor sites, conferences, and offsite meetings potentially with routine frequency; ability to travel frequently and to adjust to a work schedule that requires weekend and evening hours.  Meet inflexible deadlines, remain calm during difficult situations, work under pressure, and work with frequent interruptions.  

Other:  U.S. Citizenship is required.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

24 Oct
2014
Vulnerability Analyst - 101175
Pittsburgh, PA

Position Summary:  This is an entry level position that is responsible for acting as the primary coordinator for all software vulnerabilities reported to the CERT Vulnerability Analysis team. CERT receives vulnerability reports through a variety of sources, mainly from the Vulnerability Reporting Form (VRF) on the cert.org website and direct correspondence from researchers, usually through the cert@cert.org email address. The individual will lead customer, vendor, and reporter coordination, and will write vulnerability reports to be published in the CERT website. These vulnerability notes will include detailed technical descriptions of a given vulnerability in addition to any mitigation recommendations. This individual will also be responsible for software vulnerability analysis including black box testing, source code examination, and attack reproduction. The individual in this position must be self-motivated and will have the opportunity to serve as a strong contributor in the analysis, coordination, and remediation of software vulnerabilities.  

 

Minimum Qualifications and Requirements:

Education/Training: Bachelor’s degree in Computer Science or related field, or equivalent in education and Minimum of three (3) years’ experience' or Master's degree in Computer Science or related field with one (1) year experience or combination of experience and training.

Experience: This is an entry level position that provides an opportunity for an individual with the educational background and interest to gain experience in the field of computer security.  The individual in this position should have the interest or classroom experience studying system or network administration, software development, database administration, or similarly technical areas. Candidates should have experience in a Windows and Unix/Linux environment and be able to demonstrate substantial knowledge of at least four of the following: various internet protocols (e.g., TCP/IP, DNS, BGP, SMTP, HTTP); computer system and Internet security issues; various security technologies (e.g., encryption, firewalls, and anti-virus products); software runtime analysis, debugging, and security testing techniques; security auditing practices; underlying software defects that routinely result in security vulnerabilities (e.g., input validation errors); understanding of intruder techniques and software exploitation methods; system, database, and/or network administration; operational details of multiple operating systems; cryptographic principles and common cryptographic protocols; one or more programming languages (e.g., C/C++, Perl, or Java); vulnerability management concepts and tools.

Skills/Abilities: Successful candidates will: have an interest in and have extensive knowledge of network and computer security issues; have the ability to analyze software to discover vulnerabilities; be able to develop and explain technical decisions; be able to separate fact from opinion and speculation; have excellent work prioritization, planning, and organizational skills; interact effectively with vulnerability reporters, system and network administrators, vendors, experts, Internet users, sponsors, policy makers, news reporters, managers and staff (i.e., stakeholders in the vulnerability disclosure process); be able to work with closely coordinated team during emergencies; excellent analytical, reasoning, and creative problem solving skills; excellent written, oral communication skills; recognize and deal appropriately with confidential and sensitive information; be able to work meticulously with careful attention to detail; be able to collaborate effectively and work closely within a coordinated team environment; be able to quickly learn new procedures, techniques, and approaches; maintain composure while dealing with difficult people; communicate and work effectively under normal and stressful situations; meet inflexible deadlines; possess strong leadership and mentoring abilities; be motivated to tackle challenging problems.

Physical Mobility: Sedentary.

Environmental Conditions: Close contact with computer displays for prolonged periods.

Mental: Ability to work under pressure; work concurrently on multiple programs in different stages, pay attention to detail; meet inflexible deadlines; deal with difficult individuals while maintaining composure.

Other: U.S. Citizenship is required.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.

 

Preferred Qualifications and Requirements:

Experience:  Ideal candidates will have substantial experience in two or more of the following areas: industrial/process control systems; web application development; computer and network architecture; reverse engineering; software development; computer and network architecture; network security and survivability issues, to include knowledge of and experience with information security concepts, information security best practices and bodies of knowledge, computer security incident response management.


Accountability: This position is accountable for:  Coordinating all software vulnerabilities reported to the CERT Vulnerability Analysis team; leading customer, vendor, and reporter coordination; producing vulnerability reports to be published.

Direction: Expected to perform under general supervision. Most normal duties and responsibilities are handled independently with the use of established research protocol and departmental and university procedures and policies. Difficult or unique situations are referred to the supervisor.

Decisions: Suggests possible solutions to colleagues and users.

Supervisory Responsibilities: This position does not supervise others.


JOB FUNCTIONS OR RESPONSIBILITIES:

40% Analyzes incoming vulnerability reports to determine technical validity and merit. Coordinates response strategy with affected vendors. Publishes corresponding vulnerability notes.

40% Performs vulnerability discovery and validation using in-house CERT fuzzing tools.

10% Attends required meetings and participates in various seminars and training classes to maintain or update skills needed.

5% Submits regular work progress reports to supervisor.

5%Performs related duties as assigned.

100% TOTAL EFFORT


ORGANIZATIONAL CHART:  CERT Director->CERT/CC Technical Director->Vulnerability Analysis Technical Manager->Vulnerability Analysis Team Lead->Vulnerability Analyst

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

 

23 Oct
2014
Senior Engineer - Team Lead, Trends - 101171
Pittsburgh, PA

Position Summary:  The CERT program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, PA.  The CERT Threat Analysis group is an applied research and development group that provides strategic threat analysis, conducts quantitative studies of large-scale USG networks and builds prototype tools in support of operational sponsors.  This group has diverse expertise to include security analysts, network engineers, malware analysts, statisticians, and developers in the Pittsburgh and Washington DC-area.  The position of Trends team lead is responsible for leading a team that develops new analytical tradecraft to understand cyber threats, actors, and targets, and as directed by a customer, and apply these techniques to author reports on topics of interest.  The candidate will be responsible for setting the strategic direction of the team, and driving the associated research plan.  Additionally, the candidate will work with the technical manager and peer team leads to ensure resources are properly aligned with the needs of sponsors.  

 

Minimum Qualifications and Requirements:

Education/Training:  Bachelor’s Degree in Computer Science or scientific/technical field with ten (10) years of experience; MS/MA in a scientific or technical field with eight (8) years of experience; or equivalent combination of training and experience.

Experience:

  • Professional experience should include 4 or more years of experience in a leadership role including technical decision-making.

  • Experience listed above should have some relation to security operations or research.

  • Applicants should have a record of significant contributions to the security community, such as academic publication or involvement in open source security tool projects.

  • Expertise in one or more major security or network engineering areas: incident handling, network traffic analysis, forensics, vulnerability assessment, network auditing, capacity planning, network architecture, etc.

  • Knowledge of static and dynamic code analysis techniques and tools, to include existing gap areas.

  • Expertise in Cyber intelligence tradecraft.

  • Knowledge of current challenges and threats faced by USG network security and intelligence organizations.

Skills/Abilities:

The ability to:

  • envision operational application of fundamental and applied research ideas;

  • elicit technical requirements and direct capability development based on collaborate with executive, non-technical, or domain-expert stakeholders;

  • communicate complex designs or plans to executive staff, sponsors, project managers and technical staff in clear concise language tailored to the audience;

  • meet deadlines while working on multiple tasks often with shifting priorities; and

  • deal collaboratively and successfully with customers, co-workers and other professional colleagues, managers, and staff.

  • Contribute to business development to sustain the team

  • Technical project management

  • Strong problem solving skills

  • Ability to brief strategic and technical topics to senior management and non-technical audiences

  • Ability to function in the role of a consultant and project manager

Physical Mobility: Primarily sedentary in an office setting with some mobility.  Requires travel to various domestic locations within the SEI and CMU community to include the SEI Pittsburgh office; sponsor sites; conferences; and offsite meetings with routine frequency (2-3 trips a month).

Environmental Conditions:  Normal office conditions; close contact with computer display for extended periods of time.

Mental:  

The ability to:

  • Work meticulously with careful attention to detail;

  • Meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities;

  • Deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff;

  • Ability to grasp the big picture, direction, and goals of an effort;

  • Develop and communicate innovative ideas;

  • Excellent oral and written communication skills.

Other: U.S. Citizenship is required.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.

 

Preferred Qualifications and Requirements:

Education/Training: PhD in a technical field with five (5) years of experience, or equivalent combination of training and experience.

