Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Job Openings

The position you are looking for is not available. Please take a look at our current open positions listed below.

Select Job Location

Sort by Date Posted Title Location

16 Aug
2017
Cyber Security Engineer - 2006484
Pittsburgh, PA

What We Do: The CMU/SEI Forensic Operations and Investigations team is a cutting edge analytical resource focusing on critical U.S. Government (USG) needs. For the past 10 years, we have provided analytical and operational support on high-profile investigations, including numerous activities both nationally and internationally . Through this work the FOI can see the current limitations of digital analysis and incident response in the field first hand. We combine our applied research with the unique talents, operational experience, research capabilities, and vast knowledge base to develop new tools and methods to address cyber security limitations and critical gap areas.

Are you creative, curious, energetic, collaborative, technology-focused, and hard-working?

Position Summary:

In this role you will serve in a multi-disciplinary role providing ongoing support to federal law enforcement, defense agencies, and the national intelligence community. You will provide support to on-going operations in the areas of incident response and investigation, full-spectrum digital analysis and applied research in emerging areas of cybercrime. You will build interdisciplinary approaches to problem solving, and demonstrate strong presentation and instructional skills.

Requirements:

  • BS Computer Science, Information Security or other related discipline and a minimum of eight (8) years of related experience
  • MS in the same fields with four or more (4+) year’s relevant experience in analysis of digital artifacts or incident response
  • Willingness to travel to various locations to support the SEI’s overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Moderate travel (25%)
  • You will be subject to a background investigation and need to be eligible to obtain and maintain a Department of Defense security clearance

Duties Include:

  • Ability to pay close attention to detail, meet deadlines, work under stress, and communicate effectively
  • Design, develop, pilot and deliver products. Required to accurately represent FOI and its technical work in interactions with customers, sponsors, and the public
  • Act independently using CMU and SEI defined policies, practices, and procedures
  • Interact with clients and staff of all levels in a highly professional and competent manner

Knowledge, Skills, and Abilities:

  • Penetration Testing
  • Server/network design and implementation
  • Knowledge of common vulnerabilities, exploits and mitigations
  • Digital artifact analysis (host, network, mobile devices and IoT)
  • Incident Response
  • Ability to research and characterize security threats including defining appropriate countermeasures
  • Hardware or software reverse engineering for either vulnerability discovery/assessment or malware analysis
  • Virtual infrastructure and hypervisors
  • Experience with common security controls including firewalls, proxies, IDS/IPS, Web Application Firewalls
  • Technical knowledge of fundamental Internet protocols, services, and technologies to include HTTP(S), TLS, DNS, SMTP, TCP/IP, ICMP, JSON, REST
  • 2+ years with some of the following scripting languages: SQL, Python, JavaScript, Perl, PHP and/or shell scripting

Job Functions Breakdown:

65% Operational support for SEI customers.

10% Perform applied research in emerging areas of digital forensics.

15% Deliver technical and management training to customers.

5% Mentor, guide and interact with team and other staff.

5% Contribute to the research and technical agendas of the FOI.

100% Total Effort

Benefits:

Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/ . You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

#seijob

09 Aug
2017
Associate Systems Security Engineer - 2004653
Arlington, VA

What We Do: The CERT Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. CERT engages in state of the art research and development in computer security to raise the bar across the Nation and globally.

Position Summary: As part of the Security Automation Team, you will contribute to the successful operation of a test and integration lab used for prototyping and evaluating various technologies and security defense methods. We are looking for a security professional who will analyze data sets to identify potential incidents, profile network traffic, and assess the latest tools/methods as well as support the daily operations of the environment. The goal of the lab is to promote collaboration and sharing of information across the program groups within SEI and the various customer support teams.

Requirements:

•BS with three (3) years or MS with one (1) year of applicable experience. Your concentration of study should be in computer science, software engineering, computer engineering, or a related quantitative field of study.

•Willingness to travel to visit other offices and attend conferences and training. Moderate travel (15%).

•You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance.

Knowledge, Skills and Abilities:

Are you the type of person who likes to take the initiative to get things done and solve complex problems? Are you looking for a job that allows you to make a difference? Apply your skills and dedication to protecting our Nation from cyber security threats and join our team to solve these complex problems.

•You are comfortable investigating new software from vendors or open source projects including its installation and assessment of basic capabilities.

•You are passionate about sharing new information and brainstorming ideas with other team members.

•You have the ability to work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff;

•You have the ability to grasp the big picture, direction, and goals of an effort; ability to quickly learn new procedures, techniques, approaches, etc.

Desired Experience:

•You have worked in a "security operations" environment gaining an understanding of how to analyze logs and traffic to evaluate potential security events

•You will be accountable for monitoring and administration of systems requiring integration and automation using scripts (Python, Ruby, Perl) and packages like Puppet and Ansible.

•You will interact with our customers and provide demonstrations that highlight the use of various technology solutions to meet program requirements.

Job Functions or Responsibilities:

40% Monitor and analyze available data to assess the state of operations and develop new techniques.

30% Manage hardware and software to include all appropriate system administration tasks and processes; provision for new requirements and growth.

25% Evaluate new solutions on behalf of internal and external users.

5% Contribute to the broader security community.

100% total effort

Benefits:

Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/. You can join an institution that inspires innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

#seijob

25 Jul
2017
Senior Information Security Architect - 2005028
Pittsburgh, PA or Arlington, VA

Position Summary: The CERT program is seeking a candidate to fill the role of a Senior Information Assurance Architect for the Threat Analysis directorate. The CERT program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University. The Threat Analysis directorate is an applied research and development group that develops cutting edge approaches for analyzing executable code. Members of the group apply this work to understanding systemic vulnerabilities in software systems, and how attackers adapt their tradecraft to exploit those vulnerabilities. This work is transitioned directly to research, acquisition and operational groups within the US government, and through academic publication and open source release of software. The group includes code analysis researchers, malware reverse engineers, vulnerability analysts, statisticians, and engineers located in both the Pittsburgh, PA and Arlington, VA offices. The Senior Information Security Architect is responsible for engaging with government partners to understand their operational requirements, and to support the transition and integration of SEI-developed technologies into government systems.

 

Minimum Qualifications and Requirements:

Education/Training:  BS in computer science, software engineering, information systems, or a related technical field with ten (10) years of experience; MS in computer science or technical/engineering field with eight (8) years of experience or equivalent combination of training and experience. PhD in computer science or technical/engineering field with five (5) years of experience or equivalent combination of training and experience Other educational backgrounds of a technical nature with experience as described may be considered.

Experience: 5+ years of experience in technical decision-making, acquisition and management of large-scale enterprise deployments of network security technologies, including experience in a technical leadership role; 5+ years of hands-on technical experience as a systems architect, software developer, systems administrator, operational security analyst, systems integrator or related technical role; 5+ years of work experience in one or more of the following operational areas: incident handling, analysis of cyber threat data, reverse engineering, network traffic analysis, forensics, vulnerability assessment, network auditing, network design, network security engineering; Track record of building and maintaining relationships in a government research setting.

Skills/Abilities: Understanding of Internet fundamentals including protocol, provider operations and governance; Ability to apply knowledge of networks, security technology, systems architecture and security best practice to practical problems in enterprise security; Ability to advise on a broad range of security topics based on self-directed research and the application of the expertise of others; Ability to work independently with limited supervision, lead project teams and mentor peers; Ability to objectively compare, and evaluate alternative technical solutions, and communicate results; Facility communicating complex system designs, technical approaches and road maps to sponsors, project managers and technical staff; Ability to distill the implications of complex research results, and apply those results to government operations; Knowledge of USG networks, security operations, and policy and governance.

Mobility: Primarily sedentary in an office setting with some mobility.  Requires travel to various domestic locations within the SEI and CMU community to include the SEI Pittsburgh office; sponsor sites; conferences; and offsite meetings with routine frequency (2-3 trips a month).

Environmental Conditions:  Normal office conditions; close contact with computer display for extended periods of time

Mental:  Work meticulously with careful attention to detail; Meet deadlines while working on multiple tasks; Work under pressure and adapt to shifting priorities; Relate collaboratively and diplomatically with people inside and outside the organization (government partners, co-workers, managers, collaborators and senior leadership); Grasp the big picture, direction, and goals of an effort; Develop and communicate innovative ideas; Organize and plan complex projects; Think creatively to solve problems; Recognize and properly handle confidential and sensitive information; Communicate complex ideas verbally and in writing.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Experience: Track record of building and maintaining relationships in multiple vertical industries in addition to government (e.g., finance, education or healthcare); Experience applying modern data-driven research methods to business strategy, risk analysis and information security decision making; Experience collaborating on industry and academic community projects; Experience applying architecture frameworks (e.g., TOGAF, Zachman, DODAF, FEAF) with special attention to designing for security and resiliency; Experience applying strategic planning methodologies to the information security sector; Experience applying threat analysis approaches to system design; Research and development experience in code analysis, reverse engineering, vulnerability discovery, network traffic analysis, or endpoint security monitoring.

Skills/Abilities: Ability to develop software in Python and other modern programming languages; Background in mathematical programming, statistical modeling or machine learning; Working knowledge of code analysis tools (e.g., IDA Pro, OllyDbg, WinDBG) and run-time environments, penetration testing tools, testing and fuzzing tools and other code analysis tools; Experience with the configuration and operation of anti-virus systems, intrusion detection systems, endpoint security tools, and other security controls.

 

Accountability: This position is accountable for ensuring that the Threat Analysis technical area delivers on the execution of the statement of work for a specific set of government partners.

Direction: The individual in this position is expected to act independently in accord with CMU, SEI, and NSS, defined policies, practices, and procedures.  Additionally, this position will assist in setting Threat Analysis direction based on an understanding of the needs of government partners.

Decisions: The individual in this position is expected to participate in the decision-making and problem solving process of designing, building and operating systems for network security; suggesting and implementing policies and procedures to support these activities; and creating prototyping implementations of tools and approaches for threat analysis.

Supervisory Responsibilities: This position has no supervisory responsibilities.

 

Job Functions or Responsibilities:

40%     Act as a lead for one or more engagements. This includes advising government partners on technical issues, understanding their requirements, promoting the directorate’s work, and supporting colleagues in the development and transition of new analysis methods and tools into their operations.

40%     Work with colleagues on research studies and prototypes, and help assemble reports and briefings on various security topics related to our threat research. Topics may include a particular threat, an analysis of a security trend, or the effectiveness of a particular security technology, approach or policy to address a threat.

15%     Contribute to conferences and meetings; participate in marketing/engagement calls and technical exchanges with clients; analyst technical exchanges, training sessions and public speaking engagements; participate on working groups for subjects of interest relative to cyber threat and analysis      

5%       Engage in professional development activities to maintain and grow expertise.

100% TOTAL EFFORT

 

Organizational Chart: Program Director, CERT < Technical Director, Threat Analysis < Vulnerability Analysis Technical Manager < Senior Information Assurance Architect.

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran                                                                                               

11 Jul
2017
Accredited Systems Administrator - DC - 2006119
Arlington, VA

What We Do: The Software Engineering Institute (SEI) helps advance software engineering principles and practices and serves as a national resource in software engineering, cyber security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia. Our core purpose is to help organizations to continually improve the quality and security of software-intensive systems.

Position Summary: The Accredited Systems Administrator (ASA) is a hands-on information system administration and security at the SEI. Are you a cleared IT professional with great Windows systems administration experience? Are you interested in DoD Informational Assurance (IA) and industrial security roles? If so, then this ASA role in Arlington, VA may be the opportunity for you. As an SEI ASA, you would join our dedicated Information Assurance team within the Office of the CIO (OCIO IA). Join us to help create, improve, and operate secure services for classified work at the SEI.

Minimum Qualifications and Requirements:

Education/Training: Bachelor’s degree in Computer Science, Information Technology, or related field, or equivalent combination of training and experience. Current Microsoft server certifications such as MCSA Windows Server 2008, etc.

Licenses: One or more of: CAP, CASP CE, Security+CE, SSCP, GSEC

Experience: Three or more (3+) years of system and network administration experience using modern system administration tools in a Microsoft Windows infrastructure. At least two years under government cognizance (e.g., DISA, DSS) confirming audit records and STIG compliance for accredited Windows systems.

Skills/Abilities: Proficiency in Windows administration commands/utilities and processes such as those used to manage software, Group Policy Objects, and other aspects of Active Directory. Experience applying analytical skills to solve server and network problems based on examination of events/alerts and system logs.

Mobility: Infrequent business travel required (e.g., training, other SEI locations, etc.) Computer hardware installation and configuration required at times involving objects typically <= 30 pounds (heavier objects with assistance).

Environmental Conditions: Normal office conditions, close contact with computer displays for prolonged periods of time.

Mental: Skill at communicating with parties with diverse perspectives (e.g., IT administrators, IA professionals, researchers, etc.) to review options and resolve issues, sometimes under pressure. Temperament and maturity to self-motivate and prioritize tasks with input from a remotely located manager is critical to success in this role.

Other: You will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance. You need to meet and maintain DoD 8570-M readiness requirements within six (6) months of employment at SEI’s expense. Additional work hours may be necessary at times (e.g., you may need to stay at or report to work during incidents and/or emergencies).

Preferred Qualifications and Requirements:

Licenses: Active CISSP (or Associate), GSLC, CISM, GSEC

Experience: Prior experience as an associate ISSO / ISSM (IAO/IAM) in a small-scale classified enclave. Prior use of the HBSS and ACAS tool chains, Security Content Automation Protocol (SCAP) validation tools, and awareness of NISPOM IS-relevant rules are valuable skills.

Other: Active Department of Defense security clearance.

Accountability:

  • Ensures server(s) and client stations are operating efficiently and resolves issues impacting their use.
  • Recommends and performs modifications to improve server/service performance and reliability.
  • Shares information with other IA team members to increase situational awareness of operational status.
  • Executes proper handling (e.g., safe storage, proper marking, approved destruction) of equipment, documents and media used in the operation and maintenance of accredited systems.
  • Contributes information relating to new equipment and facility needs each budget planning session to improve and create services.
  • Implements information system safeguards and local operating procedures to satisfy certification requirements and works with the ISSM and ISSO in Pittsburgh to align SEI practices to Arlington operations.

Direction:

  • Works under limited supervision from a remote manager as a member of the IA team. Most work is performed independently, or with others in the IA, IT, and Security teams.
  • Maintains and securely operates services based on guidance from the ISSM, FSO, and senior management.

Decisions:

  • Identifies user and systems issues and resolves most issues independently.
  • Information security issues and complex operational problems are handled collaboratively with IA teammates and folks in the IT or Security staff.

Supervisory Responsibilities:

  • No formal staff supervisory responsibilities, but may task other personnel in order to address infractions or post-inspection issues.
  • Conducts training for new users of the systems in scope.

Job Functions or Responsibilities:

  • 25% - Install, configure, and maintain accredited servers, workstations and network devices in accordance with most current STIG or other relevant documents. Work with users to solve problems related to the systems.
  • 15% - Review server logs directly or with analysis tools to discern operational anomalies, including operational threats (e.g., resource contention/exhaustion) and security concerns; addresses and/or discusses these with IA colleagues or IT as appropriate.
  • 10% - Report on the operational status of accredited information systems based on reviews and scans to accrediting agencies, possibly through established channels such as ACAS, HBSS, etc. We review extraordinary findings within the entire IA team.
  • 10% - Perform C&A duties including the submission of accreditation documents prepared by or in collaboration with the SEI ISSM. Coordinate IS-related self-inspection activities and SVA / CCRI preparations for accredited systems in Arlington and are the on-site IA contact for the local DSS IS representative in Arlington.
  • 10% - Help SEI staff members be more effective in their mission by facilitating access to accredited resources. This involves performing classified IS user indoctrination briefings and IT accounts / credentials creation for classified systems, including required recordkeeping (account lifecycle, DoD IAA training status, policy acknowledgements, etc.).
  • 10% - Support the FSO to prepare for traditional security inspection activities, self-inspections, etc. Function as the secondary COMSEC custodian for the SEI Arlington office responsible for device inventory, key management and loading, etc. Provide backup FSO/CSSO coverage as directed.
  • 15% - Cover enterprise IT duties in a supplemental capacity as directed.
  • 5% - Participate in training and professional development opportunities to keep current with evolving and new technologies and regulations.

100% Total Effort

Organizational Chart: CIO < Deputy CIO < ASA

Benefits: Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/. You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

#seijob

05 Jul
2017
Cyber Security Analyst - 2006085
Pittsburgh, PA

What We Do: The CMU/SEI Forensic Operations and Investigations team is a cutting edge analytical resource focusing on critical U.S. Government (USG) needs. For the past 10 years, we have provided analytical and operational support on high-profile investigations including numerous activities both nationally and internationally. Through this work the FOI can see the current limitations of digital analysis and incident response in the field first hand. We combine our applied research with the unique talents, operational experience, research capabilities, and vast knowledge base to develop new tools and methods to address cyber security limitations and critical gap areas.

Are you creative, curious, energetic, collaborative, technology-focused, and hard-working?

Position Summary: In this role you will serve in a multi-disciplinary position providing ongoing support to federal law enforcement, defense agencies, and the national intelligence community. You will provide support to on-going operations in the areas of incident response and investigation, full-spectrum digital analysis and applied research in emerging areas of cybercrime. You will build interdisciplinary approaches to problem solving, and demonstrate strong presentation and instructional skills. You will also interact with clients and staff of all levels in a highly professional and competent manner.

Requirements:

  • BS Computer Science, Information Security or other related discipline and a minimum of three (3) years of related experience
  • MS in the same fields with one or more (1+) year’s relevant experience in analysis of digital artifacts or incident response
  • Willingness to travel to various locations to support the SEI's overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Moderate travel (25%)
  • You will be subject to a background investigation and need to be eligible to obtain and maintain a Department of Defense security clearance

Duties Include

  • Ability to pay close attention to detail, meet deadlines, work under stress, and communicate effectively.
  • Design, develop, pilot and deliver products. Required to accurately represent FOI and its technical work in interactions with customers, sponsors, and the public.
  • Research and characterize security threats including defining appropriate countermeasures.
  • Interact with clients and staff of all levels in a highly professional and competent manner.
  • Act independently using CMU and SEI defined policies, practices, and procedures.

Knowledge, Skills, and Abilities:

  • Penetration Testing
  • Server/network design and implementation
  • Knowledge of common vulnerabilities, exploits and mitigations
  • Digital artifact analysis (host, network, mobile devices and IoT)
  • Incident Response
  • Ability to research and characterize security threats including defining appropriate countermeasures
  • Hardware or software reverse engineering for either vulnerability discovery/assessment or malware analysis
  • Virtual infrastructure and hypervisors
  • Experience with common security controls including firewalls, proxies, IDS/IPS, Web Application Firewalls
  • Technical knowledge of fundamental Internet protocols, services, and technologies to include HTTP(S), TLS, DNS, SMTP, TCP/IP, ICMP, JSON, REST
  • 1+ years with some of the following scripting languages: SQL, Python, JavaScript, Perl, PHP and/or shell scripting

Job Function Breakdown:

70% Operational support for SEI customers.