Experience:

  • Prior responsibility in managing a body of work consisting of numerous large scale projects and multiple customers/external sponsors.

  • Experience on an incident response; intelligence or security operations floor.

  • Participation in broad public forums through activities such as standards, open source development, or publication.

  • Experience publishing research and academic papers.

  • Experience working with the government, or within a critical infrastructure sector.

Skills/Abilities

  • Knowledge of multiple modern operating systems

  • Strong background with mathematical programming and visual analysis systems

  • Knowledge of USG networks, policies and missions areas/owners in cyber security

  • Knowledge of Internet protocols, operations, and governance

 

Accountability:  This position is accountable for ensuring that the Threat Intelligence team delivers on the execution of the statement of work for a specific customer.  The individual is accountable for aligning Threat Intelligence projects with customer needs and re-prioritizing efforts as appropriate.

Direction:  The individual in this position is expected to act autonomously using CMU, SEI, and NSS, defined policies, practices, and procedures.  Additionally, this position will assist in setting NetSA direction based on an understanding of customer needs.

Decisions: The individual in this position is expected to participate in the decision-making and problem solving process of designing, building and operating systems for network security; suggesting and implementing policies and procedures to support these activities; and creating prototyping implementations of tools and approaches for situational awareness.  Further, this position will contribute to key design making for the prioritization of efforts for a specific customer.

Supervisory Responsibilities:  This position does not formally supervise others.  However, the individual will act in a technical and project leadership role with respect to specific work products and a specific customer.  Further, they will lead activities at both CMU and at the customer site.

 

Job Functions or Responsibilities:

40%      Supervise a team within a defined set projects.  Assign tasking and set priorities based on changing needs.

30%      Lead, perform and publish original work contributing the advancement of tradecraft in threat intelligence.

20%      Enable the transition and appropriate focus of Threat Analysis approaches and tools into operational environments.                       

10%      Participate in and/or lead presentations to customers, analyst technical exchanges, training sessions and public speaking engagements.

100% TOTAL EFFORT

 

Organizational Chart:  Division Director, CERT > Technical Director, CTVA > Threat Analysis Technical Manager > Trends Team Lead

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

 

15 Oct
2014
Cyber Security Engineer - Exercise Developer - 101155
Arlington, VA

This is located in Arlington, VA

Position Summary:  As a member of CERT's Workforce Development program, the candidate will work with other team members in developing cyber-security training exercises and simulations, primarily for US military/government customers. This involves interacting directly with customers, gathering training requirements and objectives, producing and facilitating creative and engaging exercise scenarios, and building supporting physical and virtualized systems and network topologies. As such, the candidate will work regularly with a wide range of software and hardware technologies within CERT labs. The candidate may also assist in developing and teaching cyber security training content to external customers. The candidate will also be involved software and hardware prototype development.  Additionally, the position requires the candidate to have demonstrated and effective leadership/management abilities as he/she may supervise and evaluate full time direct reports as well as the activities of graduate student assistants. The successful candidate must be self-directed, have an interdisciplinary approach to problem solving, and work well communicating technical information to technical and non-technical users. The candidate must also be able to interact with clients and staff of all levels in a highly professional and competent manner.

Minimum Qualifications and Requirements:

Education/Training:  Bachelor’s degree in Computer Science, Information Science, or related discipline with eight (8) years applicable working experience in information technology, Master’s degree in Computer Science, Information Science, or related discipline with five (5) years applicable working experience in information technology, PhD Computer Science, Information Science, or related discipline with two (2) years applicable working experience in information technology, or equivalent combination of training or experience.

Experience: Successful candidates must possess "hands-on" experience with Computer/Network Security and I.T. system and network administration. Additionally, he/she must have practical experience with Windows server and desktop platforms and Linux/Unix operating systems. The candidate must have experience in network design and troubleshooting and implementing standard networking protocols. Additionally, demonstrated practical experience working with common commercial and open-source cyber security tools is required. The candidate should have some experience teaching technical content to students, peers, and non-technical individuals and must enjoy doing so.

Skills/Abilities: Candidate must be able to prioritize workload and complete deliverables on time, have good technical problem-solving skills, strong analytical and information organization skills, excellent oral and written communication skills, and strong technical teaching skills. Candidate must be able to multitask and work effectively with multiple project teams and sponsors/customers. Experience with virtualization technologies, particularly VMWare ESX server is highly desired. Programming experience in C, C++, C#, Python, and Java is also highly desirable.

Physical Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites.

Environmental Conditions: Close contact with computer for long periods of time.

Mental: Ability to pay close attention to detail, meet deadlines, work under pressure, and communicate effectively.

Other:  U.S. Citizenship is required.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.

 

Preferred Qualifications and Requirements:

Education/Training: BS and MS in Computer Science; training in enterprise security tools (i.e. McAfee ePO/HIPS, ArcSight, etc.)

Licenses: CISSP, Network+, Security+ and/or other industry standard certifications

Experience: US military service in a series of positions involving information technology, cyber security, and management of large scale government networks.

Skills/Abilities: Strong presentation/platform skills and excellent writing skills.

 

Accountability:  The incumbent is accountable for the definition, creation, and maintenance of final deliverables and products and may manage unclassified/classified DoD projects in excess of $3M annually.

Direction:  The incumbent is expected to act independently using CMU and SEI defined policies, practices, and procedures.

Decisions: The incumbent must use good judgment to solve customer and personnel problems and is required to envision, design, develop, pilot, and deliver new capabilities, products, and services.  Candidate will also be required to accurately represent SEI/CERT and its technical work in interactions with customers, sponsors, and the public.

Supervisory Responsibilities:  The incumbent may have at least 2 direct reports as well as up to 15 secondary reports and will be required to provide performance management, career guidance, and take personnel corrective actions as required.

 

Job Functions or Responsibilities:

10%      Design and develop technical documents and instructional materials.

10%      Research, evaluate, develop, install/configure hardware and software including promising new technologies that require examination for cyber security research and development.

10%      Deliver technical and management training to customers.

55%      Mentor, guide and interact with team and other staff.

15%      Contribute to transition planning and strategy.

100% TOTAL EFFORT

 

Organizational Chart: Director, CERT Division < Technical Director, Cyber Security Solutions Directorate < Technical Manager, Cyber Workforce Development Initiative < Cyber Workforce Development Team Lead < Cyber Security Engineer - Exercise Developer

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

14 Oct
2014
Chief Scientist - Emerging Technology Center - 101142
Pittsburgh, PA or Arlington, VA

The Software Engineering Institute’s Emerging Technology Center (SEI ETC) at Carnegie Mellon University helps the government stay on the leading edge of technology. The SEI ETC identifies, demonstrates, and applies emerging software technologies for critical U.S. Government needs. We promote government awareness and knowledge of emerging technologies and their applications, shape and leverage academic and industrial research, and build and demonstrate novel software capabilities.

We are seeking a Chief Scientist to be located in either Pittsburgh, Pennsylvania or Arlington, Virginia. Our ideal candidate is a creative and energetic applied research scientist passionate about data analytics, scalable and distributed computing, human information interaction, data storage and processing, or other software technologies. If you are committed to bringing innovation to government and beyond and are interested in working with an amazing team of developers, analysts, architects, engineers, and research scientists, then this is the position for you (and if you like to get your hands dirty, that is even better).

Position Summary:   The successful candidate will develop, guide, and oversee a rich applied research portfolio in line with the SEI’s overarching research agenda. The SEI ETC is a hands-on group that brings emerging technology to bear on difficult problems through building and demonstrating technology. The Chief Scientist will be responsible for setting direction, shaping and growing the SEI ETC research portfolio, supporting the SEI ETC team in developing proposals and research directions, and overseeing all SEI ETC research activities. Current areas of interest include data analytics, heterogeneous and high performance computing, and cyber intelligence. The Chief Scientist will represent the SEI ETC on internal research-oriented councils and will have a leadership role in the Center and across the SEI. As the Chief Scientist, you will have constant opportunities to learn and explore new technologies, interact extensively with mission stakeholders in the Department of Defense (DoD) and the Intelligence Community, and actively collaborate with the faculty and research community at Carnegie Mellon University and elsewhere.

 

Minimum Qualifications and Requirements:

Education/Training: M.S. in computer science, applied mathematics, computer engineering, or related field with eight (8) years of experience in applied computational research; Ph.D. with at least five (5) years of experience is a plus; or equivalent combination of training and experience.

Experience: Demonstrated track record in basic or applied research with extensive experience in building prototype or production software capabilities; Participation and leadership of interdisciplinary research and development teams; Successful experience with research proposals and developing research programs; Mission awareness or subject matter expertise on real world problems; Experience and hands-on knowledge of relevant technologies including distributed and scalable computing, adaptive systems, data analytics, high-performance computing, cyber intelligence, human information interaction, and other areas; Use of and contributions to Open Source Software projects; Confidence in presenting technical ideas and information to diverse audiences including industry and government seniors; Connections and collaborations with the academic, research, and innovation communities; Human-centered design experience is a plus; Start-up experience is a plus.

Skills/Abilities: Ability to set a technical direction and develop a research portfolio based on DoD and Intelligence Community mission needs and the SEI’s overall research agenda; Ability to formulate and execute research to address these needs; Ability to collaborate with research team members; Ability to lead research teams; Demonstrated ability to work effectively with external collaborators, customers, and sponsors; Excellent written, verbal, and presentation skills in research, customer, and operational settings; Ability to quickly understand new technologies and to refine technical strategies accordingly; demonstrated ability to lead and grow a team.  Passion for creating cool stuff that will change the world; Team player interested in building and mentoring others; Naturally curious; Able to learn quickly; Technology generalist with ability to acquire technical depth quickly; Firm believer that we can change the world through the smart application of software technologies.

Physical Mobility: Primarily sedentary in an office setting with some mobility. The ability and willingness to travel is required.

Environmental Conditions: Office setting with extended use of computing equipment.

Mental: The ability to: explore and solve complex, ill-defined problems; meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; self-starter willing to take on tasks and initiate constructive activity with little guidance; deal collaboratively, diplomatically, and successfully with customers, co-workers, and other professional colleagues, managers, and staff; lead and develop others; grasp the big picture, direction, and goals of an effort; interface with world-class research community; develop and communicate innovative ideas; quickly learn new procedures, techniques, and approaches.

Other: U.S. Citizenship is required.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.

 

Preferred Qualifications and Requirements:

Experience:  Ph.D. with eight (8) years of applied computation research experience, including leadership of interdisciplinary research and development teams.

Skills/Abilities: Teaching, facilitating, mentoring, leading, proposal writing, and consulting.

 

Accountability: This position will be responsible for developing, guiding, and overseeing a rich and diverse applied research portfolio for the SEI ETC in alignment with the SEI overall research agenda. This includes working closely with the entirety of the SEI ETC team, other senior technical staff and researcher’s leaders from across the SEI, the SEI Technical Council, and government and industry research sponsors. The SEI ETC Chief Scientist will be responsible for the overall quality and impact of the ETC’s research activities.

Direction: This position is an SEI ETC leadership position and operates with only broadest of guidelines and direction from the SEI ETC Director.

Decisions: This position will develop, pursue, drive, and oversee the research direction for the SEI ETC in accordance with the SEI ETC Director.

Supervisory Responsibilities: Over time and as the SEI ETC grows and evolves, the SEI ETC Chief Scientist may supervise a group of research scientists or other technical staff as appropriate. The SEI ETC Chief Scientist may also serve as the Project/Technical Lead on one or more projects as appropriate.

 

Job Functions or Responsibilities:

40%   Overseeing or leading research teams and projects; conducting research.

25%   Defining, pursuing, and developing research directions, proposals, and projects.

20%   Writing research papers; developing and delivering technical presentations.

15%   Participating in SEI ETC and SEI leadership and management activities.

100% TOTAL EFFORT

 

Organizational Chart:  Emerging Technology Center Director  >  Chief Scientist - Emerging Technology Center

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

 

14 Oct
2014
Senior Engineer - Client Technical Solutions - 101145
Pittsburgh, PA or Arlington, VA

This position can be located in Pittsburgh, PA or Arlington, VA.

 

Position Summary:  The Senior Member of the Engineering Technical Staff of Software Solutions Division will be responsible for leading teams that enable the organizations within the Department of Defense Civil Agencies and Intel Community to enhance the predictable performance and mission assurance in the acquisition, evolution and operations of software-reliant systems. Key activities include understanding customer requirements and key challenge problems and addressing them with tailored solutions; applying, adapting, integrating, verifying and transitioning the SEI body of knowledge and other bodies of knowledge to maximize impact; creating, applying and codifying new approaches to support customer needs and advance the software engineering state of the practice; and maintaining situational awareness in technical and DoD domains. The candidate will coordinate closely with technical staff in CTSD, SSD  and other SEI programs to deliver software engineering technical expertise to customers throughout the lifecycle.


Minimum Qualifications and Requirements:
 
Education/Training: BS or equivalent degree in relevant discipline with ten (10) years applicable experience; MS or equivalent degree in relevant discipline with eight (8) years applicable experience; PhD or equivalent degree in relevant discipline with five (5) years applicable experience, or equivalent combination of training and experience.

Experience: The candidate must have experience in software engineering, development or management, and/or systems engineering. Must be knowledgeable of the software engineering and system engineering disciplines as well as understanding the DoD, Intelligence Community or Civilian Agency acquisition processes. The candidate should have experience building, leading, managing and participating on cross-functional, high technology teams, should be able to operate effectively with all organizations within the software and acquisition communities and be able to interact diplomatically with partners, customers and sponsors.

Skills/Abilities: Detailed knowledge of software engineering; detailed knowledge of at least one core competency: requirements, architecture and design, program and acquisition management, performance improvement, assurance, or security and depth in at least one SEI body of work.  Experience in five or more of the following: DoD or Civilian Agency software systems acquisition on major programs (For the purposes of this announcement, our definition of major is at least 100K SLOC of custom developed code, and/or significant integration of COTS/GOTS products); solid technical breadth and understanding of all aspects of the end-to-end software lifecycle (e.g., requirements, design, implementation, testing, etc.); alternative life cycles (e.g. waterfall, agile); major DoD, Intelligence Community, or Civilian Agency software acquisition policies and directives; enterprise architecture ; software architecture development and evaluation, software architecture patterns (e.g. SOA) and concepts (e.g. Cloud computing); information Assurance/survivability; systems engineering on software intensive systems; COTS product integration; performance measurement including definition and application of goals, measurements and metric; system of systems engineering; requirements development and management; software integration and test and software/hardware integration; deployment of software intensive systems, especially including transition from legacy systems; cost estimation.

Strong written and verbal communications skills and the ability to present to high visibility stakeholders internal and external to the organization.  Proven program and project management skills including: interfacing with clients, developing proposals, and establishing relationships with new DoD and/or government clients and programmatic and project management skills (e.g., ability to develop project plans, track deliverables, manage risks, perform staff planning, provide budget oversight).  Ability to lead and participate in multidisciplinary teams.

Mobility: Will be required to travel on overnight assignments

Environmental Conditions: Usual office setting with extended use of CRT.

Other: U.S. Citizenship is required.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.


Preferred Qualifications and Requirements: 

Education/Training: Master's degree in Computer Science, Information Systems, systems engineering, software engineering, or acquisition management.

Licenses: Certified DoD Acquisition Professional. Certified PMP.


Accountability:  The member will be directly accountable for understanding DoD acquisition needs, applying new technologies, and establishing delivery capabilities to meet the needs of the sponsoring organization and the acquisition community.

Direction:  As a technical staff member, he/she will be expected to operate with minimum supervision using CMU and SEI defined practice, policies and procedures, in concert with the SEI mission.

Decisions:  Will be required to work with government program offices to identify strengths and weaknesses within the acquisition program and their contractor base and build solutions to address the weaknesses and recognize and encourage the strengths.

Supervisory Responsibilities:  Must be able to lead and supervise others.


JOB FUNCTIONS OR RESPONSIBILITIES:

85%  Participate as a leader or member of technical teams in support of government acquisition program offices or participate as a member of a technical team performing research. Identify and support the implementation strategies for the capture and application of learning and knowledge transfer from assignments (e.g. dissemination of research results, case studies, guides, reports, presentations, articles, workshops, courses, and blog entries).