10% Perform applied research in emerging areas of digital forensics.

15% Deliver technical and management training to customers.

5% Contribute to the research and technical agendas of the FOI.

100% Total Effort

Benefits:

Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/ . You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

#seijob

05 Jul
2017
Junior Cyber Security Analyst - 2006086
Pittsburgh, PA

What We Do:

The CMU/SEI Forensic Operations and Investigations team is a cutting edge analytical resource focusing on critical U.S. Government (USG) needs. For the past 10 years, we have provided analytical and operational support on high-profile investigations, including numerous activities both nationally and internationally . Through this work the FOI can see the current limitations of digital analysis and incident response in the field first hand. We combine our applied research with the unique talents, operational experience, research capabilities, and vast knowledge base to t develop new tools and methods to address cyber security limitations and critical gap areas.

Are you creative, curious, energetic, collaborative, technology-focused, and hard-working?

Position Summary:

In this role you will serve in a multi-disciplinary role providing ongoing support to federal law enforcement, defense agencies, and the national intelligence community. You will provide support to on-going operations in the areas of incident response and investigation, full-spectrum digital analysis and applied research in emerging areas of cybercrime. You will build interdisciplinary approaches to problem solving, and demonstrate strong presentation and instructional skills.

Requirements:

  • BS Computer Science, Information Security or other related discipline and a minimum of one (1) year of related experience
  • Willingness to travel to various locations to support the SEI’s overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Moderate travel (25%)
  • You will be subject to a background investigation and need to be eligible to obtain and maintain a Department of Defense security clearance

Duties Include:

  • Ability to pay close attention to detail, meet deadlines, work under stress, and communicate effectively.
  • Design, develop, pilot and deliver products. Required to accurately represent FOI and its technical work in interactions with customers, sponsors, and the public.
  • Research and characterize security threats including defining appropriate countermeasures.
  • Interact with clients and staff of all levels in a highly professional and competent manner.

Knowledge,Skills, and Abilities:

  • Penetration Testing
  • Server/network design and implementation
  • Knowledge of common vulnerabilities, exploits and mitigations
  • Digital artifact analysis (host, network, mobile devices and IoT)
  • Incident Response
  • Hardware or software reverse engineering for either vulnerability discovery/assessment or malware analysis
  • Virtual infrastructure and hypervisors
  • Experience with common security controls including firewalls, proxies, IDS/IPS, Web Application Firewalls
  • Technical knowledge of fundamental Internet protocols, services, and technologies to include HTTP(S), TLS, DNS, SMTP, TCP/IP, ICMP, JSON, REST
  • 1+ years with some of the following scripting languages: SQL, Python, JavaScript, Perl, PHP and/or shell scripting

Job Function Breakdown:

70% Operational support for SEI customers.

10% Perform applied research in emerging areas of digital forensics.

15% Deliver technical and management training to customers

5% Contribute to the research and technical agendas of the FOI

100% Total Effort

Benefits:

Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/ . You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

#seijob

05 Jul
2017
Senior Cyber Security Engineer - 2006080
Pittsburgh, PA

What We Do: The CMU/SEI Forensic Operations and Investigations team is a cutting edge analytical resource focusing on critical U.S. Government (USG) needs. For the past 10 years, we have provided analytical and operational support on high-profile investigations, including numerous activities both nationally and internationally. Through this work the FOI can see the current limitations of digital analysis and incident response in the field first hand. We combine our applied research with the unique talents, operational experience, research capabilities, and vast knowledge base to develop new tools and methods to address cyber security limitations and critical gap areas.

Are you creative, curious, energetic, collaborative, technology-focused, and hard-working?

Position Summary: In this role you will serve in a multi-disciplinary role providing ongoing support to federal law enforcement, defense agencies, and the national intelligence community. You will provide support to on-going operations in the areas of incident response and investigation, full-spectrum digital analysis and applied research in emerging areas of cybercrime. You will build interdisciplinary approaches to problem solving, and demonstrate strong presentation and instructional skills.

Requirements:

  • BS Computer Science, Information Security or other related discipline and a minimum of ten (10) years of related experience
  • MS in the same fields with eight or more (8+) year’s relevant experience in analysis of digital artifacts or incident response
  • Willingness to travel to various locations to support the SEI’s overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Moderate travel (25%)
  • You will be subject to a background investigation and need to be eligible to obtain and maintain a Department of Defense security clearance

Duties Include

  • Ability to pay close attention to detail, meet deadlines, work under stress, and communicate effectively.
  • Act independently using CMU and SEI defined policies, practices, and procedures.
  • Design, develop, pilot and deliver products. Required to accurately represent FOI and its technical work in interactions with customers, sponsors, and the public.
  • Interact with clients and staff of all levels in a highly professional and competent manner.

Knowledge, Skills, and Abilities:

  • Penetration Testing
  • Server/network design and implementation
  • Knowledge of common vulnerabilities, exploits and mitigations
  • Digital artifact analysis (host, network, mobile devices and IoT)
  • Incident Response
  • Ability to research and characterize security threats including defining appropriate countermeasures
  • Hardware or software reverse engineering for either vulnerability discovery/assessment or malware analysis
  • Virtual infrastructure and hypervisors
  • Experience with common security controls including firewalls, proxies, IDS/IPS, Web Application Firewalls
  • Technical knowledge of fundamental Internet protocols, services, and technologies to include HTTP(S), TLS, DNS, SMTP, TCP/IP, ICMP, JSON, REST
  • 4+ years with some of the following scripting languages: SQL, Python, JavaScript, Perl, PHP and/or shell scripting
  • Experience with C/C++, Java, Swift, Objective C

Job Function Function Breakdown:

  • 65% Operational support for SEI customers
  • 10% Perform applied research in emerging areas of digital forensics
  • 15% Deliver technical and management training to customers
  • 5% Mentor, guide and interact with team and other staff
  • 5% Contribute to the research and technical agendas of the FOI

100% Total Effort

Benefits:

Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/ . You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

#seijob

05 Jul
2017
Senior Software Engineer - 2006078
Pittsburgh, PA

The CERT Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University (CMU) in Pittsburgh, Pennsylvania. CERT engages in state of the art R&D activities in computer security. The CERT Security Automation Directorate, Secure Lifecycle Solutions (SLS) group delivers innovative engineering methods and solutions to challenging cybersecurity problems. By demonstrating in-house technical expertise and long-standing collaborations with leading researchers from special academic institutions, SLS authorities develop custom methods and systems to meet customer needs. The SLS team applies ground breaking research and technologies to provide secure software solutions that bring real value to support the mission of our government and industry partners and advance the current state of practice.

Position Summary: Expertise in DevOps processes and tools, resilient system design and implementation, and requirements gathering and analysis enables team to develop comprehensive practices engineering processes tailored to rare customer needs, or improve existing processes to meet evolving challenges by demonstrating new technologies. Built on confirmed SEI software engineering methodologies and CERT cyber security expertise, SLS engineering processes lead to efficient, successful, and secure product development and deployment.

You will participate in all phases of the application development lifecycle, and will be involved in key decisions regarding software design and technology selection including hands on development activities.

Minimum Qualifications and Requirements:

Education/Training: BS in computer science, software engineering, computer engineering, or a related quantitative field of study with ten (10) years of applicable experience.

Experience: Experience as a software developer working on software applications in a professional environment required:

  • Hands on experience in an Ops/DevOps role with an emphasis on deploying and handling environments in cloud platforms (AWS, Azure, or similar)
  • Hands-on experience with configuration management tools, chef, Puppet, or similar.
  • Experience and proficiency with Linux administration and operation (preferably RHEL/CentOS)
  • Experience developing in object oriented programming on Java, C#, C++
  • Experience with scripting languages such as Python, Ruby, Perl, and Bash
  • Experience setting up continuous integration & continuous delivery, log collection and analysis, software build & release, and performance monitoring/tuning
  • Experience with modern web frameworks such as Django, Angular JS, React
  • Experience with SDLC deployment packages Maven, Ant, Docker, etc
  • Experience with source code repository Git, Mercurial, SVN, or TFS
  • Experience with monitoring and logging tools such as Kibana, NewRelic, Nagios, Splunk, Graphite, Graphana, etc
  • Experience fixing software applications and reading stack traces
  • Knowledge of network switches, firewalls and routers
  • Familiarity with system and task automation
  • Familiarity with risk and security assessments
  • Collaboration skills, with written and spoken communication skills
  • Excellent troubleshooting and problem solving capabilities

Skills/Abilities:

  • Deep knowledge of software engineering including detailed knowledge of at least three of the following strengths: requirements, architecture and design, program and acquisition management, performance improvement, assurance, and/or security
  • Relevant experience within the last 5 years in working on a large software development program
  • Deep familiarity with general Linux operating system concepts, development pipeline tools, etc.
  • Knowledge of how to apply system engineering principles to system software development
  • Ability to execute network assessments and report results, write documentation.
  • Understanding of basic computer systems, and network, database and application security issues
  • Excellent written and verbal communication skills
  • Excellent reasoning and problem-solving skills
  • Ability to work effectively and manage time without supervision
  • Ability to attend customer meetings and respond to customer requirements
  • Highly motivated Self-starter individual with ability to multi-task, prioritize and be actionable
  • Review and development of performance and capacity plans (operational capacity and load requirements)
  • Experience with application disaster recovery, migration, roll-back plans, expansion, routine deployments, and system upgrade

Mobility: Will be required to travel on overnight assignments, occasionally for several days.

Environmental Conditions: Usual office setting, including extended work at a computer screen.

Mental: Ability to work meticulously with careful attention to detail; ability to meet target dates while working on multiple tasks – shifting priorities; ability to deal reciprocally, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort; ability to quickly learn new procedures, techniques, approaches, etc.

Other: The candidate will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Skills:

Education/Training: Master's degree in CS, Information Systems, systems and /or engineering, acquisition management, or equivalent combination of training and experience.

Accountability: The member will be directly accountable for understanding DoD technical needs, applying new technologies, and establishing delivery capabilities to meet the needs of the sponsoring organization and the DevOps community.

Direction: As a technical staff member, he/she will be expected to operate with minimum supervision using CMU and SEI defined practice, policies and procedures, in concert with the SEI mission.

Decisions: Required to work with government program offices to identify strengths and weaknesses within the acquisition program and their contractor base and build solutions to address the weaknesses and recognize and the strengths.

Supervisory Responsibilities: To be able to lead and supervise others.

Job Functions or Responsibilities:

85% Participate as a leader or member of dynamic technical teams in support of application development & delivery and DevOps assessment capabilities.

10% Identify and support the implementation strategies for the collection and application of learning and knowledge transfer from assignments (e.g. Dissemination of research results, case studies, guides, reports, presentations, articles, workshops, courses, and blog entries).

5% Perform other duties as assigned by the SLS Technical Manager, or Team Leads

100% total effort

Organizational Chart: Manager, CERT < Technical Director< Technical Manager < Senior Software Engineer

CMU is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

#seijob

19 Jun
2017
Equipment Technician - Receiving - 2005925
Pittsburgh, PA

Position Summary: Receiving incoming packages, distributing packages across the SEI locations, tracking each item received and maintaining database records of items received. Will be required to enter data in Oracle database. Responsible for keeping the loading dock and tagging areas organized and maintained; includes equipment such as dock leveler, hydraulic lift, pallet jacks and carts. Will deliver to off-site locations mail and other equipment. Stocks office paper. Responds to FS Hotline. Responsible for vehicle maintenance, fuel and mileage logs and service database. This position will be required to assist with any area of the facilities operations as assigned by the Facilities Operations Supervisor or the Facilities Manager. Will provide back-up to positions: Facilities Service Coordinator, Equipment Technician Utility, Shipping Receiving Coordinator and Mailing Coordinator.

Minimum Qualifications and Requirements

Education/Training: High School Diploma and up to one year of working experience.

Licenses: Valid Pennsylvania Driver’s License

Experience: Up to one year of working experience.

Skills/Abilities: Ability to: (1) perform data entry; (2) review and understand computerized reports and make necessary corrections to the data; (3) maintain accurate and detailed records; (4) organize work in order to meet deadlines and user demands; (5) understand and follow directions. (6) Familiar with computerized inventory tracking and tagging systems; (7) work independently and use initiative to resolve problems, diagnose and make needed recommendations or repairs; (8) operate general power tools, moving and loading equipment; (9) develops and maintains receiving metrics.

Mobility: Finger agility; ability to move, push, pull and lift equipment, as needed; ability to carry necessary tools; ability to stand for long periods of time; ability to climb steps or ladders, stoop, reach, bend at the waist and grasp; ability to travel to various campus locations, as needed.

Environmental Conditions: May have to endure various weather conditions while traveling between locations; equipment may be housed in dusty, damp and crowded conditions.

Mental: Ability to pay attention to details and meet deadlines; ability to deal with difficult or demanding individuals; the ability to use reasoning to solve maintenance related problems.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance; must be able to drive a box truck and pass a driver safety course.

Preferred Qualifications and Requirements

Education/Training: High School Diploma and two (2) years experience in Facilities environment.

Skills/Abilities: Experience with Oracle a plus but not necessary.

Experience: At least two (2) years of receiving operations experience.

Accountability: Responsible for all daily incoming package handling, storage, inventory, delivery and tracking. Responsible for independently setting-up, maintaining and repairing equipment or making recommendations to replace equipment. Develops and maintains receiving metrics for use in the internal review and open meetings.

Direction: Performs under minimal supervision. Most normal duties and responsibilities are handled independently with the use of established procedures and policies. Difficult or unique situations are referred to the supervisor.

Decisions: Determine package delivery steps and processes to stream line efficiency of receiving. Determines whether to repair or replace equipment; recommends equipment purchases

Supervisory Responsibilities: This position is not required to supervise any staff.

Job Functions Or Responsibilities:

70% Receiving duties – handling incoming shipments, tagging and logging shipments, deliver of packages and getting appropriate signatures. (2) Receive and sign for incoming parcels, data entry into receiving data base, cross reference piece in the Purchase Request System, enter into Oracle when needed and delivery of packages.

30% Back-up to Facilities Services –shipping, mail, office supply ordering and delivery, office moves and furniture reconfiguration, and other duties as needed.

100% TOTAL EFFORT

Organizational Chart: Chief Financial Officer < Deputy Chief Financial Officer < Facilites Manager < Equipment Technician - Receiving.

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

13 Jun
2017
Senior DevOps Engineer - 2005833
El Segundo, CA

This position is located in El Segundo, CA.

Position Summary: The candidate selected for this position will provide software engineering expertise to the Air Force Space and Missile Systems Center. We are seeking an engineer passionate about improving the ability to deliver secure, high quality, and mission critical software systems. If you are committed to bringing innovation to government, then this is the position for you.

As Senior DevOps Engineer, you will lead and/or participate on teams that improve performance, mission assurance, and predictability of acquisition, evolution and operations of software-reliant systems.

Key activities include:

  • Understanding customer requirements and key challenges and addressing them with tailored solutions or integrated solutions
  • Designing, applying, adapting, integrating, verifying and transitioning the SEI technical body of knowledge and research to maximize impact;
  • Building, applying and codifying new approaches to support customer needs and advance the software engineering state of the practice
  • Coordinate closely with staff across the SEI to deliver DevOps expertise to DOD customers.

Minimum Qualifications and Requirements:

Education/Training: BS in computer science, software engineering, computer engineering, or a related field, with ten (10) years of applicable experience.

Experience: Experience as a software developer working on software applications in a professional environment required:

  • Hands on experience in an Ops/DevOps role with emphasis on deploying and leading environments in cloud platforms(AWS, Azure or similar)
  • Experience with CI/CD, log collection and analysis, builds and performance monitoring/tuning
  • Experience with a scripting language like Python, Perl, Bash, Ruby etc.
  • Experience with complete SDLC tools like Maven, Jenkins, Ant, docker, etc.
  • Hands experience with Configuration Management tool Chef/puppet or similar
  • Knowledge of SCM tools (SVN, Git) would be a plus
  • Experience with monitoring and logging tools like Kibana, NewRelic, Nagious, Splunk, Graphite, Graphana etc.
  • Experienced troubleshooting Java applications and reading stack traces
  • Experience with application disaster recovery, migration, roll-back plans, expansion, routine deployments, and system upgrades
  • Knowledge of switches, firewalls and routers
  • Experience and proficient with Linux (Preferably with CentOS/RHEL)
  • Knowledge of YUM, system patching and other administration tools
  • Familiarity with system automation

Skills/Abilities:

  • Deep knowledge of software engineering including detailed knowledge of at least three of the following skills you'll use every single day: requirements, architecture and design, program and acquisition management, performance improvement, assurance, and/or security
  • Relevant experience within the last 5 years in working on a large software development program
  • Deep familiarity with general Linux operating system concepts, development pipeline tools, etc.
  • Knowledge of how to apply system engineering principles to system software development
  • Ability to execute network assessments and report results, write documentation
  • Understanding of basic computer systems, as well as network, database and application security issues
  • Excellent reasoning and problem-solving skills.
  • Ability to work effectively without close supervision
  • Strong teamwork skills, with excellent written and spoken communication excellent troubleshooting capabilities
  • Highly motivated self-starter individual with ability to multi-task, prioritize and remain focused on details.
  • Review and development of performance and capacity plans (operational capacity and load requirements)

Mobility: Travel on overnight assignments, occasionally for several days.

Environmental Conditions: Usual office setting, including extended work at a computer screen.

Mental: Ability to work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks – with inflexible deadlines with shifting priorities; ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort; ability to quickly learn new procedures, techniques, approaches, etc.

Other: You will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: Master's degree in Computer Science, Information Systems, systems engineering, software engineering, or acquisition management, with eight (8) years of relevant experience.

Accountability: The member will be directly accountable for understanding DoD acquisition needs, applying new technologies, and establishing delivery capabilities to meet the needs of the sponsoring organization and the acquisition community.

Decisions: Will be required to work with government program offices to identify strengths and weaknesses within the acquisition program and their contractor base and build solutions to address the weaknesses and recognize and encourage the strengths.

Supervisory Responsibilities: Must be able to lead and supervise others.

Job Functions or Responsibilities:

85% Participate as a leader or member of dynamic technical teams in support of government acquisition programs.

10% Identify and support the implementation strategies for the capture and application of learning and knowledge transfer from assignments (e.g. dissemination of research results, case studies, guides, reports, presentations, articles, workshops, courses, and blog entries).

5% Other duties as assigned by the responsible Director, or Deputy Director.

100% Total Effort

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

#seijob

05 Jun
2017
Facility Security Officer (FSO)/Contractor Special Security Officer (CSSO) - 2005735
Arlington, VA

Position Summary: The Facility Security Officer (FSO)/Contractor Special Security Officer (CSSO) is a cross-functional role within the Security and Technology Services Directorate function of the Software Engineering Institute (SEI) in our office located in Arlington, VA supporting Industrial Security requirements as well as certain Information Technology / Information Assurance functions in concert with OCOS staff at the main office in Pittsburgh, PA. This is an opportunity to deal not only with DoD Industrial Security opportunities (FSO/CSSO) as well as IT server and user issues, but also to assist with routine Information Assurance (ISSM/ISSO).

Minimum Qualifications and Requirements:

Education/Training: Bachelor’s degree in Computer Science, Information Technology, or related field, or equivalent combination of training and experience.

Experience: Three or more years of specific experience in government/industrial security or intelligence career fields; experience with end-user support, problem identification, problem resolution, and consulting experience. Experience working independently on projects with limited supervision.

Skills/Abilities: Problem solving skills. High degree of attention to detail. Able to participate on teams; contribute to the improvement of products and services; knowledge of both government and industrial security to analyze, evaluate, and interpret current security requirements; technical knowledge of desktop operating systems, systems administration, office productivity software, and web browsers; general understanding of technical environments such as networking, enterprise applications infrastructure services, and other technical areas.

Physical Mobility: Some infrequent business travel required. Periodic travel to Pittsburgh office, at least quarterly. Computer hardware installation and configuration required on a regular basis, sometimes involving transport of heavy objects (typically under 100 lbs.) short distances, use of hand tools, et cetera. Carrying of light objects (< 20 lbs.) between buildings may also be required.

Environmental Conditions: Ability to use a computer keyboard and display for extended periods of time; periodic work in a computer machine room or wiring closet environment.

Mental: Able to work under pressure; meet inflexible deadlines; deal with difficult individuals while maintaining composure. Must have strong customer service orientation. Able to identify, isolate, and resolve problems. Must be able to learn from procedural documents and training and then integrate that knowledge into workplace activities.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance. Additional work hours (weekend and evening hours) may be required on an infrequent basis. May be required to stay at or return to work during incidents and/or emergencies to perform duties as requested.

Preferred Qualifications and Requirements:

Licenses: Defense Security Service (DSS) Facility Security Officer (FSO) and/or Information Systems Security Officer (ISSO) certification, Contractor Special Security Officer (CSSO), COMSEC custodian (IAEC-2112), Industrial Security Professional (ISP), Microsoft Certifies System Administrator (MCSA), Microsoft Certifies System Engineer (MCSE), CompTIA A+, CompTIA Network +, CompTIA Security +, Dell Certified Technician

Experience: Prior experience in the Department of Defense, United States Intelligence Community or federal law enforcement agency. The applicant should also have established liaison contacts with federal, state and local law enforcement agencies and intelligence community. Experience in implementing new services and products; leading technical projects; performing advanced technical support; creating new operational and technical processes and procedures; (1) year of handling Sensitive Compartmented Information (SCI). Experience working in compliance with governmental accreditation requirements for operating IT environments and networks, such as NISPOM, DCID and STIG. Prior experience as a FSO, CSSO or ISSM/ISSO.

Other: Candidates with a current (within the past five (5) years) Single Scope Background Investigation (SSBI) are highly desirable.

Accountability: Responsible for ensuring that DoD Industrial Security policy and SEI security practices as well as SEI IT practices and procedures are followed with respect to access of restricted areas, handling of classified documents, and general IT policy

Direction: Employee will be expected to work under minimum supervision within the defined scope of authority and in accordance with SEI OCOS operating guidelines. Primary tasking and performance management will come from the Security manager. Guidance and oversight for IT matters will come from USHS manager and any IA guidance will be identified by an IA expert (e.g., ISSM) or the manager of Security as appropriate.

Decisions: Position will make decisions concerning compliance issues in accordance with NISPOM and respective ICDs. Makes routine decisions based upon knowledge and understanding of the policies, practices and procedures of Security and IT; novel / complex matters are referred to the appropriate manager or subject matter expert. May make recommendations to improve procedures or work flow in the department(s).

Supervisory Responsibilities: This position does not supervise others.

Job Functions or Responsibilities:

40% Maintain compliance with the NISPOM and other regulatory requirements conducting self-inspections and assisting the FSO/CSSO from Pittsburgh to prepare for annual inspections of the security program at the Arlington Office. Acts as a liaison for the Information Assurance office in Pittsburgh to facilitate the resolution of IA matters.

20% Provide advanced technical consulting to assist in resolving difficult software and hardware problems. Install equipment, set up computers, mobile devices, and phones for new users. Make repairs to computer hardware, and replace hardware. Provide audio and video support. Assist users in installing applications and ensuring that these applications meet IT security and infrastructure requirements. Ensure compliance with SEI IT Practices and Procedures and in some cases will be expected to identify and create procedures to comply. Assist in developing user documentation pertaining to the Arlington office. Works with other members of the IT staff on projects involving the IT infrastructure.

15% Handles building access, assists with obtaining necessary information /paperwork for security clearance requirements, closed area and other secure areas.

5% Fulfill COMSEC Custodian requirements in accordance with customer requirements and conduct periodic audits/inspections to ensure accountability for all COMSEC equipment and material. Submit reports with approval and report any discrepancies to the SEI Security Manager.

5% Interact with DoD and USG authorities to coordinate activities related to certifications and accreditations under the guidance and direction of IA staff in Pittsburgh.

5% Monitors security status of facilities and systems and responds to security incidents. Prepares incident reports and follows through with the Security office in Pittsburgh to ensure all incidents are resolved.

5% Assist the Pittsburgh-based asset management team in certain duties (e.g., inventory, tagging).

5% Training and professional development to keep current with new technologies and government regulations. May involve periodic travel to the SEI office in Pittsburgh, PA.

100% Total Effort

Organizational Chart: SEI Chief Information Officer (CIO) > Security Manager > FSO/CSSO

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

#seijob

05 Jun
2017
Senior Cyber Security Engineer - 2005737
Pittsburgh, PA or Arlington, VA

Position Summary: The CERT Division is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Division engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.

The individual in this position will work as a member of the Cybersecurity Assurance (CA) Team within the CERT Division. The CA team develops solutions (in the form of frameworks, models, tools, policies, practices, technical guidance, and training) that allow organizations to assess, analyze, and manage organizational, operational, and technical risks to mission-critical assets, processes, systems, and infrastructures.

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science (or other technical field) with ten (10) years’ experience, or equivalent combination of training and experience.

Certifications: Certified Information Systems Security Professional (CISSP), and/or Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA) and/or Certified Ethical Hacker (CEH)

Experience: Professional experience as an information security engineer, network security architect, information systems auditor, information systems analyst, or similarly technical occupation.

Experience with and applied knowledge in:

  • Common risk and cybersecurity assessment methods
  • Data analytics and cybersecurity metrics
  • Cybersecurity laws, regulations, and standards
  • Common network security architectures
  • Common networking protocols and services
  • Cyber security, survivability, and resilience concepts and issues
  • Software and systems engineering
  • Building and maintaining customer relationships
  • Strategic Planning and requirements definition
  • Process improvement
  • Program planning, budgeting, and management

Skills/Abilities: Must exhibit the following skills and abilities:

  • Understanding of information technology, security assessment methods, and telecommunications systems
  • Working knowledge of network interoperability, cyber security, and survivability issues, including cyber security best practices and standards
  • Working knowledge of DHS critical infrastructure sectors and related security and resilience issues
  • Working knowledge of the DoD and federal agency resilience needs and cyber security roadmaps
  • Development and delivery of information and infrastructure security risk and vulnerability evaluations
  • Ability to conduct analytical studies and investigations
  • Reasoning and problem-solving skills
  • Ability to work independently with limited supervision
  • Ability to interact effectively with diverse constituencies internally and externally
  • Ability to work well as a member of a cooperative team; ability to work in a matrix organizational structure
  • Ability to recognize and deal appropriately with confidential and sensitive information
  • Ability to implement project plans, monitor project budgets, and identify and mitigate project risks
  • Leadership and mentoring skills
  • Excellent written and oral communication skills; ability to contribute to technical research white papers and reports; ability to prepare papers and deliver presentations to technical and non-technical audiences; ability to contribute to customer technical exchanges and marketing presentations
  • Ability to work on customer sites with high-ranking members of federal agencies and DoD
  • Participation in professional society activities, particularly IEEE and ACM

Physical/Mobility: Primarily sedentary in an office setting with some mobility. Ability to travel frequently to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings.

Environmental Conditions: Close contact with computer for extended periods of time.

Mental: Strong interest in the human, managerial, and technical aspects of cyber security is critical for this position as are these abilities:

  • Take or share leadership role in technical projects
  • Work meticulously with careful attention to detail
  • Meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities
  • Deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff
  • Ability to understand the direction, and goals of an effort; ability to develop and communicate innovative ideas; ability to demonstrate initiative and to quickly learn new procedures, techniques, approaches, etc.

Other: Strong interest in cyber security and critical infrastructure protection analysis basis research, applied research, and development. Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science (or related technical field) with eight (8) years’ experience or equivalent experience.

Certifications: Offensive Security Certified Professional (OSCP), and/or GIAC Penetration Tester (GPEN), and/or Certified Ethical Hacker (CEH), and/or Certified Information Systems Security Professional (CISSP), and/or Certified Information Systems Auditor (CISA)

Experience:

  • Expert experience in risk and cybersecurity assessment methods
  • Advanced knowledge of network security architectures
  • Expert knowledge in cybersecurity laws, regulations, and standards
  • Expert experience in data analytics and cybersecurity metrics
  • Experience with common penetration testing toolsets (Metasploit framework, vulnerability scanners, web application scanners, Nmap
  • Experience with common penetration testing methodologies and tactics (PTES, OWASP testing guide, etc.)

Skills/Abilities: Strong presentation/platform skills and excellent writing skills.

Accountability: The individual will implement and participate in the planning and execution of projects leading to technical results. The individual will also contribute to project, department, or program objectives and planning document development. The individual will keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution.

Direction: The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual must make sound technical decisions with little supervision. The individual must accurately represent the program in interactions with customers, sponsors, and the public. The individual is expected to perform analysis on-site at customer locations and immediately assess potential vulnerabilities requiring further investigation.

Supervisory Responsibilities: This position could involve the training and oversight of the work of other staff members, graduate students, resident affiliates, visiting scientists, and independent contractors. Depending on research project or customer work plan, position may involve task leadership.

Job Functions or Responsibilities:

60% Participate in cybersecurity assessments operating in a technical leadership role; analyze assessment data to identify risk areas and propose mitigation alternatives.

15% Participate in research into innovative and cutting-edge tools, techniques, and methods to improve cybersecurity and operational resilience; transition research into applied knowledge for customers.

10% Deliver courses in operational resilience management, cybersecurity management, and information security risk management

5% Contribute to conferences and meetings; participate in marketing calls and technical exchanges with clients; give talks and lectures as appropriate; participate on working groups for subjects of interest.

5% Contribute to and review the literature in cyber security, resilience, and software engineering.

5% Provide assistance and input to other teams and projects within the SEI.

100% Total Effort

Organizational Chart: Director, CERT Division < Technical Director, Cyber Risk and Resilience< Technical Manager, Cybersecurity Assurance Team < Senior Cyber Security Engineer

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

#seijob

30 May
2017
Compiler Researcher - 2005656
Pittsburgh, PA

Position Summary: We are looking for someone familiar with compilers (particularly dataflow analysis or other forms of static analysis) to work on projects developing techniques for automatically repairing source code to remove certain common classes of vulnerabilities.

Software vulnerabilities constitute a major threat to many of our nation’s mission-critical systems. Static analysis tools help identify these bugs, but they typically are used late in the development process and produce an enormous number of warnings, overwhelming the ability of the development team to fix the code. Automated code repair holds the potential to eliminate security vulnerabilities much faster and at a much lower cost than manual repair.

The Secure Coding team of the world-renowned CERT division of the Software Engineering Institute is a pioneer of the identification and development of secure coding and secure software development practices. Joining the Secure Coding team, you will work with world-class cyber security experts to help software developers and software development organizations reduce vulnerabilities resulting from coding errors before they are deployed. We identify common programming errors that lead to software vulnerabilities, establish standard secure coding standards, educate software developers, and advance the state of the practice in secure coding that leads to secure software systems.

The successful candidate will participate in research and engineering projects related to developing secure software systems, write reports and deliver presentations that explain the findings of their work, and work directly with customers to help transition our work into practice.

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science or Software Engineering with 3 years of applicable experience, or equivalent knowledge and ability. Familiarity with compilers at least to the level of an undergrad compilers course, especially dataflow analysis. Firm grasp of data structures and algorithms.

Skills/Abilities:

Successful candidates will have the ability to:

  • Develop and analyze source code in C and C++
  • Build and configure various software build environments, and build custom tools to integrate and automate the use of software building and analysis tools
  • Analyze data from multiple sources, generate defensible results, and represent them in reporting products and interactions with customers, sponsors, and the public
  • Contribute in a team environment with other team members with varying skills, experience and locations
  • Recognize and deal appropriately with confidential and sensitive information such as source code and software weaknesses and vulnerabilities
  • Develop and explain technical decisions and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements
  • Work meticulously with careful attention to detail required to identify defects and weaknesses in source code of large software systems, and to identify opportunities for improvements to the development process.
  • Be self-motivated and capable of self-learning to maintain a working knowledge of the ever-changing software development landscape.

Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI and Carnegie Mellon community, customer sites, conferences, and offsite meetings with some frequency.

Environmental Conditions: Normal office conditions, close contact with computer for prolonged periods of time.

Mental: Ability to work under pressure and changing priorities; pay attention to detail; meet inflexible deadlines; deal with difficult individuals while maintaining composure.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science or Software Engineering, with 1 year of applicable experience.

Skills/Abilities: Thorough knowledge of the C programming language. Basic familiarity with x86 assembly language. Ability to read and write code in Python. Ability to write an analysis pass for LLVM. Ability to develop software that exhibits desired security properties. Ability to evaluate software for desired security properties.

Accountability: Contributes to program objectives and plans development.

Direction: Performs under minimal supervision, independent judgment is encouraged. Most normal duties and responsibilities are handled independently with the use of established procedures and policies. Difficult or unique situations are referred to the supervisor. Ability to work directly on-site at a customer location with minimal direct supervision from direct supervisor.

Decisions: Participate in conferences and workshops where security-related issues are discussed as required.

Job Functions or Responsibilities:

40% Contribute to internally funded research projects, developing experimentation environments, evaluating secure software development practices, and communicating results internally and externally in reports and presentations.

30% Directly support customer work in secure coding, verification and validation techniques, and technical training. Tailor our current offerings to provide value to customers by evaluating their software, software development, and software acquisition/procurement practices, and providing improvement recommendations. Communicate the findings of such evaluations through reports and presentations. Build new tools and capabilities that improve our ability to meet customer needs.

15% Codify knowledge that has been gained through customer and research projects to expand and update knowledge transfer materials, such as Secure Coding guidelines, training materials, and tools.

15% Develop knowledge and understanding of SEI capabilities; learn how SEI capabilities can be applied to customer problems; work directly with SEI staff supporting the community with disciplines related to secure coding and secure development.

100% TOTAL EFFORT

Organizational Chart: CERT Director < CERT/CSF Technical Director < CERT/Secure Coding Technical Manager < Associate Software Engineer.

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

#seijob

30 May
2017
Senior Software Systems Engineer - 2005657
Operating Location PAX - Lexington Park, MD

This position is located in California, MD (approximately 60%) and Ballston/Arlington, VA (approximately 40%)

Position Summary: The Senior Software Systems Engineer will primarily provide direct support to the NAVAIR PEO U&W and augment support to high-level DoD and Federal Civilian organizations in the DC area in the development and operation of large scale software engineering systems. This position will support the Software Engineering Institute’s (SEI) mission by working with these government programs to understand their challenges, identifying actionable solutions, and guiding programs to operationalize the most effective techniques and practices. This position also requires using an understanding of government software engineering challenges to inform software engineering research and identify technology transition barriers and enablers.

If you are an engineer passionate about improving the ability to deliver high quality, critical software systems, and you are committed to bringing software innovation to government and beyond, then this is the position for you.

Key activities include:

  • Understanding customer software engineering challenges and identifying alternatives using tailored or integrated solutions
  • Applying, adapting, integrating, verifying and transitioning the SEI body of research to improve DOD program software engineering activities
  • Creating, applying and codifying new approaches to address challenges and advance the software engineering state of the practice
  • Coordinate closely with staff across the SEI to deliver software engineering technology and expertise to DOD customers.

Minimum Qualifications and Requirements:

BS or equivalent degree in relevant discipline with ten (10) years applicable experience; MS or equivalent degree in relevant discipline with eight (8) years applicable experience; PhD or equivalent degree in relevant discipline with five (5) years applicable experience, or equivalent combination of training and experience.

Experience:

You will have technical breadth and expertise in:

  • Understanding of all aspects of the end-to-end software lifecycle (e.g., requirements, design, implementation, testing, integration, deployment, sustainment)
  • Software project management and/or systems engineering management
  • DOD or Intelligence Community software/system acquisition processes and directives

You should have demonstrated experience in five (5) or more of the following software activities:

  • Software architecture development, software architecture evaluation, software architecture patterns (e.g. SOA)
  • Software analysis including reviewing software designs or code analysis
  • applying cloud computing, containers, or virtualization in DOD systems
  • Information assurance/survivability
  • Building cyber resilient software systems
  • Systems engineering on software intensive systems
  • COTS/GOTS product evaluation and integration
  • Software acquisition strategies and software RFP language
  • Performance measurement including definition and application of goals, measurements and metrics
  • Agile methods, DevOps or continuous software integration and deployment
  • Modernizing legacy systems

Skills/Abilities: Demonstrated ability as follows:

  • Excellent written and verbal communications skills and ability to present to high visibility partners internal and external to the organization.
  • Proven program and project management skills including: interfacing with clients, developing proposals, and establishing relationships with new DoD and/or government clients.
  • Proven team related skills with the ability to lead and participate in multidisciplinary teams.

Mobility: Occasional travel (approximately 15-25%) on overnight assignments. Rotation of duties to support DoD and Federal Civilian organizations at the SEI Ballston/Arlington, VA office location.

Environmental Conditions: Usual office setting with extended use of a computer screen.

Other: You will be subject to a background investigation and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Licenses: Certified DoD Acquisition Professional.

Accountability: The member will be directly accountable for understanding DoD software engineering challenges, applying new technologies, and establishing delivery capabilities to meet the needs of the DOD program.