10%  Other duties as assigned by the Client Technical Solutions Directorate, Executive Director, Deputy Director, Associate Director or Chief Engineer.

5%  Serve in an advisory capacity to other SEI technical programs on acquisition or technical issues.
100% TOTAL EFFORT


Organiztional ChartSEI Director’s Office < Director, Software Solutions Division < Technical Director, Client Technical Solutions Directorate < Sector Lead, CTSD Sector Team

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

16 Sep
2014
Network Intelligence Analyst Intern - 101071
Arlington, VA

Position SummaryNetwork Intelligence Analysts are the bridge between decision makers in the government and private sector, and the information security engineers that operate and protect their networks.  During this internship, applicants can expect to learn the fundamentals of intelligence analysis, apply and refine intelligence analysis methodologies to technical data sets, and become familiar with cutting edge network defense tools and practices.  Interns will support CERT technical staff in the research and production of unclassified network intelligence reports and collect/aggregate best practices in intelligence collection management for government sponsors. Interns will also work with USG customers to produce threat studies tailored to critical infrastructure sectors. 

 

Minimum Qualifications and Requirements:

Education/Training: Liberal Arts major with strong interest in network and computer security.

Experience: Experience drafting and formatting reports and correlating research using multiple formatted and unformatted data sources; knowledge of developing deliverables for senior leadership in government or industry; basic understanding of security vulnerabilities.

Skills/Abilities:  Successful candidates will:  possess excellent analytical and technical problem-solving skills; have a strong interest in and possess basic knowledge of network and computer security issues; be able to make decisions independently and in a self-directed manner in support of the goals of the team and organization; be motivated to tackle challenging problems; have excellent organizational skills; be able to work meticulously with careful attention to detail; strong customer service skills; ability to work in a team environment with other team members with variety of skills; ability to work remotely at a customer site with minimal direct supervision; be able to communicate effectively within a team environment; be able to effectively prioritize work; be able to develop and explain technical decisions; recognize and deal appropriately with confidential and sensitive information; interact effectively with technical and non-technical audiences via both verbal and written communications (e.g., technical writing, user guide development, requirements analysis); be able to quickly learn new procedures, techniques, and approaches.

Preferred candidates will: Manipulate large amounts of data into valuable metrics, trends, and findings; identify patterns and associations between open/closed source data; experience analyzing technical data, including categorizing sets of network intrusion events or criminal campaigns; have the ability to adjust quickly to shifting priorities and make quick decisions with limited information.

Physical Mobility: Normally sedentary position with some mobility; i.e., able to travel to other campus locations; may require some bending, stretching, pushing as well as lifting.

Environmental Conditions: Usual office setting; close contact with CRT for long periods of time. 

Mental:  Ability to pay close attention to detail, meet deadlines and remain composed when dealing with difficult people.

Other:  U.S. Citizenship is required.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information. 

 

Accountability:  This candidate will contribute to network analysis and computer security issues.

Direction:  Expected to work independently in most instances. Works with supervisors to manage changing workloads or priorities.

Decisions:  Makes decisions based on knowledge and understanding of the practices, policies, and procedures of the department and demonstrates general knowledge in areas outside the department. Answers questions or inquires directly or routes to the most appropriate person.

Supervisory Responsibilities:  This position does not supervise others. 

 

Job Functions or Responsibilities:

90%                Use analytical and technical problem-solving skills in drafting and formatting reports and correlating research using multiple formatted and unformatted data sources; knowledge of developing deliverables for senior leadership in government or industry; basic understanding of security vulnerabilities.

10%                Have the ability to adjust quickly to shifting priorities and make quick decisions with limited information.

100% TOTAL EFFORT

 

Organizational Chart:  CERT Director < CERT/CC Technical Director < Threat Analysis Technical Manager < Threat Analysis Team < Network Intelligence Analyst Intern

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

05 Sep
2014
Architecture Researcher - 101060
Pittsburgh, PA

Position Summary: The Software Engineering Institute’s Architecture Practices initiative at Carnegie Mellon University seeks to create architecture-centric theories and practices to increase development efficiency and effectiveness on large-scale software and systems engineering projects.  The Architecture Researcher will join the Architecture Practices team to assist in expanding the established research program in order to create and extend architecture-centric theories and practices for the organization in order to produce systems to meet their business and mission goals. The Architecture Researcher will be responsible for:

  • Contributing to ongoing architecture research efforts, building on new research directions, and validating ideas in customer settings;
  • Defining and developing research strategies and projects, leading research teams, such as the customer efforts or transition project teams, and/or conducting planned research projects as necessary;
  • Directing support activities to enable technical work and the activities of work study or graduate students as appropriate;
  • Communicating the results of his/her research, through publication presentations in peer-reviewed venues;
  • Working with collaborators and customers to apply research outcomes to real world systems;
  • Determining and recommending architecture-centric technical solutions for practical system development programs; and
  • Participating in and leading technical activities in community settings (conferences, workshops, and working groups).

 

Minimum Qualifications and Requirements:

Education/Training: Ph.D. degree in Software Engineering, Computer Science, Information Systems, or a related field, or equivalent combination of training and experience.

Experience: Must have at least two (2) years of experience in architecture research and/or practice architecting systems, which shall include specific experience in:

  • Performing research in architectural modeling, analysis, and generation of safety critical embedded software systems;
  • Performing research in timing analysis and behavioral verification of safety critical systems;
  • Applying architecture-centric research technologies on customer systems in the aerospace domain
  • Publishing at least ten (10) papers in peer-reviewed computer-science venues.
  • Familiarity with avionics standards such as ARINC653, ARINC664, or SAE AS5506 AADL is a plus.

Skills/Abilities: Software development, including Java programming, extending the Eclipse platform (plug-in development). Strong written and verbal communication skills and the ability to present to small and large audiences.

Mobility: Normally sedentary position with some mobility; i.e., able to travel to other campus locations.

Environmental Conditions: Usual office setting, close contact with computer displays for long periods of time.

Mental: Ability to explore and solve complex, ill-defined problems; work meticulously with attention to detail; self-starter willing to take on tasks and develop new research ideas; deal collaboratively, diplomatically, and successfully with customers, co-workers; interact with world-class research community.

Other:  Applicants must be able to pass a background investigation.

 

Accountability: Ability to work on research with minimal supervision; meet deadlines while working on multiple tasks;.

Direction: Expected to act with limited supervision in accordance with SEI procedures, policies, such as those involving technical leadership, analysis, report production, and confidentiality. Requires close collaboration and teaming within and across initiatives and directorates.

Decisions: Suggests possible solutions to colleagues and users.

Supervisory Responsibilities:  This position does not supervise others.

 

Job Functions or Responsibilities:

50%        Research, prototyping, and demonstration of architecture-centric analysis and generation technologies.

30%        Application of architecture-centric technologies in customer settings.

20%        Publication of research results.

100% TOTAL EFFORT


Organizational Chart: SSD Director > AP Initiative Lead > Architecture Researcher

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

 

05 Sep
2014
Capability Development Analyst - 101023
Pittsburgh, PA or Arlington, VA

Position Summary:  The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Program engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.  The CERT Coordination Center (CERT/CC) supports government customers by developing and transitioning cutting-edge analysis techniques and tools, providing strategic advisement, and supporting tactical operations.

The Capability Development Team Analyst is a member of the CERT/CC technical staff and based in the SEI Office in Pittsburgh, Pennsylvania. The candidate selected to fulfil this role will provide technical subject matter expertise to CERT/CC support of Computer Security Incident Response Team (CSIRT) and associated capability and capacity development efforts. This support will include assisting with the development and pursuit of CERT/CC strategic drivers for engaging in these initiatives and vision for CSIRT community interaction, regularly interacting with sponsors and stakeholders of these efforts, and execution of efforts as directed by the Capability Development Team Lead to ensure that the work being performed drives toward sponsor goals and CERT/CC strategic drivers.

Minimum Qualifications and Requirements:

Education/Training:  Bachelor’s Degree in Computer Science or scientific/technical field with three (3) years of experience.  MS/MA in a scientific or technical field with one (1) years of experience, or equivalent.