Decisions: Will be required to work with government program offices to identify strengths and weaknesses within the acquisition program and their contractor base and build solutions to address the weaknesses and recognize and encourage the strengths.

Supervisory Responsibilities: Lead distributed teams within cost and schedule.

Job Functions or Responsibilities:

85% Leader or member of technical teams in support of government software acquisition program offices or as a member of a technical team performing software research. Identify and support the implementation strategies for the collection and application of learning and knowledge transfer from assignments (e.g. dissemination of research results, case studies, guides, reports, presentations, articles, workshops, courses, and blog entries).

10% Serve in an advisory capacity to other SEI technical programs on acquisition or technical challenges.

5% Other duties as assigned by the Client Technical Solutions Directorate Executive Director or Deputy Director.

100% total effort

Organizational Chart: SEI Director’s Office < Director, Software Solutions Division < Technical Director, Client Technical Solutions Directorate < Sector Lead, CTSD Sector Team

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/VeteranEOE

#seijob

30 May
2017
Software Engineer - 2005658
Pittsburgh, PA

Position Summary: We are looking for someone familiar with compilers (particularly dataflow analysis or other forms of static analysis) to work on projects developing techniques for automatically repairing source code to remove certain common classes of vulnerabilities.

Software vulnerabilities constitute a major threat to many of our nation’s mission-critical systems. Static analysis tools help identify these bugs, but they typically are used late in the development process and produce an enormous number of warnings, overwhelming the ability of the development team to fix the code. Automated code repair holds the potential to eliminate security vulnerabilities much faster and at a much lower cost than manual repair.

The Secure Coding team of the world-renowned CERT division of the Software Engineering Institute is a pioneer of the identification and development of secure coding and secure software development practices. Joining the Secure Coding team, you will work with world-class cyber security experts to help software developers and software development organizations reduce vulnerabilities resulting from coding errors before they are deployed. We identify common programming errors that lead to software vulnerabilities, establish standard secure coding standards, educate software developers, and advance the state of the practice in secure coding that leads to secure software systems.

The successful candidate will participate in research and engineering projects related to developing secure software systems, write reports and deliver presentations that explain the findings of their work, and work directly with customers to help transition our work into practice.

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science or Software Engineering with three (3) years of applicable experience, or equivalent knowledge and ability. Familiarity with compilers at least to the level of an undergrad compilers course, especially dataflow analysis. Firm grasp of data structures and algorithms.

Skills/Abilities:

Successful candidates will have the ability to:

  • Develop and analyze source code in C and C++
  • Build and configure various software build environments, and build custom tools to integrate and automate the use of software building and analysis tools
  • Analyze data from multiple sources, generate defensible results, and represent them in reporting products and interactions with customers, sponsors, and the public
  • Contribute in a team environment with other team members with varying skills, experience and locations
  • Recognize and deal appropriately with confidential and sensitive information such as source code and software weaknesses and vulnerabilities
  • Develop and explain technical decisions and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements
  • Work meticulously with careful attention to detail required to identify defects and weaknesses in source code of large software systems, and to identify opportunities for improvements to the development process.
  • Be self-motivated and capable of self-learning to maintain a working knowledge of the ever-changing software development landscape.

Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI and Carnegie Mellon community, customer sites, conferences, and offsite meetings with some frequency.

Environmental Conditions: Normal office conditions, close contact with computer for prolonged periods of time.

Mental: Ability to work under pressure and changing priorities; pay attention to detail; meet inflexible deadlines; deal with difficult individuals while maintaining composure.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science or Software Engineering, with one (1) year of applicable experience.

Skills/Abilities: Thorough knowledge of the C programming language. Basic familiarity with x86 assembly language. Ability to read and write code in Python. Ability to write an analysis pass for LLVM. Ability to develop software that exhibits desired security properties. Ability to evaluate software for desired security properties.

Accountability: Contributes to program objectives and plans development.

Direction: Performs under minimal supervision, independent judgment is encouraged. Most normal duties and responsibilities are handled independently with the use of established procedures and policies. Difficult or unique situations are referred to the supervisor. Ability to work directly on-site at a customer location with minimal direct supervision from direct supervisor.

Decisions: Participate in conferences and workshops where security-related issues are discussed as required.

Job Functions or Responsibilities:

40% Contribute to internally funded research projects, developing experimentation environments, evaluating secure software development practices, and communicating results internally and externally in reports and presentations.

30% Directly support customer work in secure coding, verification and validation techniques, and technical training. Tailor our current offerings to provide value to customers by evaluating their software, software development, and software acquisition/procurement practices, and providing improvement recommendations. Communicate the findings of such evaluations through reports and presentations. Build new tools and capabilities that improve our ability to meet customer needs.

15% Codify knowledge that has been gained through customer and research projects to expand and update knowledge transfer materials, such as Secure Coding guidelines, training materials, and tools.

15% Develop knowledge and understanding of SEI capabilities; learn how SEI capabilities can be applied to customer problems; work directly with SEI staff supporting the community with disciplines related to secure coding and secure development.

100% TOTAL EFFORT

Organizational Chart: CERT Director < CERT/CSF Technical Director < CERT/Secure Coding Technical Manager < Software Engineer.

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

#seijob

23 May
2017
Senior Software Systems Engineer - 2005562
El Segundo, CA

This position is located in El Segundo, CA

Position Summary: The Senior Software Systems Engineer will provide direct support to the Air Force Space and Missile Systems Center in the development and operation of large scale software engineering systems. This position will support the Software Engineering Institute’s (SEI) mission by working with these government programs to understand their challenges, identifying actionable solutions, and guiding programs to operationalize the most effective techniques and practices. This position also requires using an understanding of government software engineering challenges to inform software engineering research and identify technology transition barriers and enablers.

If you are an engineer passionate about improving the ability to deliver high quality, critical software systems, and you are committed to bringing software innovation to government and beyond, then this is the position for you.

Key activities include:

  • Understanding customer software engineering challenges and identifying alternatives using tailored or integrated solutions
  • Applying, adapting, integrating, verifying and transitioning the SEI body of research to improve DOD program software engineering activities
  • Creating, applying and codifying new approaches to address challenges and advance the software engineering state of the practice
  • Coordinate closely with staff across the SEI to deliver software engineering technology and expertise to DOD customers.

Minimum Qualifications and Requirements:

BS or equivalent degree in relevant discipline with ten (10) years applicable experience; MS or equivalent degree in relevant discipline with eight (8) years applicable experience; PhD or equivalent degree in relevant discipline with five (5) years applicable experience, or equivalent combination of training and experience.

Experience:

You will have technical breadth and expertise in:

  • Understanding of all aspects of the end-to-end software lifecycle (e.g., requirements, design, implementation, testing, integration, deployment, sustainment)
  • Software project management and/or systems engineering management
  • DOD or Intelligence Community software/system acquisition processes and directives

You should have demonstrated experience in five (5) or more of the following software activities:

  • Software architecture development, software architecture evaluation, software architecture patterns (e.g. SOA)
  • Software analysis including reviewing software designs or code analysis
  • applying cloud computing, containers, or virtualization in DOD systems
  • Information assurance/survivability
  • Building cyber resilient software systems
  • Systems engineering on software intensive systems
  • COTS/GOTS product evaluation and integration
  • Software acquisition strategies and software RFP language
  • Performance measurement including definition and application of goals, measurements and metrics
  • Agile methods, DevOps or continuous software integration and deployment
  • Modernizing legacy systems

Skills/Abilities: Demonstrated ability as follows:

  • Excellent written and verbal communications skills and ability to present to high visibility partners internal and external to the organization.
  • Proven program and project management skills including: interfacing with clients, developing proposals, and establishing relationships with new DoD and/or government clients.
  • Proven team related skills with the ability to lead and participate in multidisciplinary teams.

Mobility: Frequent travel on overnight assignments.

Environmental Conditions: Usual office setting with extended use of a computer screen.

Other: You will be subject to a background investigation and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Licenses: Certified DoD Acquisition Professional.

Accountability: The member will be directly accountable for understanding DoD software engineering challenges, applying new technologies, and establishing delivery capabilities to meet the needs of the DOD program.

Decisions: Will be required to work with government program offices to identify strengths and weaknesses within the acquisition program and their contractor base and build solutions to address the weaknesses and recognize and encourage the strengths.

Supervisory Responsibilities: Lead distributed teams within cost and schedule.

Job Functions or Responsibilities:

85% Leader or member of technical teams in support of government software acquisition program offices or as a member of a technical team performing software research. Identify and support the implementation strategies for the collection and application of learning and knowledge transfer from assignments (e.g. dissemination of research results, case studies, guides, reports, presentations, articles, workshops, courses, and blog entries).

10% Serve in an advisory capacity to other SEI technical programs on acquisition or technical challenges.

5% Other duties as assigned by the Client Technical Solutions Directorate Executive Director or Deputy Director.

100% total effort

Organizational Chart: SEI Director’s Office < Director, Software Solutions Division < Technical Director, Client Technical Solutions Directorate < Sector Lead, CTSD Sector Team

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

#seijob

19 May
2017
Machine Learning Research Scientist - 2005584
Pittsburgh, PA

Position Summary: The Software Engineering Institute (SEI) is a federally funded research and development center located at Carnegie Mellon University. Our Advanced Mobile Systems (AMS) Initiative is seeking a Machine Learning Research Scientist. This is an excellent opportunity to work with leading researchers and faculty at a truly world-class institution. The Machine Learning Research Scientist will focus on advancing and applying machine learning technology to analyzing streaming data. The AMS team conducts applied research, matures and prototypes technology; and transitions technology to government organizations.

The ideal candidate will enjoy working with world-renowned researchers/engineers at the SEI, Carnegie Mellon University, and other universities and R&D centers. S/he will apply promising technologies to applications requiring rapid processing of large volumes of streaming data. The candidate should have a strong mathematics and/or computer science background and experience in machine learning technology and developing highly-distributed systems performing near-real-time analysis of data.

Minimum Qualifications and Requirements:

Education/Training: M.S. degree in computer science or related discipline with eight (8) years of experience or equivalent combination or training and experience. PhD strongly preferred.

Experience: Two or more (2+) years in three or more of the following: system/software architecture and development, virtual machine technology, distributed processing, data analytics, machine learning and/or natural language processing.

Skills/Abilities: Ability to contribute to machine learning research and design and develop advanced prototypes. Excellent analytical, problem solving and organizational skills. Ability to work successfully in small team environments, and communicate with prominent researchers and engineers. Interest in the application of advanced technologies to extremely complex and challenging problems

Mobility: Normally sedentary position with some mobility; i.e., able to travel to campus and potentially other locations.

Environmental Conditions: Usual office setting, close contact with CRT for long periods of time.

Mental: Ability to pay close attention to detail, meet deadlines, balance multiple tasks, work under pressure, and work with frequent interruptions.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: PhD in Computer Science or related discipline with five (5) years of experience or equivalent combination of training and experience. Advanced coursework in machine learning/natural language processing. Advanced coursework in architecting highly-distributed systems. Additional course work in computer applications, software engineering and networking.

Experience: Four or more (4+) years’ experience in system/software architecture and development, virtual machine technology, distributed processing, data analytics, machine learning and/or natural language processing. Experience developing data analytics applications, and applications for intermittently connected, low bandwidth, and low power environments; sensor integration and fusion.

Skills/Abilities: Experience working with the intelligence community.

Accountability: Completes project tasks from routine to complex; is accountable for meeting established deadlines and project milestones with a commitment to decisions that have been made.

Direction: Expected to perform with limited supervision. Most normal duties and responsibilities are handled independently with the use of established research and engineering protocols and departmental and university procedures and policies.

Decisions: Works with researchers and developers to implement pragmatic solutions to complex problems.

Supervisory Responsibilities: Potential small team supervision.

Job Functions or Responsibilities:

30% Works with CMU, SEI, other researchers, and the intelligence community to enhance the state of the art in technologies to assist in the analysis of large volume and streaming data.

30% Works with CMU and SEI engineers to apply state of the art technologies to prototype systems that assist in the analysis of large volume and streaming data.

20% Attends meetings, submits work progress reports, and performs related duties as required.

20% Represents work plans and prototypes via publications, conferences, and meetings to the academic research, engineering, DoD, and first responder communities.

100% Total Effort

Organizational Chart: SSD Director > CSC Directorate Lead > AMS Initiative Lead > Machine Learning Research Scientist.

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

#seijob

04 May
2017
Cyber Security Engineer - Exercise Developer - 2005394
Pittsburgh, PA or Arlington, VA

This position can be located in Pittsburgh, PA or Arlington, VA.

Position Summary: As a member of CERT's Workforce Development program, the candidate will work with other team members in developing cyber-security training exercises and simulations, primarily for US military/government customers. This involves interacting directly with customers, gathering training requirements and objectives, producing and facilitating creative and engaging exercise scenarios, and building supporting physical and virtualized systems and network topologies. As such, the candidate will work regularly with a wide range of software and hardware technologies within CERT labs. The candidate may also assist in developing and teaching cyber security training content to external customers. The candidate will also be involved software and hardware prototype development. Additionally, the position requires the candidate to have demonstrated and effective leadership/management abilities as he/she may supervise and evaluate full time direct reports as well as the activities of graduate student assistants. The successful candidate must be self-directed, have an interdisciplinary approach to problem solving, and work well communicating technical information to technical and non-technical users. The candidate must also be able to interact with clients and staff of all levels in a highly professional and competent manner.

Minimum Qualifications and Requirements:

Education/Training: Bachelor’s degree in Computer Science, Information Science, or related discipline with three (3) years applicable working experience in information technology, Master’s degree in Computer Science, Information Science, or related discipline with one (1) years of applicable working experience in information technology, or equivalent combination of training or experience.

Experience: Successful candidates must possess "hands-on" experience with Computer/Network Security and I.T. system and network administration. Additionally, he/she must have practical experience with Windows server and desktop platforms and Linux/Unix operating systems. The candidate must have experience in network design and troubleshooting and implementing standard networking protocols. Additionally, demonstrated practical experience working with common commercial and open-source cyber security tools is required. The candidate should have some experience teaching technical content to students, peers, and non-technical individuals and must enjoy doing so.

Skills/Abilities: Candidate must be able to prioritize workload and complete deliverables on time, have good technical problem-solving skills, strong analytical and information organization skills, excellent oral and written communication skills, and strong technical teaching skills. Candidate must be able to multitask and work effectively with multiple project teams and sponsors/customers. Experience with virtualization technologies, particularly VMWare ESX server is highly desired. Programming experience in C, C++, C#, Python, and Java is also highly desirable.

Physical Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites.

Environmental Conditions: Close contact with computer for long periods of time.

Mental: Ability to pay close attention to detail, meet deadlines, work under pressure, and communicate effectively.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: BS and MS in Computer Science; training in enterprise security tools (i.e. McAfee ePO/HIPS, ArcSight, etc.)

Licenses: CISSP, Network+, Security+ and/or other industry standard certifications

Experience: US military service in a series of positions involving information technology, cyber security, and management of large scale government networks.

Skills/Abilities: Strong presentation/platform skills and excellent writing skills.

Accountability: The incumbent is accountable for the definition, creation, and maintenance of final deliverables and products and may manage unclassified/classified DoD projects in excess of $3M annually.

Direction: The incumbent is expected to act independently using CMU and SEI defined policies, practices, and procedures.

Decisions: The incumbent must use good judgment to solve customer and personnel problems and is required to envision, design, develop, pilot, and deliver new capabilities, products, and services. Candidate will also be required to accurately represent SEI/CERT and its technical work in interactions with customers, sponsors, and the public.

Supervisory Responsibilities: The incumbent may have at least 2 direct reports as well as up to 15 secondary reports and will be required to provide performance management, career guidance, and take personnel corrective actions as required.

Job Functions or Responsibilities:

10% Design and develop technical documents and instructional materials.

10% Research, evaluate, develop, install/configure hardware and software including promising new technologies that require examination for cyber security research and development.

10% Deliver technical and management training to customers.

55% Mentor, guide and interact with team and other staff.

15% Contribute to transition planning and strategy.

100% TOTAL EFFORT

Organizational Chart: Director, CERT Division < Technical Director, Cyber Workforce Development Directorate < Technical Manager, Modeling, Simulation and Exercises Initiative < Team Lead, Modeling, Simulation and Exercises < Cyber Security Engineer – Exercise Developer.

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

04 May
2017
Software Engineer - 2005395
Pittsburgh, PA or Arlington, VA

Position Summary: CERT is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT engages in cutting-edge research and development, and provides robust programs focused on ensuring that software developers, internet security experts, network and system administrators, and others are able to resist, recognize, and recover from attacks on networked systems.

As a member of CERT Systems Team, the selected candidate will be responsible for designing, developing, and deploying software applications and systems to enhance the capabilities of CERT customers. The candidate will participate in all phases of the software development lifecycle, and will be involved in key decisions regarding software design and technology selection, architecture and design of cyber-resilient and cyber-secure systems.

Minimum Qualifications and Requirements:

Education/Training: BS in computer science, software engineering, computer engineering, or a related quantitative field of study with five (5) years of applicable experience.

Experience: Experience as a software developer working on software applications in a professional environment. Experience writing code and applications in Java, experience with a scripting language such as Perl or Python, proficiency with HTML/CSS/JavaScript, and familiarity with SQL and modern databases. Capable of working with software development tools such as version control systems (Git, Mercurial) and bug tracking systems (JIRA); working knowledge of agile software development practices and team design sessions. Experience developing within a UNIX/Linux environment.

Skills/Abilities: Ability to function within a development team. Willingness to learn new skills, programming languages, and technologies as necessary. Desire to solve challenging problems through technical innovation. Ability to analyze customer requirements and provide novel solutions. Ability and willingness to provide accurate estimates of development time and risk. Excellent written and verbal communication skills. Ability to work effectively without close supervision. Capable to attend customer meetings and respond to customer requirements

Mobility: Primarily sedentary, long periods of sitting, may have to travel to other campus locations, as well as, travel to customer sites, some bending, stretching and lifting. Moving and setting up computer equipment.

Environmental Conditions: Normal office conditions; however close contact with a computer screen for prolonged periods of time.

Mental: Ability to work under pressure and meet deadlines; ability to prioritize tasks; strong learning capability; ability to assist users of varying competency; ability to interact effectively with vendors, managers, and technical staff. Good technical problem-solving skills; strong information organization skills; good oral and written communication skills. Maintain confidentiality of sensitive information.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: MS in computer science, software engineering, computer engineering, or a related quantitative field of study with three (3) years of applicable experience.

Certifications: CISSP or CSSLP

Experience: Working knowledge of general networking concepts and experience with deep software analysis, debugging, or reverse engineering, with a background in cyber security or cyber analytics. Experience with Hadoop and related big-data systems, relational databases, LDAP directories, Apache httpd and Tomcat, and working within a development and operations (DevOps) environment. Experience coding with C, C++, C#, Scala, Ruby and other commonly used languages. Familiarity with No SQL and non-relational database technologies such as MongoDB. Cassandra, HBase, Neo4j or others.

Skills/Abilities: Ability to multitask, troubleshoot and work with end users. Ability to quickly learn new technologies (COTS/GOTS) and integrate them with existing applications and/or systems. Knowledge of various hardware architectures and embedded systems. Embedded system design and embedded software implementation.

Accountability: Develop and implement project technical results. Contribute to program objectives and plans development. Keep in confidence sensitive information such as security, and site-specific information.

Direction: Regular interaction with supervisor. Expected to act in accordance with SEI and CERT program procedures and policies, such as those involving product development, team interaction, and confidentiality.

Decisions: Must accurately represent the program in interactions with customers, sponsors, and the public. Participate in conferences and workshops where security-related issues are discussed as required.

Supervisory Responsibilities: This position does not formally supervise others. However, the individual may act in a technical leadership (non-supervisory) role in regard to specific work products and activities, or in regard to student interns, etc.

Job Functions or Responsibilities:

90% Design and implementation of software requirements and integrate with other software tools or relational databases.

Secondary Functions

5% Contribute to conferences and meetings; participate in marketing calls on clients; give technical talks as appropriate.

5% Contribute to the broader software engineering and security community.

100% TOTAL EFFORT

Organizational Chart: CERT Program, Director < Secure Automation Director < Systems Technical Manager < Software Engineer

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

04 May
2017
Systems Engineer - 2005396
Pittsburgh, PA or Arlington, VA

Position Summary: CERT is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT engages in cutting-edge research and development, and provides robust programs focused on ensuring that software developers, internet security experts, network and system administrators, and others are able to resist, recognize, and recover from attacks on networked systems.

This position is responsible for supporting users and maintaining software and equipment in the CERT Program Managed Enclaves. This includes understanding the needs of the teams using the enclaves, designing and developing services to meet those needs, planning equipment acquisitions, overseeing configuration and maintenance of equipment, overseeing set-up and breakdown of equipment for experiments, assisting in experiments as needed. You will need to be a self-starter who can work in a rapidly changing environment, tolerate ambiguity, and demonstrate problem-solving skills.

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science, Information Science, Computer Engineering or equivalent with eight (8) years of applicable experience, MS in Computer Science, Information Science, Computer Engineering or equivalent with five (5) years of applicable experience, or Ph.D. in Computer Science, Information Science, or equivalent with two (2) years of applicable experience.

Experience: System administrator level of knowledge for both UNIX and Windows operating systems, as well as experience with the selection, configuration and deployment of associated hardware and software. Experience and knowledge in using system administration tools to manage dozens of machines and configurations. Network administrator knowledge of network technologies including: TCP/IP, UDP, Ethernet, 802.11, routing protocols, DNS, VPN. Experience in network architecture and implementation. Storage administration and scripting/coding experience.

Skills/Abilities: Ability to manage heavy workload and effectively manage priorities. Strong problem solving skills. Excellent oral and written communications skills. Ability to work both independently and with teams. Ability to effectively manage multiple projects. Ability to elicit technical requirements from management and staff.

Mobility: Primarily sedentary, long periods of sitting, may have to travel to other campus locations, as well as, travel to customer sites, some bending, stretching and lifting. Moving and setting up computer equipment.

Environmental Conditions: Normal office conditions; however close contact with CRT for prolonged periods of time. Also occasional work in machine room (loud and extreme office temperatures 55F-90F).

Mental: Ability to work under pressure and meet deadlines; ability to prioritize tasks; strong learning capability; ability to assist users of varying competency; ability to interact effectively with vendors, managers, and technical staff. Good technical problem-solving skills; strong information organization skills; good oral and written communication skills. Maintain confidentiality of sensitive information.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Experience: Experience using and managing virtual computing environments such as VEEAM, VMWare, or VirtualBox. Experience with applications such as JIRA, Confluence, Jenkins, and Rhodecode. Experience in the scription such as Bash, Python, Perl, and PowerShell. Experience with storage administration such as NetApp, Lustre Filesystem, Gluster Filesystem, iSCSI, and NFS.

Experience with Hadoop Administration and Database Administration (MySQL, Postgress, MongoDB).

Skills/Abilities: Ability to define and build tools in various scripting and programming languages. Knowledge of and experience with operating systems other than UNIX or Windows.

Accountability: Responsible for managing requests from users, including high priority requests originating from a sponsor.

Direction: The person in this position will work closely with the SEI Infrastructure Team on developing processes for managing hardware and software. The person will also work closely with users in determining needs and planning experiments.

Decisions: Example 1: A user needs to test vulnerability in a specific piece of software. A test environment needs to be developed to allow for testing at the required version/patch level. The equipment needs to be prepared and configured appropriately to provide a suitable test environment.

Example 2: A group of software developer needs an automated build, test, and deployment environment and the environment needs to be integrated with the already existing source code repository. An evaluation of suitable tools is conducted, based on developer requirements. Based on the selection, a server is setup and tested in order to demonstrate the integration and functionality. Then assistance is provided to developers as they begin using the system, including the adoption of changing requirements and configuration needs.

Supervisory Responsibilities: This position mentors and provides technical direction to other CERT Program Managed Enclave employees.

Job Functions or Responsibilities:

15% Collects user requirements for CERT Program Managed Enclave equipment software and services needed for the CERT.

15% Test, evaluate, and select new hardware and software for the CERT Program Managed Enclave in consultation with the SEI IT and users.

15% Work with the CERT and SEI IT staff to develop and/or implement tools and processes for managing and maintaining software and hardware in the CERT Program Managed Enclave, including the set-up for experiments.

40% Infrastructure operations and maintenance including: backups, patching, Failure Recovery, log review, security auditing, and other user support.

10% Develop procedures and practices for the use and maintenance of the CERT Program Managed Enclave.

SECONDARY FUNCTIONS

5% Participate in the broader security community through collaboration, papers, and presentations.

100% TOTAL EFFORT

Organizational Chart: CERT Program, Director < Secure Automation Director < Technical Manager < Systems Engineer

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

#seijob

04 May
2017
Systems Engineer - 2005397
Pittsburgh, PA or Arlington, VA

Position Summary: CERT® is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT engages in cutting-edge research and development, and provides robust programs focused on ensuring that software developers, internet security experts, network and system administrators, and others are able to resist, recognize, and recover from attacks on networked systems.

This position is responsible for supporting users and maintaining software and equipment in the CERT Program Managed Enclaves. This includes understanding the needs of the teams using the enclaves, installing and configuring software and hardware to meet those needs, configuration and maintenance of equipment, and assisting in experiments as needed. You will need to be able to work in a rapidly changing environment, tolerate ambiguity, and demonstrate problem-solving skills.

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science, Information Science, Computer Engineering or equivalent with three (3) years of applicable experience, or MS in Computer Science, Information Science, Computer Engineering or equivalent with one (1) year of applicable experience.

Experience: Three (3) years of experience; Windows/Linux systems administration, as well as experience with the configuration and deployment of associated hardware and software, including storage administration, scripting, and coding.

Skills/Abilities: Ability to effectively manage conflicting priorities, while still delivering concrete, high quality, and timely results to multiple projects. Posses strong planning and organizational skills, including the ability to; work independently and with teams, interact effectively with technical and non-technical audiences both written and verbally. Strong problem solving skills. Possess an applied understanding of core internet protocols (e.g., TCP/IP, IP, UDP, ICMP, DNS, SMTP, HTTP, etc.) and Windows/Linux systems administration practices. An understanding of Software / systems development lifecycle, QA testing, revision control, and change management practices.

Mobility: Primarily sedentary, long periods of sitting, may have to travel to other campus locations, as well as, travel to customer sites, some bending, stretching and lifting up to 50 lbs. above head. Moving and setting up computer equipment.

Environmental Conditions: Normal office conditions; however close contact with CRT for prolonged periods of time. Also occasional work in machine room (loud and extreme office temperatures 55F-90F).

Mental: Ability to work under pressure and meet deadlines; ability to prioritize tasks; strong learning capability; ability to assist users of varying competency; ability to interact effectively with vendors, managers, and technical staff. Good technical problem-solving skills; strong information organization skills; good oral and written communication skills. Maintain confidentiality of sensitive information.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Experience: Experience with applications such as JIRA, Confluence, Jenkins, and Rhodecode. Experience in the scription such as Bash, Python, Perl, and PowerShell. Experience with storage administration such as NetApp, Lustre Filesystem, Gluster Filesystem, iSCSI, and NFS. Experience with Hadoop Administration and Database Administration (MySQL, Postgress, MongoDB).

Skills/Abilities: Ability to define and build tools in various scripting and programming languages. Knowledge of and experience with operating systems other than UNIX or Windows.

Accountability: Develop and implement project technical results. Contribute to technical area goals and objectives. Keep in confidence sensitive information such as security, vulnerability, and site information.

Direction: Expect to act with minimal supervision in accordance with SEI and CERT program procedures and policies, such as those involving project development, team interaction, and confidentiality.

Decisions: Must accurately represent the program in interactions with customers, sponsors, and the public. Participate in conferences and workshops where security-related issues are discussed as required.

Supervisory Responsibilities:

This position does not formally supervise others.

Job Functions or Responsibilities:

10% Perform Tier 1 support for CERT Program Managed Enclave services and systems.

10% Test, and evaluate new hardware and software for the CERT Program Managed Enclaves in consultation with SEI IT and users.

25% Work within CERT and SEI IT to develop and/or implement tools and processes for managing and maintaining software and hardware in the CERT Program Managed Enclaves, including the set-up for experiments.

35% Conduct routine software and hardware maintenance of CERT Program Managed Enclaves equipment. Install and configure new equipment.

10% Develop procedures and practices for the use and maintenance of the CERT Program Managed Enclaves.

10% Participate in the broader security community through collaboration, papers, and presentations.

100% TOTAL EFFORT

Organizational Chart: CERT Program, Director < Secure Automation Director < Technical Manager < Systems Engineer

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

07 Apr
2017
Equipment Technician - Maintenance - 2005214
Pittsburgh, PA

Position Summary: Responsible for troubleshooting various problems that may occur while setting up, maintaining and installing various equipment and furniture items throughout the SEI facilities for all SEI staff members. Responsibilities include the follow through on various projects relating to furniture and equipment as detailed by the Facilities Operations Supervisor and the Facilities Manager such as the assembly and maintenance of equipment and furniture items, repairing general building hardware, assembling furniture and paneling systems, and reporting any problems to  the Facilities Operations Supervisor. Must coordinate work with other facilities team members, and assist or request assistance as needed.  This position is required to assign and complete work orders in the MIS system.

 

Minimum Qualifications and Requirements:

Education/Training: High School Diploma or GED.

Licenses: Valid Pennsylvania Driver’s License.

Experience: Experience performing applicable maintenance and repairs.

Skills/Abilities: Ability to work independently and use initiative to resolve problems, diagnose and make needed repairs, to operate general power tools: knowledge of general computer.

Mobility: Finger agility; ability to push, pull and lift furniture, equipment, etc. as needed; ability to carry necessary tools; ability to stand for long periods of time; ability to climb steps or ladders, stoop, reach, bend at the waist and grasp objects.

Environmental Conditions: May have to endure weather conditions when traveling from each office location, equipment may be housed and repaired in dusty, damp and crowded conditions. Some warehouse work.

Mental: Ability to pay attention to details and meet deadlines; ability to deal with difficult or demanding individuals; the ability to use reasoning to solve maintenance related problems.

Other:  Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training: High School Diploma or GED.

Licenses: Valid Pennsylvania Driver’s License.

Experience: Same as above.

 

Accountability: Responsible for acting independently on the daily work list that is adjusted periodically by the Facilities Operations Supervisor or the Facilities Manager. In addition, responsible for completion of assigned projects, and recommendation of needed repairs in the facility.  Completes work orders in the MIS system.

Direction: Performs under general supervision. Most normal duties and responsibilities are handled independently with the use of established procedures and policies. Difficult or unique situations are referred to the supervisor.

Decisions: Expected to make decisions or recommendations that are in the best interest of the facilities operation, and will provide the highest level of customer services such as the direction that the repair should be taken or whether a full replacement is necessary.

Supervisory Responsibilities: Will be required to act as a team leader on special projects, and will be responsible for the completion of assigned work with in specified time constraints.

 

Job Functions or Responsibilities:

35%     Delivery and retrieval of boxes and office equipment to and from offsite storage; cleaning and maintaining of off-campus storage facilities; stocking of supply cabinets and general maintenance to copier and fax machine equipment.  

25%     Install, assemble, and modify furniture throughout all SEI facilities. Furniture is primary Steelcase and Herman Miller.  Set up of offices for moves and new hires. Move of office content and belongings for SEI staff. Review of office and conference room configurations, maintain office keys and desk keys, office nameplates and supply deliveries according to new hire and moves listings.

15%     Review of office and conference room configurations, and supply deliveries according to new hire and moves listings.  Resolving various problems such as setting up, maintaining and installing various equipment and furniture items throughout the SEI facilities for all SEI staff members.

15%     Maintain and update the facilities records including accurate records of requested and completed work, repairs, and supply needs. This information will be tracked primarily through the online SEI Facilities Request System and Facilities Management System. Assist with other facilities operations as needed.

10%     Miscellaneous duties as assigned.

100% TOTAL EFFORT

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

30 Mar
2017
Senior Software Engineer - DevOps Engineer - Team Lead - 2005144
Operating Location LA - Aurora, CO

Position Summary: This position within the Software Engineering Institute (SEI) will be physically located at our customer facilities in Aurora, CO and will lead DevOps and related activities and teams providing software engineering expertise to an Air Force program. The candidate will support the SEI’s mission by capturing government needs and identifying, shaping, and guiding programs to operationalize the most appropriate software engineering and acquisition techniques and practices. If you are an engineer passionate about improving the ability to deliver high quality, mission critical systems, and you are committed to bringing innovation to government, then this is the position for you.

The Senior Technical Staff Member will be responsible for leading and/or participating on teams that enable the organizations within the Department of Defense to enhance the predictable performance and mission assurance in the acquisition, evolution and operations of software-reliant systems. Key activities include understanding customer requirements and key challenge problems and addressing them with tailored solutions; designing, applying, adapting, integrating, verifying and transitioning the SEI technical body of knowledge and other technical bodies of knowledge to maximize impact; creating, applying and codifying new approaches to support customer needs and advance the software engineering state of the practice; and maintaining situational awareness in technical and DoD domains.

Minimum Qualifications and Requirements:

Education/Training: BS in computer science, software engineering, computer engineering, or a related quantitative field of study with ten (10) years of applicable experience.

Experience: Experience as a software developer working on software applications in a professional environment required:

  • Hands on experience in an Ops/Devops role with emphasis on deploying and managing environments in cloud platforms(AWS, Azure or similar)
  • Experience with CI/CD, log collection and analysis, builds and performance monitoring/tuning
  • At least 3 years
  • Experience with a scripting language like Python, Perl, Bash, Ruby etc.
  • Experience with complete SDLC tools like Maven, Jenkins, Ant, docker, etc.
  • Hands experience with Configuration Management tool Chef/pupet or similar
  • Knowledge of SCM tools (SVN, Git) would be a plus
  • Experience with monitoring and logging tools like Kibana, NewRelic, Nagious, Splunk, Graphite, Graphana etc.
  • Experienced troubleshooting Java applications and reading stack traces
  • Strong teamwork skills, with excellent written and spoken communication excellent troubleshooting capabilities
  • Review and development of performance and capacity plans (operational capacity and load requirements)
  • Experience with application disaster recovery, migration, roll-back plans, expansion, routine deployments, and system upgrades
  • Knowledge of switches, firewalls and routers
  • Experience and proficient with Linux (Preferably with CentOS/RHEL)
  • Knowledge of YUM, system patching and other administration tools
  • Familiarity with system automation
  • Familiarity with security assessments

Skills/Abilities:

  • Deep, detailed knowledge of software engineering including detailed knowledge of at least three of the following core competencies: requirements, architecture and design, program and acquisition management, performance improvement, assurance, and/or security
  • Relevant experience within the last 5 years in working on a large software development program
  • Deep familiarity with general linux operating system concepts, development pipeline tools, etc.
  • Knowledge of how to apply system engineering principles to system software development
  • Ability to execute network assessments and report results, write documentation
  • Understanding of basic computer systems, and network, database and application security issues
  • Excellent written and verbal communication skills
  • Excellent reasoning and problem-solving skills
  • Ability to work effectively without close supervision
  • Ability to attend customer meetings and respond to customer requirements
  • Strong teamwork skills, with excellent written and spoken communication excellent troubleshooting capabilities
  • Highly motivated Self-starter individual with ability to multi-task, prioritize and be detail-oriented
  • Review and development of performance and capacity plans (operational capacity and load requirements)
  • Experience with application disaster recovery, migration, roll-back plans, expansion, routine deployments, and system upgrade

Mobility: Will be required to travel on overnight assignments, occasionally for several days.

Environmental Conditions: Usual office setting, including extended work at a computer screen.

Mental: Ability to work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort; ability to quickly learn new procedures, techniques, approaches, etc.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: Master's degree in Computer Science, Information Systems, systems engineering, software engineering, or acquisition management, or a related quantitative field of study with eight (8) years of applicable experience.

Accountability: The member will be directly accountable for understanding DoD acquisition needs, applying new technologies, and establishing delivery capabilities to meet the needs of the sponsoring organization and the acquisition community.

Direction: As a technical staff member, he/she will be expected to operate with minimum supervision using Carnegie Mellon University and SEI defined practice, policies and procedures, in concert with the SEI mission.

Decisions: Will be required to work with government program offices to identify strengths and weaknesses within the acquisition program and their contractor base and build solutions to address the weaknesses and recognize and encourage the strengths.

Supervisory Responsibilities: Must be able to lead and supervise others.

Job Functions or Responsibilities:

85% Participate as a leader or member of dynamic technical teams in support of government acquisition programs.

10% Identify and support the implementation strategies for the capture and application of learning and knowledge transfer from assignments (e.g. dissemination of research results, case studies, guides, reports, presentations, articles, workshops, courses, and blog entries).

5% Other duties as assigned by the responsible Director, or Deputy Director..

100% TOTAL EFFORT

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

30 Mar
2017
Software Engineer - DevOps Engineer - 2005143
Operating Location LA - Aurora, CO

Position Summary: This position within the Software Engineering Institute (SEI) will be physically located at our customer facilities in Aurora, CO and will lead DevOps and related activities and teams providing software engineering expertise to an Air Force program. The candidate will support the SEI’s mission by capturing government needs and identifying, shaping, and guiding programs to operationalize the most appropriate software engineering and acquisition techniques and practices. If you are an engineer passionate about improving the ability to deliver high quality, mission critical systems, and you are committed to bringing innovation to government, then this is the position for you.