Experience:  Professional experience should include one (1) or more years of experience supporting CSIRT capabilities to include incident response, incident analysis, and development and implementation of mitigation actions and proactive security measures. This should include experience:

  • in creating, assessing, and improving these types of teams, as well as a working knowledge of existing global capabilities, advanced technology solutions and initiatives
  • as an operational CSIRT security analyst, incident handler, or operations specialist
  • working with and engaging people in diverse cultural environments, and
  • fostering interaction and collaboration amongst peer organizations

Skills/Abilities:

  • Knowledge of current and effective CSIRT organizational and functional structures and the technical operations performed by these teams
  • Ability to work independently or within a team with members of varying skill sets and levels
  • Broad understanding of enterprise technology security issues
  • Broad working knowledge of commonly deployed computer network defense tools and processes to include leading vendor solutions
  • Ability to brief strategic and technical topics to technical and non-technical audiences
  • Knowledge of current operational challenges and technical threats faced by network security and intelligence organizations
  • Familiarity with project planning and management best practices

Physical Mobility: Primarily sedentary in an office setting with some mobility.  Flexibility to travel monthly to sites in the Washington metropolitan area and international locations.

Environmental Conditions: Normal office conditions; close contact with computer display for extended periods of time

Mental: The ability to:

  • work meticulously with careful attention to detail;
  • meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities;
  • deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort;
  • develop and communicate innovative ideas;
  • take leadership role in technical projects; and
  • quickly learn new procedures, techniques, and approaches.

Other: U.S. Citizenship is required.  Applicants will be subject to a security investigation and must meet eligibility requirements for access to classified information, and must be able to pass a background investigation.

 

Preferred Qualifications and Requirements:

Education/Training: MS/MA in a scientific, technical, or business field with 2 years of experience, or equivalent; PhD in a technical field.

Licenses: CISSP, CEH, CISM, CompTIA, or similar

Experience:           

  • Participation in broad public forums through activities such as standards, open source development, or publication
  • Experience publishing research and academic papers
  • Experience working with the government, or within a critical infrastructure sector
  • Active in regional or international trade-related organizations such as the Forum of Incident Response and Security Teams (FIRST), North American Network Operators' Group (NANOG), Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), Anti-Phishing Working Group (APWG), etc.
  • Demonstrable experience effectively deliver training to technical and management level audiences on subject matter related to CSIRT development, incident response operations

 

Accountability:  This position is accountable for ensuring that the CSIRT Operations team delivers on the execution of the statement of work for customers sponsoring capability building efforts.  The individual is accountable for aligning CSIRT Operations projects with customer needs and re-prioritizing efforts as appropriate, in close coordination with the Capability Development Team Lead.

Direction:  The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual is expected to participate in the decision-making and problem-solving processes of defining, designing, implementing, and sustaining national-level CSIRT and related operations; suggesting and implementing policies and procedures to support these activities; and creating and sharing information regarding the state of the practice for broad dissemination.

Supervisory Responsibilities:  This position will not formally supervise any personnel. 

 

Job Functions or Responsibilities:

65%   Create framework and methodology documents, both general and specific to individual stakeholder groups, intended to facilitate the organizational and technical capacity development of large CSIRTs.

30%   Support planning, development, and execution of customer led and/or supported development activities, planning discussions, and awareness raising exercises. Through partnership, awareness, and action evaluate the need for, develop blueprints for, and assist with the implementation of national-level CSIRT capabilities

5%   Capture knowledge from the engagements undertaken, integrate it with lessons learned from other similar work, and help transfer that knowledge for the betterment of the global CSIRT community.

100% TOTAL EFFORT

 

Organizational Chart:  Program Director, CERT < Technical Director, CERT/CC < CSIRT Operations Technical Manager, CERT/CC < Capability Development Team Lead < Capability Development Analyst

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

05 Sep
2014
Capability Team Analyst - 101024
Pittsburgh, PA or Arlington, VA

Position SummaryThe CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Program engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.  The CERT Coordination Center (CERT/CC) supports government customers by developing and transitioning cutting-edge analysis techniques and tools, providing strategic advisement, and supporting tactical operations.

The Capability Development Team Analyst is a member of the CERT/CC technical staff and based in the SEI Office in Pittsburgh, Pennsylvania. The candidate selected to fulfil this role will provide technical subject matter expertise to CERT/CC support of Computer Security Incident Response Team (CSIRT) and associated capability and capacity development efforts. This support will include assisting with the development and pursuit of CERT/CC strategic drivers for engaging in these initiatives and vision for CSIRT community interaction, regularly interacting with sponsors and stakeholders of these efforts, and execution of efforts as directed by the Capability Development Team Lead to ensure that the work being performed drives toward sponsor goals and CERT/CC strategic drivers.

 

Minimum Qualifications and Requirements:

Education/Training:  Bachelor’s Degree in Computer Science or scientific/technical field with (8) eight years of experience; MS/MA in a scientific or technical field with five (5) years of experience; PhD in a scientific or technical field with two (2) years of experience; or equivalent combination of training and experience.

Experience: Professional experience should include five (5) or more years of experience supporting or managing large organizational or national-level CSIRT capabilities to include incident response, incident analysis, and development and implementation of mitigation actions and proactive security measures. This should include experience:

  • in creating, assessing, and improving these types of teams, as well as a working knowledge of existing global capabilities, advanced technology solutions and initiatives
  • as an operational CSIRT security analyst, incident handler, or operations specialist
  • working with and engaging people in diverse cultural environments, and
  • fostering interaction and collaboration amongst peer organizations

Skills/Abilities:

  • Knowledge of current and effective CSIRT organizational and functional structures and the technical operations performed by these teams
  • Ability to work independently or within a team with members of varying skill sets and levels
  • Broad understanding of enterprise technology security issues
  • Broad working knowledge of commonly deployed computer network defense tools and processes to include leading vendor solutions
  • Ability to brief strategic and technical topics to senior management, technical and non-technical audiences
  • Knowledge of current operational challenges and technical threats faced by network security and intelligence organizations
  • Familiarity with project planning and management best practices

Physical Mobility: Primarily sedentary in an office setting with some mobility.  Flexibility to travel monthly to sites in the Washington metropolitan area and international locations.

Environmental Conditions: Normal office conditions; close contact with computer display for extended periods of time

Mental: The ability to:

  • work meticulously with careful attention to detail;
  • meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities;
  • deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort;
  • develop and communicate innovative ideas;
  • take leadership role in technical projects; and
  • quickly learn new procedures, techniques, and approaches.

Other: U.S. Citizenship is required.  Applicants will be subject to a security investigation and must meet eligibility requirements for access to classified information, and must be able to pass a background investigation.

 

Preferred Qualifications and Requirements:

Education/Training: MS/MA in a scientific or technical field with five (5) years of experience; PhD in a scientific or technical field with two (2) years of experience; or equivalent combination of training and experience.

Licenses: CISSP, CEH, CISM, CompTIA, or similar.

Experience:          

  • Participation in broad public forums through activities such as standards, open source development, or publication
  • Experience publishing research and academic papers
  • Experience working with the government, or within a critical infrastructure sector
  • Active in regional or international trade-related organizations such as the Forum of Incident Response and Security Teams (FIRST), North American Network Operators' Group (NANOG), Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), Anti-Phishing Working Group (APWG), etc.
  • Demonstrable experience effectively deliver training to technical and management level audiences on subject matter related to CSIRT development, incident response operations

 

Accountability:  This position is accountable for ensuring that the CSIRT Operations team delivers on the execution of the statement of work for customers sponsoring capability building efforts.  The individual is accountable for aligning CSIRT Operations projects with customer needs and re-prioritizing efforts as appropriate, in close coordination with the Capability Development Team Lead.

Direction: The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work.

Decisions : The individual is expected to participate in the decision-making and problem-solving processes of defining, designing, implementing, and sustaining national-level CSIRT and related operations; suggesting and implementing policies and procedures to support these activities; and creating and sharing information regarding the state of the practice for broad dissemination.

Supervisory Responsibilities:  This position will not formally supervise any personnel.

 

Job Functions or Responsibilities:

70%      Create framework and methodology documents, both general and specific to individual stakeholder groups, intended to facilitate the organizational and technical capacity development of large CSIRTs.