The Senior Technical Staff Member will be responsible for leading and/or participating on teams that enable the organizations within the Department of Defense to enhance the predictable performance and mission assurance in the acquisition, evolution and operations of software-reliant systems. Key activities include understanding customer requirements and key challenge problems and addressing them with tailored solutions; designing, applying, adapting, integrating, verifying and transitioning the SEI technical body of knowledge and other technical bodies of knowledge to maximize impact; creating, applying and codifying new approaches to support customer needs and advance the software engineering state of the practice; and maintaining situational awareness in technical and DoD domains.

Minimum Qualifications and Requirements:

Education/Training: BS in computer science, software engineering, computer engineering, or a related quantitative field of study with eight (8) years of applicable experience.

Experience: Experience as a software developer working on software applications in a professional environment required:

  • Hands on experience in an Ops/DevOps role with emphasis on deploying and managing environments in cloud platforms(AWS, Azure or similar)
  • Experience with CI/CD, log collection and analysis, builds and performance monitoring/tuning
  • Experience with a scripting language like Python, Perl, Bash, Ruby etc.
  • Experience with complete SDLC tools like Maven, Jenkins, Ant, docker, etc.
  • Hands experience with Configuration Management tool Chef/pupet or similar
  • Knowledge of SCM tools (SVN, Git) would be a plus
  • Experience with monitoring and logging tools like Kibana, NewRelic, Nagious, Splunk, Graphite, Graphana etc.
  • Strong teamwork skills, with excellent written and spoken communication excellent troubleshooting capabilities
  • Experience with application disaster recovery, migration, roll-back plans, expansion, routine deployments, and system upgrades
  • Knowledge of switches, firewalls, routers and VLANs
  • Experience and proficient with Linux environment
  • Familiarity with system automation
  • Familiarity with security assessments

Skills/Abilities:

  • Detailed knowledge of software engineering including knowledge of at least three of the following core competencies: requirements, architecture and design, program and acquisition management, performance improvement, assurance, and/or security
  • Relevant experience within the last 2 years in working on a large software development program
  • Ability to execute infrastrcuture assessments and report results, write documentation
  • Understanding of basic computer systems, and network, database and application security issues
  • Excellent written and verbal communication skills
  • Excellent reasoning and problem-solving skills
  • Ability to work effectively without close supervision
  • Ability to attend customer meetings and respond to customer requirements
  • Strong teamwork skills, with excellent written and spoken communication excellent troubleshooting capabilities
  • Highly motivated Self-starter individual with ability to multi-task, prioritize and be detail-oriented
  • Experience with application disaster recovery, migration, roll-back plans, expansion, routine deployments, and system upgrade

Mobility: Will be required to travel on overnight assignments, occasionally for several days.

Environmental Conditions: Usual office setting, including extended work at a computer screen.

Mental: Ability to work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort; ability to quickly learn new procedures, techniques, approaches, etc.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: Master's degree in Computer Science, Information Systems, systems engineering, software engineering, or acquisition management, or a related quantitative field of study with five (5) years of applicable experience.

Accountability: The member will be directly accountable for understanding DoD acquisition needs, applying new technologies, and establishing delivery capabilities to meet the needs of the sponsoring organization and the acquisition community.

Direction: As a technical staff member, he/she will be expected to operate with minimum supervision using Carnegie Mellon University and SEI defined practice, policies and procedures, in concert with the SEI mission.

Decisions: Will be required to work with government program offices to identify strengths and weaknesses within the acquisition program and their contractor base and build solutions to address the weaknesses and recognize and encourage the strengths.

Supervisory Responsibilities: Must be able to lead and supervise others.

Job Functions or Responsibilities:

85% Participate as a leader or member of dynamic technical teams in support of government acquisition programs.

10% Identify and support the implementation strategies for the capture and application of learning and knowledge transfer from assignments (e.g. dissemination of research results, case studies, guides, reports, presentations, articles, workshops, courses, and blog entries).

5% Other duties as assigned by the responsible Director, or Deputy Director.

100% TOTAL EFFORT

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

21 Mar
2017
Security Operations Technical Manager - 2005116
Pittsburgh, PA

Who We Are: You will work within the Monitoring & Response Directorate of the CERT Division of the Software Engineering Institute (SEI). The SEI is a federally funded research and development center on the campus of Carnegie Mellon University in Pittsburgh. CERT engages with the US Government, mainly the defense and intelligence sectors, to research, develop, apply and transition complex cybersecurity solutions. CERT generates some of the highest level of original research and tackles many of the most complex problems facing cybersecurity for the US Government. You will lead a team that is thoughtfully engaged with its clients involved in emerging technology gaps and aggressively solving problems to migrate solutions to our clients.

About You:

  • You want to make an impact beyond your organization in the field of cybersecurity that has national security implications and impact.
  • You want to be involved with a worldwide thought leaders in cybersecurity operations.
  • Your strengths are motivating, inspiring and taking charge of your team while articulating your specific vision and proactive thinking on multiple projects with proven success.

Position Summary: You will assume a leadership position as Technical Manager of the Security Operations Unit (SOU). You’ll be asked to lead, shape and manage the growth of a cutting edge security operations program. As the SOU lead you will develop and execute a technical agenda and strategic roadmap to continually improve the state of the art and practice of Security Operations and Incident Management/Response. The Technical Manager will communicate this technical vision and be capable of building consensus within the team and to maintain a successful culture built on high-quality and impactful customer work. This approximately fifteen-person Security Operations team works from the SEI’s Pittsburgh and Arlington offices, and can have staff embedded in US Government (USG) programs throughout the country. The position of Technical Manager is responsible for all aspects of developing and executing this body of work to include setting the technical direction; managing financials; business development; and personnel issues to include performance reporting and hiring for his/her unit.

We love diverse education, experience and backgrounds, but we feel very strongly about:

Education: At a minimum, you must have a BS in Computer Science/Computer Security or related scientific/technical degree.

Experience: You have at least ten years’ direct experience in cyber security or cyber intelligence operations and management. Increasing responsibility in directly managing a technical and analytical team comprising of at least 10 individuals with commensurate personnel and financial authority. Your major roles should have involved technology development, research, and applications [MOU1] in cyber operations.

Skills/Abilities: Your skill set should include the following

  • You can demonstrate how you have formulated, communicated with, and led a team towards a technical vision, building high-quality cyber solutions that have impacted customer work and operations.
  • You have engaged in developing and executing a technical agenda and strategic roadmap involving security operations and incident management/response inside and outside your organization.
  • You have an understanding of existing standards and models for security operations, incident response, intrusion analysis and cyber threat intelligence.
  • You can articulate community best practices in cyber operations and associated tools/techniques You have experience with Internet protocols, operations, and governance.
  • You have briefed strategic and technical topics to senior management and non-technical audiences.
  • Experience with fostering professional growth and develop technical/professional leadership capabilities in technical staff.

What makes your stand out as a candidate?

Education: You have at least a MS in Computer Science/Computer Security or related scientific/technical.

Experience: In addition to the minimum experience required, you have had deep exposure to the US Government in understanding their unique cybersecurity challenges and existing standards and models for security operations, incident response, intrusion analysis and cyber threat intelligence. You have supported multiple clients in an operational security environment such as incident response, intelligence, or a security operations center. You have conducted technical project management. You have sustained your team with business development activity.

Skills/Abilities:

  • You have established and defined processes for operational security organizations, and defined best practices from community and operational experience.
  • Participation in public and closed community security forums through activities such as publication, presentation, collaborative security operations, and collaborative research.
  • You have practical experience leading, defining, or applying TTPs for cyber operations.
  • Working knowledge of secure systems and network architecture practices.

Travel Requirement: You will most certainly travel monthly between Pittsburgh and our Arlington, VA offices as well as occasional travel to client sites, conferences and offsite meetings.

Other: You will be subject to a background check and must successfully obtain and maintain a Department of Defense Top Secret security clearance.

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

#seijob

16 Mar
2017
Network Defense Analyst - 2005075
Pittsburgh, PA

Who We Are: You will work within the Monitoring & Response Directorate of the CERT Division of the Software Engineering Institute (SEI). The SEI is a federally funded research and development center on the campus of Carnegie Mellon University in Pittsburgh. CERT engages with the US Government, mainly the defense and intelligence sectors, to research, develop, apply and transition complex cybersecurity solutions. CERT generates some of the highest level of original research and tackles many of the most complex problems facing cybersecurity for the US Government. You will be part of a team that is thoughtfully engaged with its clients involved in emerging technology gaps and aggressively solving problems to migrate solutions to our clients.

What We Do:The CERT Situational Awareness group works with government customers to help them protect and defend their networks. We pioneer innovative ways to monitor and safeguard networked systems. We develop new approaches for identifying and investigating network anomalies. We observe real-world security operations teams and help them improve how they do their jobs. Our work ranges in scope from the close-up investigation and examination of security data to the assessment of large, enterprise-wide networks.

About You:

  • You want to make an impact beyond your organization.
  • You want to be involved with worldwide thought leaders.
  • Your strengths are curiosity, love of learning, deep interest in cybersecurity, and a desire to innovate.

Position Summary: As a Network Defense Analyst, you will participate in and lead technical efforts which include developing and prototyping new security analysis techniques, tools, and platforms. You will prepare analytic reports and contribute to research publications. You will serve as a domain expert for customers, commercial vendors, and the Internet community as a whole. We expect you to contribute to and advance the state of art of cybersecurity analytics. Are you interested in helping us to achieve this mission?

Requirements:

  • BS in Computer Science or a related discipline with eight (8) years experience in security operations, network operations, or security research; MS in Computer Science or a related discipline with five (5) years experience in security operations, network operations, or security research; PhD in Computer Science or related discipline with two (2) years experience in security operations, network operations, or security research; or equivalent combination of education and experience.
  • Travel to various locations within the SEI and CMU community, including sponsor sites, conferences, and meetings. (expected 10-25%)
  • You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance.

Knowledge, Skills and Abilities:

  • Capable of conducting and supporting analytical studies and investigations of network security data.
  • Significant understanding of and practical experience with various Internet protocols and applications (e.g., TCP/IP, HTTP/HTTPS, DNS, SMTP, FTP, routing protocols).
  • Understanding of network, host, and operating system security issues.
  • Operational knowledge and significant understanding of network security devices such as Intrusion Detection Systems, Firewalls, Security Information Managers, Network Vulnerability Scanners.
  • Operational knowledge and understanding of routing and switching protocols, including Internet routing.
  • Ability to function in the role of a consultant with some mentorship from senior staff members.
  • Excellent planning and organizational skills.
  • Strong analytical skills.
  • Excellent oral and written communication skills.
  • Ability to work well with minimal direction and with teams.
  • Ability to discuss security topics with both technical and nontechnical audiences, and to communicate with customers at various levels of leadership.
  • Ability to work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities.
  • Ability to participate in conversations collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff.
  • Ability to develop and communicate new ideas; ability to quickly learn new procedures, techniques, and approaches.

Desired Experience:

  • Experience working in a collaborative environment with team members who have diverse skills.
  • Participation in the public forum of the broader information security community.
  • Prior experience working directly with customers from government and/or industry.
  • Experience with data visualization.
  • Skilled at working with specialized technologies such as data mining, clustering, machine learning, neural networks, distributed computing and/or big data platforms.
  • Strong statistics background.
  • Scripting and/or programming in a high level language, including participation in sound software engineering (e.g. version control, documentation).

Job Functions Breakdown:

60% Participate in studies of data from operational networks, and advise network operators in written reports and presentations on security improvements based on those studies.

35% Participate in the development of novel approaches to network security analysis, and build prototype tool implementations.

5% Speak publicly and to customers on work performed.

100% total effort

Benefits: Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/. You can join an institution that inspires innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

#seijob

03 Mar
2017
Cyber Incident Analyst - 2005032
Pittsburgh, PA or Arlington, VA

Position Summary: The cyber incident analyst will extract cyber security incident data from large institutions to support cyber security research programs. The analyst will independently and proactively review and interpret incident data, identify additional data sources, and liaise with partner organizations' incident response personnel to support research requirements. A successful candidate will be able to interact with both technical and nontechnical staff and customers. The position may require traveling 20-60% of the time.

Minimum Qualifications and Requirements:

Education/Training: Bachelor’s Degree in a relevant discipline with eight (8) years of experience, or a MS degree in a relevant discipline with five (5) years of experience.

Experience/Skills/Abilities: The successful candidate will possess:

  • Previous experience analyzing network traffic and IDS events for malicious intent.
  • Strong knowledge of Cyber Threat Intelligence principles, including the ability to analyze threat campaign(s) techniques, lateral movements and indicators of compromise
  • Understanding of networking essentials including data flows, architecture, protocols, and traffic analysis
  • Working proficiency with IDS, IPS, firewall, DDoS mitigation, UTM, log management, and other devices
  • Previous experience in research and analysis of a wide variety of host based malware and Anti-Virus tools
  • Understanding of exploits, vulnerabilities, network attacks and malware
  • Specific experience with SIEM-Based log monitoring technologies and tools (e.g., SPLUNK ES, McAfee ESM and the ability to develop content, such as scripts, use cases for SIEM queries
  • Ability to develop technical solutions to complex problems independently and creatively
  • Previous experience providing detection and response to security events and incidents
  • Exemplary written communication

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Experience/Skills/Abilities: The successful candidate will possess:

  • Intermediate programming ability for data analysis including Python or R
  • Ability to quickly learn new technology and concepts
  • Prior operational experience in a Security Operations Center and/or Computer Emergency Response Team (CERT/CIRT)
  • Knowledge of adversarial activities such as intrusion set tactics, techniques, and procedures (TTP)
  • Experience with ticketing systems for incident response (e.g., BMC Remedy, Service Now, RSA Archer )
  • Ability to identify cyber threats, threat vectors, threat actors, and threat trends

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

#seijob

09 Feb
2017
Cyber Security Engineer - 2004923
Pittsburgh, PA or Arlington, VA

Position Summary:  The CERT Division is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Division engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.

The individual in this position will work as a member of the Cybersecurity Assurance (CA) Team within the CERT Division. The CA team develops solutions (in the form of frameworks, models, tools, policies, practices, technical guidance, and training) that allow organizations to assess, analyze, and manage organizational, operational, and technical risks to mission-critical assets, processes, systems, and infrastructures.

 

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science (or other technical field) with eight (8) years’ experience, or equivalent combination of training and experience.

Certifications:  Certified Information Systems Security Professional (CISSP), and/or Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA) and/or Certified Ethical Hacker (CEH)

Experience: Professional experience as an information security engineer, network security architect, information systems auditor, information systems analyst, or similarly technical occupation.

Experience with and applied knowledge in:

  • Common risk and cybersecurity assessment methods
  • Data analytics and cybersecurity metrics 
  • Cybersecurity laws, regulations, and standards
  • Common network security architectures
  • Common networking protocols and services
  • Cyber security, survivability, and resilience concepts and issues
  • Software and systems engineering
  • Building and maintaining customer relationships
  • Strategic Planning and requirements definition
  • Process improvement
  • Program planning, budgeting, and management

Skills/Abilities: Must exhibit the following skills and abilities:

  • Understanding of information technology, security assessment methods, and telecommunications systems
  • Working knowledge of network interoperability, cyber security, and survivability issues, including cyber security best practices and standards
  • Working knowledge of DHS critical infrastructure sectors and related security and resilience issues
  • Working knowledge of the DoD and federal agency resilience needs and cyber security roadmaps
  • Development and delivery of information and infrastructure security risk and vulnerability evaluations
  • Ability to conduct analytical studies and investigations
  • Reasoning and problem-solving skills
  • Ability to work independently with limited supervision
  • Ability to interact effectively with diverse constituencies internally and externally
  • Ability to work well as a member of a cooperative team; ability to work in a matrix organizational structure
  • Ability to recognize and deal appropriately with confidential and sensitive information
  • Ability to implement project plans, monitor project budgets, and identify and mitigate project risks
  • Leadership and mentoring skills
  • Excellent written and oral communication skills; ability to contribute to technical research white papers and reports; ability to prepare papers and deliver presentations to technical and non-technical audiences; ability to contribute to customer technical exchanges and marketing presentations
  • Ability to work on customer sites with high-ranking members of federal agencies and DoD
  • Participation in professional society activities, particularly IEEE and ACM 

Physical/Mobility: Primarily sedentary in an office setting with some mobility. Ability to travel frequently to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings.

Environmental Conditions: Close contact with computer for extended periods of time.

Mental: Strong interest in the human, managerial, and technical aspects of cyber security is critical for this position as are these abilities:

  • Take or share leadership role in technical projects
  • Work meticulously with careful attention to detail
  • Meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities
  • Deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff
  • Ability to understand the direction, and goals of an effort; ability to develop and communicate innovative ideas; ability to demonstrate initiative and to quickly learn new procedures, techniques, approaches, etc.

Other: Strong interest in cyber security and critical infrastructure protection analysis basis research, applied research, and development. Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science (or related technical field) with five (5) years’ experience or equivalent experience.

Certifications:  Offensive Security Certified Professional (OSCP), and/or GIAC Penetration Tester (GPEN), and/or Certified Ethical Hacker (CEH), and/or Certified Information Systems Security Professional (CISSP), and/or Certified Information Systems Auditor (CISA)

Experience: 

  • Expert experience in risk and cybersecurity assessment methods
  • Advanced knowledge of network security architectures
  • Expert knowledge in cybersecurity laws, regulations, and standards
  • Expert experience in data analytics and cybersecurity metrics
  • Experience with common penetration testing toolsets (Metasploit framework, vulnerability scanners, web application scanners, Nmap
  • Experience with common penetration testing methodologies and tactics (PTES, OWASP testing guide, etc.)

Skills/Abilities: Strong presentation/platform skills and excellent writing skills.

 

Accountability: The individual will implement and participate in the planning and execution of projects leading to technical results. The individual will also contribute to project, department, or program objectives and planning document development. The individual will keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution.

Direction: The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual must make sound technical decisions with little supervision. The individual must accurately represent the program in interactions with customers, sponsors, and the public. The individual is expected to perform analysis on-site at customer locations and immediately assess potential vulnerabilities requiring further investigation.

Supervisory Responsibilities: This position could involve the training and oversight of the work of other staff members, graduate students, resident affiliates, visiting scientists, and independent contractors. Depending on research project or customer work plan, position may involve task leadership.

 

Job Functions or Responsibilities:

60% Participate in cybersecurity assessments operating in a technical leadership role; analyze assessment data to identify risk areas and propose mitigation alternatives.

15% Participate in research into innovative and cutting-edge tools, techniques, and methods to improve cybersecurity and operational resilience; transition research into applied knowledge for customers.

10% Deliver courses in operational resilience management, cybersecurity management, and information security risk management

5% Contribute to conferences and meetings; participate in marketing calls and technical exchanges with clients; give talks and lectures as appropriate; participate on working groups for subjects of interest.

5% Contribute to and review the literature in cyber security, resilience, and software engineering.

5% Provide assistance and input to other teams and projects within the SEI.                    

100% Total Effort

 

Organizational Chart:  Director, CERT Division < Technical Director, Cyber Risk and Resilience< Technical Manager, Cybersecurity Assurance Team < Cyber Security Engineer

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

31 Jan
2017
Cyber Security Engineer - Risk and Resilience - 2004871
Pittsburgh, PA or Arlington, VA

Position Summary: The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania and Arlington, Virginia. The CERT Program engages in cutting-edge research and development to improve the state of cybersecurity. As an Cyber Security Engineer, you have a strong desire and drive to contribute to team and customer objectives.

You are a team player with problem-solving skills and demonstrate solid presentation and writing skills. You are able to interact with clients and staff in a highly professional and competent manner. You enjoy the flexibility of an organization that values hard work but appreciates work-life balance and professional development. In your role, you will

  • Research and contribute to improvements in National and organizational policy
  • analyze and measure effectiveness of policy and governance
  • contribute to roadmaps for improvement of cybersecurity capabilities
  • assist in implementation of policy and governance
  • participate in applied research

 

Minimum Qualifications and Requirements:

Education/Training:  BS in relevant field or equivalent experience in professional position; MS degree preferred.

Experience: Experience in information security policy, governance, or leadership. Other potential career backgrounds include: audit, IT security, compliance, project management or similar technical occupation.

Experience and familiarity with;

  • cybersecurity concepts and technical implementations
  • cybersecurity standards, policies, and frameworks
  • strategic planning
  • metrics and measurements methodologies

Travel: Up to 25% travel to various customer locations

Physical Mobility:  Primarily sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites.

Environmental Conditions:  normal office conditions; however close contact with CRT for prolonged periods.

Mental:

  • ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities
  • ability to collaborate diplomatically and successfully with customers, co-workers and other professional colleagues, managers, and staff.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.
 

Job Functions or Responsibilities:

70%   Participate as a team member in customer engagement to develop, analyze, and implement cybersecurity policy.

15%   Participate in research into innovative and cutting-edge tools, techniques, and methods to improve cyber security, policy/governance, and resilience; transition research into applied knowledge for customers.

5%   Support conferences, workshops, and meetings as a team contributor.

10%   Engage in professional development activities.

100% TOTAL EFFORT
 

Organizational Chart: Director CERT Program < Technical Director, Cybersecurity Risk and Resilience Directorate < Technical Manager, Cybersecurity Risk Management Team< Cyber Security Engineer – Risk and Resilience

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

 

 

31 Jan
2017
Senior Network Operations Design Engineer - 2004873
Pittsburgh, PA

Position Summary: The individual in this position will work as a member of the IT staff on the Network Engineering Team and will have the opportunity to work with experts in software engineering, Internet security, and network survivability. The primary responsibility of this position is LAN and WAN network design, engineering and administration. Desirable candidates will have:

  • Experience solving challenging technical problems in a production setting
  • History participating in the entire lifecycle (planning, deployment, maintenance) of network management and administration
  • Experience administering networks in multiple geographic locations, including ‘lights out’ operations

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science, Information Science, Information Technology with (3) three to (5) five years of experience; Candidates with a degree in other technical fields (e.g., engineering) and years of relevant experience as described above will be considered as well.

Experience: Experience as a network engineer for a heterogeneous infrastructure in a professional environment required. At least three of the five years relevant experience maintaining and evolving a network for the same organization is required.

Licenses: None

Skills/Abilities: Ability to deal with software and network systems integration at various levels (service design, deployment, maintenance). Strong hands-on knowledge in the configuration, securing, and troubleshooting of Juniper and Cisco network devices, LAN and WAN technologies, firewalls, VPNs, routing protocols (OSPF,BGP), Linux-based network services, and monitoring/maintaining all of these to ensure their continued secure operation is required.

Mobility: Moderate business travel required. Computer hardware installation and configuration required on a regular basis, sometimes involving transport of heavy objects (typically under 50 lbs.) short distances, use of hand tools, et cetera. Carrying of light objects (< 20 lbs.) for longer distances (intra-campus; 2-3 city blocks) may also be required.

Environmental Conditions: Ability to use a computer keyboard and display for extended periods of time; periodic work in a computer machine room or wiring closet environment.

Mental: Ability to work under pressure and meet deadlines; ability to prioritize tasks; strong learning capability; ability to interact effectively with others of varying technical competency, vendors, managers, and other technical research staff; ability to work effectively with other groups within the SEI and Carnegie Mellon. Good technical problem-solving skills. Strong information organization skills as well as good oral and written communication skills are required.

Other: Ability to provide technical support on a 24x7 basis is required, including weekends. There is a rotating on-call component to this position. Candidate must respond to outage events via remote access (in appropriate circumstances) within 30 minutes. Some situations in this role will demand an on-site response; on-site response to the local SEI facility must be achieved within 60 minutes barring extreme adverse weather conditions. Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Experience: Experience as a network/system administrator with some team leadership experience. Experience with technologies such as Blue Coat proxy, F5 LTM/APM/ASM, and Pulse NAC/VPN. Working with governmental accreditation requirements for operating IT environments and networks, such as NISPOM, DCID and STIG.

Licenses: Juniper Networks Certified Professional Enterprise Routing and Switching (JNCIP-ENT), Cisco Certified Network Professional (CCNP) or better.

Skills/Abilities: Highly desirable candidates will also have working experience with intrusion/anomaly detection, network forensics, and vulnerability assessment tools/techniques and load balancing technologies.

Accountability: Employee is accountable for describing, implementing and/or maintaining an efficient, reliable and secure configuration of computing services in support of the SEI initiatives and/or a sponsor/client. Employee may be responsible for the proper handling/destruction of confidential and sensitive information.

Direction: Employee will be expected to work under minimum supervision within the defined scope of authority and in accordance with SEI IT operating guidelines.

Decisions: Under management direction, the employee will decide the appropriate configuration for production computing services. Employee will determine how best to allocate and/or acquire resources necessary to implement and evolve information services. Employee will determine the cause of computing problems and take corrective action in a timely fashion when a system/service fails or becomes unavailable. Employee will describe the appropriate procedures to configure and maintain a particular computing system to support one or more critical business functions in a secure manner.

Supervisory Responsibilities: Employee may, at the manager or team leader’s discretion, task/supervise other employees in completion of specific tasks. Employee will provide assistance to staff members / clients in the proper configuration/use of computer hardware and software services and tools.

Job Functions or Responsibilities:

40% Maintenance and evolution of data network(s).

25% Mentoring, guidance, and interaction with other staff.

15% User infrastructure problem identification / resolution.

5% Develop draft documents on the proper configuration/use of network facilities.

10% Support other SEI Infrastructure production services.

5% Maintaining awareness of evolving trends.

100% TOTAL EFFORT

Organizational Chart: IT Director < Network and Infrastructure Engineering Manager < Network Engineering Team Lead < Senior Network Engineering Team Member

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

#seijob

11 Jan
2017
SFS - Internship
Pittsburgh, PA or Arlington, VA

We are seeking interns to help support our mission: to lead and advance software and cybersecurity to solve the nation’s toughest problems.

We have internships across a wide range of technical areas, including:

-vulnerability assessment
-malware analysis

-penetration testing
-machine learning
-DevOps
-software research / software prototyping
-secure coding

Requirements:

Candidates must be a current SFS student enrolled in Computer Science, Computer Engineering, or related discipline. BS, MS and PhD level students are encouraged to apply.

11 Jan
2017
Senior Software Assurance Engineer - 2002744
Operating Location Boston - Bedford, MA

Position Summary: The CERT program of the Software Engineering Institute is looking to fill a leadership position improving the cyber security of acquisitions in the Air Force. This high visibility, high impact position will be responsible for helping senior leaders of Air Force programs improve the cyber resiliency of software intensive systems throughout the acquisition lifecycle, from requirements to development to deployment and sustainment.

This Senior Member of the Cyber Security Foundations directorate will be responsible for leading cross functional teams that enable the organizations within the Air Force to enhance the predictable performance and mission assurance in the acquisition, evolution and operations of software-reliant systems. Key activities include understanding customer requirements and key challenge problems and addressing them with tailored solutions; applying, adapting, integrating, verifying and transitioning applicable research and practices to maximize impact; creating, applying and codifying new approaches to support customer needs and advance the software security state of the practice; and maintaining situational awareness in technical and DoD domains. The candidate will coordinate closely with technical staff in CERT and other SEI programs to deliver cyber security technical expertise to customers throughout the life-cycle.

 

Minimum Qualifications and Requirements:

Education/Training: BS or equivalent degree in relevant discipline with ten (10) years applicable experience; MS or equivalent degree in relevant discipline with eight (8) years applicable experience; PhD or equivalent degree in relevant discipline with five (5) years applicable experience, or equivalent combination of training and experience.

Experience: The candidate must have experience in software engineering, development or management, and/or systems engineering. Must be knowledgeable of the software engineering and system engineering disciplines as well as understanding the DoD acquisition processes and relevant cyber security processes, such as the Risk Management Framework (RMF). The candidate should have experience building, leading, managing and participating on cross-functional, high technology teams, should be able to operate effectively with all organizations within the software and acquisition communities and be able to interact diplomatically with partners, customers and sponsors.

Skills/Abilities: Detailed knowledge of cyber security and mission assurance in the acquisition process; detailed knowledge of at least one core competency: requirements, architecture and design, program and acquisition management, performance improvement, or assurance.  Experience in five or more of the following: DoD software systems acquisition on major programs (For the purposes of this announcement, our definition of major is at least 100K SLOC of custom developed code, and/or significant integration of COTS/GOTS products); solid technical breadth and understanding of all aspects of the end-to-end software lifecycle (e.g., requirements, design, implementation, testing, etc.); alternative life cycles (e.g. waterfall, agile); major DoD software acquisition policies and directives; enterprise architecture ; software architecture development and evaluation, software architecture patterns (e.g. SOA) and concepts (e.g. Cloud computing); information Assurance/survivability; systems engineering on software intensive systems; COTS product integration; performance measurement including definition and application of goals, measurements and metric; system of systems engineering; requirements development and management; software integration and test and software/hardware integration; deployment of software intensive systems, especially including transition from legacy systems; cost estimation.

Strong written and verbal communications skills and the ability to present to high visibility stakeholders internal and external to the organization.  Proven program and project management skills including: interfacing with clients, developing proposals, and establishing relationships with new DoD and/or government clients and programmatic and project management skills (e.g., ability to develop project plans, track deliverables, manage risks, perform staff planning, provide budget oversight).  Ability to lead and participate in multidisciplinary teams.

Mobility: Will be required to travel on overnight assignments.

Environmental Conditions: Usual office setting, close contact with computer for prolonged periods of time.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training: Master's degree in Computer Science, Information Systems, Systems Engineering, Software Engineering, or Acquisition Management.

Licenses: Certified DoD Acquisition Professional. Certified PMP.

 

Accountability:  The member will be directly accountable for understanding DoD acquisition and cyber security needs, applying new technologies, and establishing delivery capabilities to meet the needs of the sponsoring organization and the acquisition community.

Direction:  As a technical staff member, he/she will be expected to operate with minimum supervision using CMU and SEI defined practice, policies and procedures, in concert with the SEI mission.

Decisions:  Will be required to work with government program offices to identify strengths and weaknesses within the acquisition program and their contractor base and build solutions to address the weaknesses and recognize and encourage the strengths.

Supervisory Responsibilities:  Must be able to lead and supervise others.

 

Job Functions or Responsibility:

65%  Participate as a leader or member of technical teams in support of government acquisition program offices or participate as a member of a technical team performing research. Identify and support the implementation strategies for the capture and application of learning and knowledge transfer from assignments (e.g. dissemination of research results, case studies, guides, reports, presentations, articles, workshops, courses, and blog entries).

20%  Work with managers, business developers, current customers, and prospective customers to identify and define value-delivering opportunities and capture work.

10%  Other duties as assigned by management.

5%  Serve in an advisory capacity to other SEI technical programs on acquisition or technical issues.

100% TOTAL EFFORT

 

Organizational Chart:  SEI Director’s Office < Director, CERT < Technical Director, Cyber Security Foundations < Technical Manager

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

11 Jan
2017
Senior Software Security Engineer - 2004716
Pittsburgh, PA

Position Summary: The Secure Coding Team, of the world renowned CERT division of the Software Engineering Institute, is a pioneer of the identification and development of secure coding and secure software development practices. We are looking for exceptional candidates to help us continue our legacy of ground-breaking improvements for securing software during development. Software has never been more important to our lives and our national security, nor has software insecurity ever been a greater risk.

Joining the Secure Coding team, you will work with world-class cyber security experts to help software developers and software development organizations reduce vulnerabilities resulting from coding errors before they are deployed. We identify common programming errors that lead to software vulnerabilities, establish standard secure coding standards, develop tools to evaluate and improve software, educate software developers, and advance the state of the practice in secure coding that leads to secure software systems.

The successful candidate will lead and participate in research and engineering projects that identify and implement best practices for organizations to develop secure software systems. This will include developing and applying guidelines for writing secure code in C, C++, Java, and other popular languages. It also includes developing and using tools to verify that software is developed securely. The candidate will work directly with customers to: develop and provide training in secure coding practices; evaluate, extend, and use tools to improve and automate source code analysis; review and improve code bases to ensure that best practices are being followed; and enhance the customers’ organizational capabilities to produce secure software systems. The candidate will be expected to write reports and deliver presentations that explain the findings of research and software evaluations, helping customers improve their software to meet the security and privacy needs of their users.

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science, Software Engineering, Information Science, or Information Systems Management with ten (10) years applicable experience.

Skills/Abilities: Successful candidates will have the ability to:

  • Develop and analyze source code in common programming languages such as C, C#, C++, Java, and Python, with a focus on secure coding principles and practices
  • Use static and dynamic analysis tools to evaluate software to find and remove vulnerabilities
  • Build and configure various software build enviornments, and build custom tools to integrate and automate the use of software building and analysis tools
  • Develop and implement novel and advanced software analysis techniques
  • Develop and modify compilers and interpreters, understanding the underlying computer and compiler architectures, algorithms, performance trade-offs, and impact of optimization techniques on security issues
  • Lead projects in a team environment with other team members with varying skills, experience and locations
  • Plan and organize the evaluation approach for projects, including the collection and analysis of data from multiple sources, generate defensible results, and represent them in reporting products and interactions with customers, sponsors, and the public
  • Recognize and deal appropriately with confidential and sensitive information such as source code and software weaknesses and vulnerabilities
  • Develop and explain technical decisions and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements
  • Work meticulously with careful attention to detail required to identify defects and weaknesses in large software systems, and to identify development process improvement opportunities.
  • Be self-motivated and capable of self-learning to maintain a working knowledge of the ever-changing software development landscape.

Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI and Carnegie Mellon community, customer sites, conferences, and offsite meetings with some frequency.

Environmental Conditions: Normal office conditions, close contact with computer for prolonged periods of time.

Mental: Ability to work under pressure and changing priorities; pay attention to detail; meet inflexible deadlines; deal with challenges while maintaining composure; work with sensitive information.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science, Software Engineering, Information Science, or Information Systems Management with eight (8) years applicable experience; or PhD in those disciplines with five (5) years applicable experience.

Skills/Abilities:

  • Work with DoD and other US Government software-intensive systems programs and software maintenance groups, understanding their unique needs, proposing and closing work to meet their needs, and lead projects to develop solutions that address their secure software development and acquisition needs.
  • Representing DoD and US Government program constituency and perspective based on experience to other team members to aid in developing relevant research and development proposals and solutions.
  • Transitioning knowledge, tools, and other work products from research projects to DoD and other US Government partners.
  • Develop approaches to address software assurance in the risk management framework context.
  • Develop and analyze software for specific platforms, such as mobile platforms and embedded systems.
  • Evaluate software assurance using a range of methods, such as dynamic and binary analysis, model checking, assertions, and semantic formalizations.

Accountability: Contributes to program objectives and plans development.

Direction: Performs under minimal supervision, independent judgment is encouraged. Most normal duties and responsibilities are handled independently with the use of established procedures and policies. Difficult or unique situations are referred to the supervisor. Ability to work directly on-site at a customer location with minimal direct supervision from direct supervisor.

Decisions: Participate in conferences and workshops where security-related issues are discussed as required.

Job Functions or Responsibilities:

40% Lead and directly support customer work in secure coding, verification and validation techniques, and technical training. Tailor our current offerings to provide value to customers by evaluating their software, software development, and software acquisition/procurement practices, and providing improvement recommendations. Communicate the findings of such evaluations through reports and presentations. Build new tools and capabilities that improve our ability to meet customer needs.

30% Contribute to internally funded research projects, developing experimentation environments, evaluating secure software development practices, and communicating results internally and externally in reports and presentations.

15% Codify knowledge that has been gained through customer and research projects to expand and update knowledge transfer materials, such as Secure Coding guidelines, training materials, and tools.

15% Develop knowledge and understanding of SEI capabilities; influence new SEI capabilities to be more applicable to customer problems; work directly with other SEI staff supporting the community with disciplines related to secure coding and secure development, sometimes in leadership role.

100% TOTAL EFFORT

Organizational Chart: CERT Director < CERT/CSF Technical Director < CERT/Secure Coding Technical Manager < Senior Software Security Engineer

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

#seijob

11 Jan
2017
Software Security Analyst - 2004717
Pittsburgh, PA

Position Summary: The Secure Coding Team, of the world renowned CERT division of the Software Engineering Institute, is a pioneer of the identification and development of secure coding and secure software development practices. We are looking for exceptional candidates to help us continue our leadership of ground-breaking improvements for securing software during development. Software has never been more important to our lives and our national security, nor has software insecurity ever been a greater risk.

Joining the Secure Coding team, you will work with world-class cyber security experts to help software developers and software development organizations reduce vulnerabilities resulting from coding errors before they are deployed. We identify common programming errors that lead to software vulnerabilities, establish standard secure coding standards, develop tools to evaluate and improve software, educate software developers, and advance the state of the practice in secure coding that leads to secure software systems.