20%      Support planning, development, and execution of customer led and/or supported development activities, planning discussions, and awareness raising exercises. Through partnership, awareness, and action evaluate the need for, develop blueprints for, and assist with the implementation of national-level CSIRT capabilities

10%      Capture knowledge from the engagements undertaken, integrate it with lessons learned from other similar work, and help transfer that knowledge for the betterment of the global CSIRT community.

100% TOTAL EFFORT

 

Organizational Chart:  Program Director, CERT < Technical Director, CERT/CC < CSIRT Operations Technical Manager, CERT/CC < Capability Development Team Lead < Capability Development Analyst

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

05 Sep
2014
Java Developer - 101061
Pittsburgh, PA

Position Summary: The Architecture Practice Initiative group at the Software Engineering Institute, part of Carnegie Mellon University, is searching for a talented Java developer in order to extend their Eclipse-based modeling framework. The Architecture Practice team is a leader in model-based and architecture-centric methods and is an active member of several research and standardization committees. SEI researchers have created and developed languages and methods to improve the development of safety-critical systems. They are now developing user-friendly tools in order to leverage these research efforts and apply them in operational projects. The objective is to develop an architecture-centric development environment that uses SEI research outcomes and improve the development of safety-critical systems. The candidate must be a talented Java programmer, have a good experience of Graphical User Interface development using Java (AWT/SWT), have a reasonable knowledge of the Eclipse platform and be able to work within a small team. The ability to work with prominent researchers at CMU and within the government is critical.


Minimum Qualifications and Requirements:

Education/Training: Bachelor's degree in information systems or computer science, or equivalent combination of traning and experience.

Experience: Up to three (3) years of Java development (professional and/or academic) including graphical user interface development; up to three (3) years of use of Eclipse. Experience working in a team environment.

Skills/Abilities: Java programming. Graphical User Interface design with Java (AWT or SWT framework). Eclipse user. Collaborative development tools (GIT, Subversion). Proven ability to successfully work within a small team. Windows and Linux environment.

Mobility: Normally sedentary position with some mobility; i.e., able to travel to other campus locations.

Environmental Conditions: Usual office setting, close contact with CRT for long periods of time.

Mental: Ability to pay close attention to detail, meet inflexible deadlines, balance multiple tasks, remain calm during difficult situations, work under pressure, and work with frequent interruptions.

Other:  U.S. Citizenship is required and applicants must be able to pass a background investigation.

 

Preferred Qualifications and Requirements:

Education/Training: Additional course work in computer applications.

Experience: Extensive experience in Graphical User Interface development with the SWT framework. Experience of Eclipse plug-in development.

Skills/Abilities: Experience with the AADL modeling language. Knowledge about the Xtext Framework.


Accountability: Completes project tasks from routine to moderately complex; is accountable for meeting established deadlines and project milestones with a commitment to decisions that have been made.

Direction: Expected to perform under general supervision. Most normal duties and responsibilities are handled independently with the use of established research protocol and departmental and university procedures and policies. Difficult or unique situations are referred to the supervisor.

Decisions: Suggests possible solutions to colleagues and users.

Supervisory Responsibilities: This position does not supervise others.

 


Job Functions or Responsibilities:

80% Design and implement new functions for the development environment being developed.

10% Attends meetings and submits work progress reports to supervisor as required.

10% Performs related duties as assigned.

100% TOTAL EFFORT


Organizational Chart: SSD Director > AP Initiative Lead > Research Programmer

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

03 Sep
2014
Information Security Researcher - 101049
Pittsburgh, PA

Position SummaryThe CERT Division is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Division engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.

The individual in this position will work as a member of the Cybersecurity Assurance (CA) Team within the Networked Systems Survivability Program. The CA team develops solutions (in the form of frameworks, models, tools, policies, practices, technical guidance, and training) that allow organizations to assess analyze, and manage organizational, operational, and technical risks to mission-critical assets, processes, systems, and infrastructures. The individual will conduct applied research and perform assessments, diagnostics, and analysis techniques to better understand and mitigate risks to cyber environments and the organizational processes that depend on them. Activities will include close work with customers from a variety of organizations, including DoD, government agencies, and commercial organizations.

 

Minimum Qualifications and Requirements:

Education/Training:  PhD in computer science, software engineering, information systems, or a related scientific/technical field with five (5) years’ experience, or equivalent combination of training and experience.

Licenses:  CISSP, CISM or CISA.

Experience:  Experience with and applied knowledge in:  information technology and telecommunications systems; cyber security, survivability, and resilience concepts and issues; software and systems engineering; work with Federal Government.  Experience as a principal investigator or technical lead for research, development, or transition projects.  Published academic quality research or other broadly disseminated technical artifacts (books, software, etc.)

Skills/Abilities: Must exhibit the following skills and abilities:  understanding of information technology and telecommunications systems; working knowledge of network interoperability, cyber security, and survivability issues, including cyber security best practices and standards; development and delivery of information and infrastructure security risk and vulnerability evaluations; ability to conduct analytical studies and investigations; reasoning and problem-solving skills; ability to work independently with limited supervision; ability to interact effectively with customer and to represent the SEI and its capabilities; ability to work well as a member of a cooperative team; ability to work in a matrix organizational structure; ability to recognize and deal appropriately with confidential and sensitive information; ability to implement project plans, monitor project budgets, and identify and mitigate project risks; leadership and mentoring skills;  excellent written and oral communication skills; ability to contribute to technical research white papers and reports; ability to prepare papers and deliver presentations to technical and non-technical audiences; ability to contribute to customer technical exchanges and marketing presentations; participation in professional society activities, particularly IEEE and ACM; strong interest in cyber security and critical infrastructure protection analysis basis research, applied research, and development.

Physical/Mobility: Primarily sedentary in an office setting with some mobility.  Ability to travel frequently to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings.

Environmental Conditions: Close contact with computer for extended periods of time.

Mental: Strong interest in the human, managerial, and technical aspects of cyber security is critical for this position as are these abilities:  take or share leadership role in technical projects; work meticulously with careful attention to detail; meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to understand the big picture, direction, and goals of an effort; ability to develop and communicate innovative ideas; ability to demonstrate initiative and to quickly learn new procedures, techniques, approaches, etc.

Other: U.S. Citizenship is required.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.

 

Preferred Qualifications and Requirements:

Licenses:  CISSP, CISM, GIAC, CISSP, OSCP or similar.

Experience:  Principal investigator for government funded research.

Skills/Abilities:  Ability to lead work teams as needed, consulting skills, ability to deliver coursework and training, ability to develop and foster external research collaborations.

 

Accountability: The individual will implement and participate in the planning and execution of projects leading to technical results. The individual will also contribute to project, department, or program objectives and planning document development. The individual will keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution.

Direction: The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual must make sound technical decisions with little supervision.  The individual must accurately represent the program in interactions with customers, sponsors, and the public.  The individual is expected to perform analysis on-site at customer locations and immediately assess potential vulnerabilities requiring further investigation.

Supervisory Responsibilities: This position could involve the training and oversight of the work of other staff members, graduate students, resident affiliates, visiting scientists, and independent contractors. Depending on research project or customer work plan, position may involve task leadership.

 

Job Functions or Responsibilities:

30%      Participate in the delivery of existing CERT cyber security, resilience, and risk assessment and analysis approaches with customers and partners; participate in research, analysis, and documentation of cyber security issues, concerns, and risks at customer locations.

25%      Participate in research into innovative and cutting-edge tools, techniques, and methods to improve cyber security and resilience; transition research into applied knowledge for customers.

10%      Contribute to conferences and meetings; participate in business development calls and technical exchanges with clients; give talks and lectures as appropriate; participate on working groups for subjects of interest.

10%      Contribute to, publish technical notes and reports, and review the literature in cyber security, technical assessment, resilience, and software engineering.

10%       Provide assistance and input to other teams and projects within the SEI.

SECONDARY FUNCTIONS

5%       Contribute to conferences and meetings; participate in marketing calls and technical exchanges with clients; give talks and lectures as appropriate; participate on working groups for subjects of interest.

5%       Contribute to and review the literature in cyber security, resilience, and software engineering.

5%       Provide assistance and input to other teams and projects within the SEI.

100% TOTAL EFFORT

 

Organizational ChartDirector, CERT Division < Technical Director, Cyber Security Solutions Directorate < Deputy Director, Cyber Security Solutions Directorate < Technical Manager, Cyber Security Assurance Team < Information Security Researcher

 

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

13 Aug
2014
Software Engineer - Client Technical Solutions Division- 101002
Pittsburgh, PA or Arlington, VA

This position has multiple openings and can be located in Pittsburgh, PA or Arlington, VA.

 

Position Summary:  The Technical Staff Member of the Engineering Technical Staff of the Software Solutions Division will be responsible for leading teams that enable the organizations within the Department of Defense to enhance the predictable performance and mission assurance in the acquisition, evolution and operations of software-reliant systems. Key activities include understanding customer requirements and key challenge problems and addressing them with tailored solutions; applying, adapting, integrating, verifying and transitioning the SEI body of knowledge and other bodies of knowledge to maximize impact; creating, applying and codifying new approaches to support customer needs and advance the software engineering state of the practice; and maintaining situational awareness in technical and DoD domains. The candidate will coordinate closely with technical staff in CTSD, SSD and other SEI programs to deliver software engineering technical expertise to customers throughout the lifecycle. The engineering technical staff member will be able to lead and participate in multi-disciplinary teams in support of the  vision and mission.


Minimum Qualifications and Requirements:
 
Education/Training: BS or equivalent degree in relevant discipline with eight (8) years applicable experience; MS or equivalent degree in relevant discipline with five (5) years applicable experience; PhD or equivalent degree in relevant discipline with two (2) years applicable experience.

Experience: The candidate must have experience in software engineering, development or managemen,t and/or systems engineering. Must be knowledgeable of the software engineering and system engineering disciplines as well as understanding the DoD, Intelligence Community, or Civilian Agency acquisition processes. The candidate should have experience building, leading, managing, and participating on cross-functional, high technology teams.  The candidate should be able to operate effectively with all organizations within the software and acquisition communities and be able to interact diplomatically with partners, customers and sponsors.  Experience in five or more of the following: DoD or Civilian Agency software systems acquisition on major programs (For the purposes of this announcement, our definition of major is at least 100K SLOC of custom developed code, and/or significant integration of COTS/GOTS products); solid technical breadth and understanding of all aspects of the end-to-end software lifecycle (e.g., requirements, design, implementation, testing, etc.); alternative life cycles (e.g. waterfall, agile); major DoD, Intelligence Community, or Civilian Agency software acquisition policies and directives; enterprise architecture; software architecture development and evaluation, software architecture patterns (e.g. SOA) and concepts (e.g. Cloud computing); information Assurance/survivability; systems engineering on software intensive systems; COTS product integration; performance measurement including definition and application of goals, measurements and metric; system of systems engineering; requirements development and management; software integration and test and software/hardware integration; deployment of software intensive systems, especially including transition from legacy systems; cost estimation.

Skills/Abilities: Detailed knowledge of software engineering; detailed knowledge of at least one core competency: requirements, architecture and design, program and acquisition management, performance improvement, assurance, or security and depth in at least one SEI body of work.  Strong written and verbal communications skills and the ability to present to high visibility stakeholders internal and external to the organization.  Proven program and project management skills including: interfacing with clients, developing proposals, and establishing relationships with new DoD and/or government clients and programmatic and project management skills (e.g., ability to develop project plans, track deliverables, manage risks, perform staff planning, provide budget oversight).  Ability to lead and participate in multidisciplinary teams.

Mobility: Will be required to travel on overnight assignments.

Environmental Conditions: Usual office setting with extended use of CRT.

Other:  U.S. Citizenship is required.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.


Preferred Qualifications and Requirements: 

Education/Training: Master's degree in Computer Science, Information Systems, systems engineering, software engineering, or acquisition management.

Licenses: Certified DoD Acquisition Professional. Certified PMP.


Accountability:  The member will be directly accountable for understanding DoD acquisition needs, applying new technologies, and establishing delivery capabilities to meet the needs of the sponsoring organization and the acquisition community.

Direction:  As a technical staff member, he/she will be expected to operate with minimum supervision using CMU and SEI defined practice, policies and procedures, in concert with the SEI mission.

Decisions:  Will be required to work with government program offices to identify strengths and weaknesses within the acquisition program and their contractor base and build solutions to address the weaknesses and recognize and encourage the strengths.

Supervisory Responsibilities:  Must be able to lead and supervise others.


JOB FUNCTIONS OR RESPONSIBILITIES:

85%  Participate as a leader or member of technical teams in support of government acquisition program offices or participate as a member of a technical team performing research. Identify and support the implementation strategies for the capture and application of learning and knowledge transfer from assignments (e.g. dissemination of research results, case studies, guides, reports, presentations, articles, workshops, courses, and blog entries).

10%  Other duties as assigned by the Client Technical Solutions Directorate Executive Director, Deputy Director, Associate Director or Chief Engineer.

5%  Serve in an advisory capacity to other SEI technical programs on acquisition or technical issues.


100% TOTAL EFFORT

 


Organiztional ChartSEI Director’s Office < Director, Software Solutions Division < Technical Director, Client Technical Solutions Directorate < Sector Lead, CTSD Sector Team

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

 

30 Jul
2014
Senior Cyber Security Engineer - 100973
Pittsburgh, PA

Position Summary:  The CMU/SEI Cyber Security Solutions (CS2) directorate is a leading edge analytical resource focusing on critical U.S. Government (USG) needs.  For the past 8 years, the CS2 Forensic Operations and Investigations group has provided analytical and operational support to high-profile investigations including numerous activities of national or international significance. Through this work the CS2/FOI can see the current limitations of digital analysis and incident response in the field first hand. Combining applied research with the unique talents, operational experience, research capabilities, and the vast knowledge base of Carnegie Mellon University, DIID is unmatched in its ability to develop new tools and methods to address cyber security limitations and critical gap areas.

The individual in this position will work as a member of the CERT Program’s Cyber Security Solutions (CS2) directorate as a member of the Forensic Operations and Investigations (FOI) group. The candidate will be expected to perform a variety of roles. Primary to this position is the management of an existing portfolio of operational clientele as well as the expansion of the FOI portfolio of work within the Defense and Intelligence communities. To achieve this, the candidate will be expected to understand the unique needs of these communities in order to develop a strategic program of research, development and analysis to support current and future gaps in key areas of need. This position will be directly responsible for developing new and maintaining existing customer relationships through ongoing interaction with customers.

Minimum Qualifications and Requirements:

Education/Training:  Bachelors of Science in Computer Science, Intelligence or Intelligence Analysis, Network Security, or related field with more than ten (10) years’ experience, Masters of Science in same fields with more than eight (8) years’ experience, Doctorate in same fields with more than five (5) years’ experience or equivalent.

Experience:  Professional experience listed above to include the following areas: Cyber and Intelligence analysis, preferably within company security teams, network operations centers, counter terrorism centers, or within the government in counter cyber threat environments; intelligence community knowledge and experience; awareness of sourcing, intelligence analysis methodologies, intelligence needs, cyber capabilities, and intelligence tools; leader of teams of analysts, operators, and technologist, preferably in the areas of security or intelligence; experience with and oversight of intelligence analysis and reporting operations; experience using and awareness of data analytics.

Skills/Abilities: Knowledge of and experience in: Familiarity with mission needs and challenges in “cyber”; awareness of intelligence capabilities in support of US Government (Department of Defense and the Intelligence Community) cyber missions, including gaps and capability needs; experience and knowledge of cyber threats and cyber threat analytics; intimate knowledge of key government stakeholders in cyber and knowledge of relevant industry organizations and activities related to cyber; information assurance/survivability; data analytics; effective leadership skills to create informal but effective teams in partnerships across the U.S.; team leadership; leadership of skill-diverse, multidisciplinary teams; strong written and verbal communications skills and the ability to present to small and large audiences; intelligence community and service cyber commands domain knowledge a plus.

Physical Mobility: Primarily sedentary in an office setting with some mobility. Flexible to travel to various locations within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Travel outside of Pittsburgh limited to one-two weeks a month.

Environmental Conditions: Normal office conditions; close contact with computer screen for extended periods of time.

Mental: The ability to The ability to: Oversee and direct the design and development of detailed analysis methodologies and processes based on requirements elicitation from internal and external stakeholders; lead the interaction and clearly communicate with cyber intelligence and security staff across government and industry, software developers, IT infrastructure owners and architects, analyst, and non-technical experts; work meticulously with attention to detail; lead multiple projects and project teams at once; delegation; lead and manage under uncertainty; gradual structure projects and programs based on dynamic requirements and incremental input and evaluation; flexibility; drive teams to effectively meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; deal collaboratively, diplomatically, and successfully with customers, co-workers, and other professional colleagues, managers, and staff; grasp and shape the big picture, direction, and goals of an effort while focusing on the meaning of details and how they are to be achieved; interface with world-class researchers across government, industry, and academia; develop and communicate innovative ideas; quickly learn and develop new procedures, techniques, and approaches.

Other:  U.S. Citizenship is required.  Applicants will be subject to a security investigation and must meet eligibility requirements for access to classified information, and must be able to pass a background investigation.

 

Accountability:  This position will be responsible for leading technical teams, developing approaches and solutions to digital intelligence problems for and with government, industry, and academic partners.

Direction: This position is expected to act with limited supervision in accordance with SEI procedures and policies, such as those involving technical leadership, analysis, report production, and confidentiality. This position requires close collaboration and teaming with the CS2/FOI Technical Management teams and program staff.

Decisions:  This position will be in a decision-making capacity for technical aspects of FOI projects and programs. Close coordination with the FOI technical manager will be required.

Supervisory Responsibilities:  This position will likely hold supervisory responsibilities for small (2) to medium (10) sized teams.

 

Job Functions or Responsibilities:

55%     Serve as a technical leader for CS2/FOI projects and programs, including the development of capabilities. Lead technology demonstration and intelligence activities across the Forensic Operations and Investigations (FOI) portfolio. Oversee and direct the aggregation and analysis of industry and contextual data to understand, capture, and report on events related to global, national, and local threat intelligence and network intelligence. Collaborate with, direct, and mentor other SEI staff, including analysts, technologist, researchers, and others.

25%     Explore, design, identify, document, guide the development of, and evaluate solutions to critical government and industry cyber intelligence issues.  Interface and collaborate with government and industry experts, the research community, and academics to identify needs, capabilities, objectives, and possible solutions to key digital intelligence challenges.

15%     Work with and advise the CS2/FOI management, and other senior leaders at the SEI on strategy, business development, direction, planning, and execution.

SECONDARY FUNCTIONS

5%    Participate in the broader SEI software research community through collaboration, papers, and presentations.

100% TOTAL EFFORT

 

Organizational Chart:  CERT Director > CS2 Technical Director > CS2 Deputy Director > Forensic Operations and Intelligence Technical Manager > Senior Engineer – Defense and Intelligence

12 May
2014
Software Developer - 100765
Pittsburgh, PA

The SEI Emerging Technology Center helps the government stay on the edge of technology. The world is innovating software and information technologies rapidly, and the Center identifies, demonstrates, and applies emerging software technologies to meet critical mission needs. We focus on promoting government awareness and knowledge of emerging technologies and their application, and shaping and leveraging academic and industrial research.

Position Summary: The SEI Emerging Technology Center is focused on matching state-of-the-art software research with critical U.S. Government (USG) needs. This position will support the Center’s mission by developing, applying, demonstrating, evaluating, and transitioning software capabilities that operationalize research concepts of significant value to the USG. Software developers in the Center work on leading edge technologies and apply them to important and challenging problems. It is a dynamic and flexible development environment with constant opportunities to develop new skills, to learn new programming methods and techniques, to work on emerging architectures and systems, and to make a difference.
Duties include: Develop and code software solutions that provide needed capabilities to the USG building on state-of-the-art research in analytics, data architectures, software assurance, security, and human information interaction; conduct rapid software prototyping to demonstrate and evaluate technologies in relevant environments; conduct performance, security, and other aspects of evaluating software systems; test software capabilities using novel testing and analysis techniques; document software with an emphasis on architectures, user stories, and interface definitions; practice agile software development methods and actively participate on teams of software developers, researchers, designers, and technical leads; support software development infrastructure and assist in building and configuring computing systems and resources; interface with the research community and the USG to understand challenges, needs, and possible solutions; contribute to improving the overall technical capabilities of the Center by mentoring and teaching others, participating in design (software and otherwise) sessions, and sharing insights and wisdom across the SEI Emerging Technology Center team.


Minimum Qualifications and Requirements:

Education/Training: Bachelors of Science in Computer Science, Information Systems, or related field with eight (8) years’ experience in hands on software development, or equivalent; Masters of Science in Computer Science, Information Systems, or related field with five (5) years’ experience in hands on software development, or equivalent; Ph.D. with two (2) years’ experience is a plus.

Experience: Professional experience listed above to include the following areas: five (5) years of production or intensive research software development experience in modern languages such as C/C++ or Java; knowledge of other commonly used language such as Perl, Python, Ruby, JavaScript, etc.; working knowledge of some modern computing paradigms and environments such as NoSQL systems (Hadoop, CouchDB, MapReduce), cloud computing and virtualization, parallel programming, HPC development, network programming, mobile development, and interface development; familiarity with end-to-end software development activities in Linux/Windows/Unix/Web environments; familiarity with software development tools including IDEs (Eclipse, IntelliJ, emacs etc.), version control systems (git, svn, p4, etc.) and bug tracking systems (e.g., bugzilla); working knowledge and experience in participating in agile software development practices and team design sessions; demonstrated problem solving ability with the ability to explore and evaluate many possible solutions to problems; proven contribution to open source development projects is a plus.

Skills/Abilities: Knowledge of: software development in Python, C/C++, Java, and other modern languages; modern computing, data, and storage solutions including advanced web development (HTML5, Adobe Flex, PHP), data processing architectures (MapReduce, Hadoop, BigTable) including cloud computing and virtualization concepts; algorithm design and analysis including analysis of algorithm complexity; familiarity with of core Internet protocols (e.g., TCP/IP, BGP, UDP, ICMP, DNS, SMTP, HTTP, etc); software / systems development lifecycle, QA testing, revision control, and change management practices.

Physical Mobility: Primarily sedentary in an office setting with some mobility. Flexible to travel to various locations within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Travel outside of Pittsburgh limited to no more than 5 working days a month.

Environmental Conditions: Normal office conditions; close contact with computer screen for extended periods of time.

Mental: The ability to: explore and solve complex, ill-defined problems; work meticulously with attention to detail; meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; self-starter willing to take on tasks and initiate constructive activity with little guidance; deal collaboratively, diplomatically, and successfully with customers, co-workers, and other professional colleagues, managers, and staff; grasp the big picture, direction, and goals of an effort; interface with world-class research community; develop and communicate innovative ideas; quickly learn new procedures, techniques, and approaches.

Other: U.S. Citizenship is required.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.


Accountability: This position will be responsible for exploring, defining, developing, demonstrating, and, in some cases, transitioning software capabilities. This includes working with a team of developers, researchers, designers, and other technical personnel to create solutions.

Direction: This position is expected to act with minimal supervision in accordance with SEI procedures and policies, such as those involving product development, team interaction, and confidentiality.

Decisions: This position will explore, develop, and demonstrate software capabilities and make implementation choices for a wide-range of software-intensive problems.

Supervisory Responsibilities: This position does not supervise others, but may provide technical leadership to projects and act in the capacity of a mentor to solutions architects, software developers, and designers.


JOB FUNCTIONS OR RESPONSIBILITIES:

60%   Design, develop, test, document, and demonstrate software.

15%   Interface with the research community to understand the state of research ideas and the practicality of applying those ideas to real USG problems and challenges. Interface with USG customers to understand their needs and capabilities and identify possible solutions.

15%   Actively participate in agile team software development activities and team brainstorming, innovations, and design sessions.

10%   Participate in the broader SEI software research community through collaboration, papers, and presentations.

100% TOTAL EFFORT


ORGANIZATIONAL CHART:  SEI Emerging Technology Center Director < SEI Emerging Technology Center Technical Director < Software Developer

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

 

Accessibility Needs for Applicants, Students and Visitors

Carnegie Mellon University makes every effort to provide physical and programmatic access individuals with disabilities. If you require an accommodation to participate in any part of the employment process, please contact Disability Resources by emailing access@andrew.cmu.edu or calling 412-268-3930.

Carnegie Mellon University considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.