The successful candidate will participate in research and engineering projects that identify and implement best practices for organizations to develop secure software systems. This will include developing and applying guidelines for writing secure code in C, C++, Java, and other popular languages. It also includes developing and using tools to verify that software is developed securely. The candidate will work directly with customers to: develop and provide training in secure coding practices; evaluate, extend, and use tools to improve and automate source code analysis; review and improve code bases to ensure that best practices are being followed; and enhance the customers’ organizational capabilities to produce secure software systems. The candidate will be expected to write reports and deliver presentations that explain the findings of research and software evaluations, helping customers improve their software to meet the security and privacy needs of their users.

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science, Software Engineering, Information Science, or Information Systems Management with three (3) years applicable experience.

Skills/Abilities: Successful candidates will have the ability to:

  • Develop and analyze source code in common programming languages such as C, C#, C++, Java, and Python, with a focus on secure coding principles and practices
  • Use static and dynamic analysis tools to evaluate software to find and remove vulnerabilities
  • Build and configure various software build environments, and build custom tools to integrate and automate the use of software building and analysis tools
  • Analyze data from multiple sources, generate defensible results, and represent them in reporting products and interactions with customers, sponsors, and the public
  • Contribute in a team environment with other team members with varying skills, experience and locations
  • Recognize and deal appropriately with confidential and sensitive information such as source code and software weaknesses and vulnerabilities
  • Develop and explain technical decisions and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements
  • Work meticulously with careful attention to detail required to identify defects and weaknesses in large software systems, and to identify development process improvement opportunities.
  • Be self-motivated and capable of self-learning to maintain a working knowledge of the ever-changing software development landscape.

Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI and Carnegie Mellon community, customer sites, conferences, and offsite meetings with some frequency.

Environmental Conditions: Normal office conditions, close contact with computer for prolonged periods of time.

Mental: Ability to work under pressure and changing priorities; pay attention to detail; meet inflexible deadlines; deal with challenges while maintaining composure; work with sensitive information.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science, Software Engineering, Information Science, Information Systems Management with one (1) year applicable experience.

Skills/Abilities: Develop and analyze software for specific platforms, such as mobile platforms and embedded systems.

Accountability: Contributes to program objectives and plans development.

Direction: Performs under minimal supervision, independent judgment is encouraged. Most normal duties and responsibilities are handled independently with the use of established procedures and policies. Difficult or unique situations are referred to the supervisor. Ability to work directly on-site at a customer location with minimal direct supervision from direct supervisor.

Decisions: Participate in conferences and workshops where security-related issues are discussed as required.

Job Functions or Responsibilities:

40% Directly support customer work in secure coding, verification and validation techniques, and technical training. Tailor our current offerings to provide value to customers by evaluating their software, software development, and software acquisition/procurement practices, and providing improvement recommendations. Communicate the findings of such evaluations through reports and presentations. Build new tools and capabilities that improve our ability to meet customer needs.

30% Contribute to internally funded research projects, developing experimentation environments, evaluating secure software development practices, and communicating results internally and externally in reports and presentations.

15% Codify knowledge that has been gained through customer and research projects to expand and update knowledge transfer materials, such as Secure Coding guidelines, training materials, and tools.

15% Develop knowledge and understanding of SEI capabilities; learn how SEI capabilities can be applied to customer problems; work directly with SEI staff supporting the community with disciplines related to secure coding and secure development.

100% TOTAL EFFORT

Organizational Chart: CERT Director < CERT/CSF Technical Director < CERT/Secure Coding Technical Manager < Software Security Analyst.

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

#seijob

09 Jan
2017
Architecture Researcher - 2004691
Pittsburgh, PA or Arlington, VA

Position Summary: The Software Engineering Institute’s Architecture Practices initiative at Carnegie Mellon University seeks to create architecture-centric theories and practices to increase development efficiency and effectiveness on large-scale software and systems engineering projects.  The Architecture Researcher will join the Architecture Practices team to assist in expanding the established research program in order to create and extend architecture-centric theories and practices for the organization in order to produce systems to meet their business and mission goals. The Architecture Researcher will be responsible for:

  • Contributing to ongoing architecture research efforts, building on new research directions, and validating ideas in customer settings;
  • Defining and developing research strategies and projects, leading research teams, such as the customer efforts or transition project teams, and/or conducting planned research projects as necessary;
  • Directing support activities to enable technical work and the activities of work study or graduate students as appropriate;
  • Communicating the results of his/her research, through publication presentations in peer-reviewed venues;
  • Working with collaborators and customers to apply research outcomes to real world systems;
  • Determining and recommending architecture-centric technical solutions for practical system development programs; and
  • Participating in and leading technical activities in community settings (conferences, workshops, and working groups).

 

Minimum Qualifications and Requirements:

Education/Training: BS degree in Software Engineering, Computer Science, Information Systems, or a related field, or equivalent combination of training and experience.

Experience: Must have eight (8) years of experience in architecture research and/or practice architecting systems, which shall include specific experience in:

  • Performing research in architectural modeling, analysis, and generation of safety critical embedded software systems;
  • Performing research in timing analysis and behavioral verification of safety critical systems;
  • Applying architecture-centric research technologies on customer systems in the aerospace domain
  • Publishing at least ten (10) papers in peer-reviewed computer-science venues.
  • Familiarity with avionics standards such as ARINC653, ARINC664, or SAE AS5506 AADL is a plus.

Skills/Abilities: Software development, including Java programming, extending the Eclipse platform (plug-in development). Strong written and verbal communication skills and the ability to present to small and large audiences.

Mobility: Normally sedentary position with some mobility; i.e., able to travel to other campus locations.

Environmental Conditions: Usual office setting, close contact with computer displays for long periods of time.

Mental: Ability to explore and solve complex, ill-defined problems; work meticulously with attention to detail; self-starter willing to take on tasks and develop new research ideas; deal collaboratively, diplomatically, and successfully with customers, co-workers; interact with world-class research community.

Other:  Candidates will be subject to a background check.

 

Preferred Qualifications and Requirements:

Education/Training: MS degree in Software Engineering, Computer Science, Information Systems, or a related field, or equivalent combination of training and experience.

Experience: Five (5) years of experience in architecture research and/or practice architecting systems.

Other:  Candidates who are eligible to obtain and maintain a Department of Defense security clearance.

 

Accountability: Ability to work on research with minimal supervision; meet deadlines while working on multiple tasks;.

Direction: Expected to act with limited supervision in accordance with SEI procedures, policies, such as those involving technical leadership, analysis, report production, and confidentiality. Requires close collaboration and teaming within and across initiatives and directorates.

Decisions: Suggests possible solutions to colleagues and users.

 

Job Functions or Responsibilities:

50%        Research, prototyping, and demonstration of architecture-centric analysis and generation technologies.

30%        Application of architecture-centric technologies in customer settings.

20%        Publication of research results.

100% TOTAL EFFORT


Organizational Chart: SSD Director > AP Initiative Lead > Architecture Researcher

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

 

09 Jan
2017
Senior Architecture Researcher - 2004690
Pittsburgh, PA or Arlington, VA

Position Summary: The Software Engineering Institute’s Architecture Practices initiative at Carnegie Mellon University seeks to create architecture-centric theories and practices to increase development efficiency and effectiveness on large-scale software and systems engineering projects.  The Architecture Researcher will join the Architecture Practices team to assist in expanding the established research program in order to create and extend architecture-centric theories and practices for the organization in order to produce systems to meet their business and mission goals. The Architecture Researcher will be responsible for:

  • Contributing to ongoing architecture research efforts, building on new research directions, and validating ideas in customer settings;
  • Defining and developing research strategies and projects, leading research teams, such as the customer efforts or transition project teams, and/or conducting planned research projects as necessary;
  • Directing support activities to enable technical work and the activities of work study or graduate students as appropriate;
  • Communicating the results of his/her research, through publication presentations in peer-reviewed venues;
  • Working with collaborators and customers to apply research outcomes to real world systems;
  • Determining and recommending architecture-centric technical solutions for practical system development programs; and
  • Participating in and leading technical activities in community settings (conferences, workshops, and working groups).

 

Minimum Qualifications and Requirements:

Education/Training: Ph.D. degree in Software Engineering, Computer Science, Information Systems, or a related field, or equivalent combination of training and experience.

Experience: Five (5) years of experience in architecture research and/or practice architecting systems, which shall include specific experience in:

  • Performing research in architectural modeling, analysis, and generation of safety critical embedded software systems;
  • Performing research in timing analysis and behavioral verification of safety critical systems;
  • Applying architecture-centric research technologies on customer systems in the aerospace domain
  • Publishing at least ten (10) papers in peer-reviewed computer-science venues.
  • Familiarity with avionics standards such as ARINC653, ARINC664, or SAE AS5506 AADL is a plus.

Skills/Abilities: Software development, including Java programming, extending the Eclipse platform (plug-in development). Strong written and verbal communication skills and the ability to present to small and large audiences.

Mobility: Normally sedentary position with some mobility; i.e., able to travel to other campus locations.

Environmental Conditions: Usual office setting, close contact with computer displays for long periods of time.

Mental: Ability to explore and solve complex, ill-defined problems; work meticulously with attention to

detail; self-starter willing to take on tasks and develop new research ideas; deal collaboratively, diplomatically, and successfully with customers, co-workers; interact with world-class research community.

Other:  Candidates will be subject to a background check.

 

Preferred Qualifications and Requirements:

Other:  Candidates who are eligible to obtain and maintain a Department of Defense security clearance.

 

Accountability: Ability to work on research with minimal supervision; meet deadlines while working on multiple tasks.

Direction: Expected to act with limited supervision in accordance with SEI procedures, policies, such as those involving technical leadership, analysis, report production, and confidentiality. Requires close collaboration and teaming within and across initiatives and directorates.

Decisions: Suggests possible solutions to colleagues and users.

 

Job Functions or Responsibilities:

50%        Research, prototyping, and demonstration of architecture-centric analysis and generation technologies.

30%        Application of architecture-centric technologies in customer settings.

20%        Publication of research results.

100% TOTAL EFFORT


Organizational Chart: SSD Director > AP Initiative Lead > Architecture Researcher

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

08 Dec
2016
Cyber Security Engineer - 2004578
Operating Location SA - San Antonio, TX

Position Summary: As a member of CERT's Workforce Development program, the candidate will work with other team members in developing cyber-security training exercises and simulations, primarily for US military/government customers. This involves interacting directly with customers, gathering training requirements and objectives, producing and facilitating creative and engaging exercise scenarios, and building supporting physical and virtualized systems and network topologies. As such, the candidate will work regularly with a wide range of software and hardware technologies within CERT labs. The candidate may also assist in developing and teaching cyber security training content to external customers. The candidate will also be involved software and hardware prototype development. Additionally, the position requires the candidate to have demonstrated and effective leadership/management abilities as he/she may supervise and evaluate full time direct reports as well as the activities of graduate student assistants. The successful candidate must be self-directed, have an interdisciplinary approach to problem solving, and work well communicating technical information to technical and non-technical users. The candidate must also be able to interact with clients and staff of all levels in a highly professional and competent manner.

Minimum Qualifications and Requirements:

Education/Training: Bachelor’s degree in Computer Science, Information Science, or related discipline with eight (8) years applicable working experience in information technology, Master’s degree in Computer Science, Information Science, or related discipline with five (5) years of applicable working experience in information technology, PhD Computer Science, Information Science, or related discipline with two (2) years of applicable working experience in information technology, or equivalent combination of training or experience.

Experience: Successful candidates must possess "hands-on" experience with Computer/Network Security and I.T. system and network administration. Additionally, he/she must have practical experience with Windows server and desktop platforms and Linux/Unix operating systems. The candidate must have experience in network design and troubleshooting and implementing standard networking protocols. Additionally, demonstrated practical experience working with common commercial and open-source cyber security tools is required. The candidate should have some experience teaching technical content to students, peers, and non-technical individuals and must enjoy doing so.

Skills/Abilities: Candidate must be able to prioritize workload and complete deliverables on time, have good technical problem-solving skills, strong analytical and information organization skills, excellent oral and written communication skills, and strong technical teaching skills. Candidate must be able to multitask and work effectively with multiple project teams and sponsors/customers. Experience with virtualization technologies, particularly VMWare ESX server is highly desired. Programming experience in C, C++, C#, Python, and Java is also highly desirable.

Physical Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites.

Environmental Conditions: Close contact with computer for long periods of time.

Mental: Ability to pay close attention to detail, meet deadlines, work under pressure, and communicate effectively

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: BS and MS in Computer Science; training in enterprise security tools (i.e. McAfee ePO/HIPS, ArcSight, etc.)

Licenses: CISSP, Network+, Security+ and/or other industry standard certifications

Experience: US military service in a series of positions involving information technology, cyber security, and management of large scale government networks.

Skills/Abilities: Strong presentation/platform skills and excellent writing skills

Accountability: The incumbent is accountable for the definition, creation, and maintenance of final deliverables and products and may manage unclassified/classified DoD projects in excess of $3M annually.

Direction: The incumbent is expected to act independently using CMU and SEI defined policies, practices, and procedures.

Decisions: The incumbent must use good judgment to solve customer and personnel problems and is required to envision, design, develop, pilot, and deliver new capabilities, products, and services. Candidate will also be required to accurately represent SEI/CERT and its technical work in interactions with customers, sponsors, and the public.

Supervisory Responsibilities:The incumbent may have at least 2 direct reports as well as up to 15 secondary reports and will be required to provide performance management, career guidance, and take personnel corrective actions as required.

Job Functions or Responsibilities:

10% Design and develop technical documents and instructional materials.

10% Research, evaluate, develop, install/configure hardware and software including promising new technologies that require examination for cyber security research and development.

10% Deliver technical and management training to customers.

55% Mentor, guide and interact with team and other staff.

15% Contribute to transition planning and strategy.

100% TOTAL EFFORT

Organizational Chart: Director, CERT Division < Technical Director, Cyber Security Solutions Directorate < Technical Manager, Cyber Workforce Development Initiative < Cyber Workforce Development Team Lead < Cyber Security Engineer - Exercise Developer

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

#seijob

08 Dec
2016
Infrastructure Engineer - 2004591
Pittsburgh, PA

What We Do: The SEI Emerging Technology Center helps the government stay on the edge of technology. The world is innovating software and information technologies rapidly, and the Center identifies, demonstrates, and applies emerging software technologies to meet critical mission needs. We promote government awareness and knowledge of emerging technologies and their application, and our work shapes and leverages academic and industrial research.

Position Summary: The SEI Emerging Technology Center matches state-of-the-art software research with critical U.S. Government (USG) needs. We are seeking an Infrastructure Engineer.

The Infrastructure Engineer supports the Center’s mission by serving as a subject matter expert on developing, evaluating, and maintaining high-performance IT systems. These systems support the Center’s efforts to transition and operationalize research concepts of significant value to the USG. The Center works on leading edge technologies and applies them to important and challenging problems. The work environment is dynamic and flexible, with constant opportunities to develop new skills, to learn about new software frameworks and techniques, to work on emerging architectures and systems, and to make a difference.

The Infrastructure Engineer’s duties include taking a hands-on role on teams of Software Developers, Technical Analysts, and Intelligence Analysts to design, build, and maintain enterprise IT systems - this infrastructure supports delivering capabilities to the USG building on state-of-the-art research in analytics, data architectures, software assurance, security, and human information interaction; daily collaboration with the team to understand, plan and implement infrastructure practices and changes; manage and evolve the HHPC cluster; contribute technical knowledge and experience as available to projects including big data, data intensive scalable computing, and high performance computing; defining, implementing, and communicating best practices and standards for staff that access the Center's Hardware; and serves as primary technical liaison to corporate IT.

Minimum Qualifications and Requirements:

Education/Training: Bachelor’s degree in Information Technology field or a related quantitative field of study with eight (8) years of applicable experience, Master’s degree in Information Technology field or a related quantitative field of study with five (5) years of applicable experience.

Experience:
• Experience deploying distributed computing frameworks.
• Experience tuning and measuring high performance systems - high-throughput networking, large disk arrays, etc.
• Strong Linux System Administration Experience - RHEL preferred.
• Experience as a network/system administrator for a networked Linux infrastructure in a professional environment required.
• Experience documenting and evaluating enterprise systems.
• Experience working with one or more host management tools (Puppet, Chef, Ansible, etc.).
• Experience with virtualization and containers.
• Experience maintaining and evolving an enterprise or research-oriented computer network.
• Hands on experiences with switches, firewalls routers, network storage, and virtualized environments.
• Experience with high-performance computing technologies a plus.
• Experience developing policies and best practices a plus.

Skills/Abilities:

• Ability to deal with software and network systems integration at various levels.
• Working knowledge of distributed filesystems and clustered frameworks.
• Deep understanding of networking and hardware support.
• Strong hands-on knowledge in the configuration, securing, and troubleshooting of network devices, LAN switching technologies, firewalls, VPNs, routing protocols, Linux/UNIX based network services, network storage and monitoring/maintaining all of these to ensure their continued secure operation is required.
• Write scripts in multiple interpreted languages (bash, Python, Perl, Ruby, Go).
• Build software from source, and create packages.
• Excellent written and verbal communication skills.
• Ability to work effectively without close supervision.
• Able to track multiple projects with different requirements in a shared resource environment.
• Able to support a dynamic and changing research environment.
• Able to interface with corporate IT

Mobility: Primarily sedentary in an office setting with some mobility. Flexible to travel to various locations within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Travel outside of Pittsburgh limited to no more than 5 working days a month.

Environmental Conditions: Normal office conditions; close contact with computer screen for extended periods of time.

Mental: Ability to work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks - sometimes under pressure and with shifting priorities; ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort; ability to quickly learn new procedures, techniques, approaches, etc.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.


Direction: The individual is expected to act independently using all applicable defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual is expected to participate in the decision-making and problem-solving processes of designing, implementing, and maintaining the Center’s computing environments.

Supervisory Responsibilities: This position does not formally supervise others. However, the individual may act in a technical leadership (non-supervisory) role concerning specific work products and activities, or concerning student interns, etc.

Job Functions or Responsibilities:
60% Design, implement, and support IT systems to support the Center’s research and development activities – including participating in the broader SEI software research community through collaboration, papers, and presentations.

25% Interface with the SEI IT community, the CMU campus community, and the broader Computing community to bring best practices into the Center.

15% System administration and user support for the Center’s computing environments.

100% Total Effort


Organizational Chart: SEI Emerging Technology Center Director < Prototyping Group Lead < Team Lead < Infrastructure Engineer

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

#seijob

23 Nov
2016
Cyber Security Engineer - Penetration Tester - 2004519
Pittsburgh, PA or Arlington, VA

This position can be located in Pittsburgh, PA or Arlington, VA.

Position Summary:  The CERT Division is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Division engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.

The individual in this position will work as a member of the Cybersecurity Assurance (CA) Team within the Networked Systems Survivability Program. The CA team develops solutions (in the form of frameworks, models, tools, policies, practices, technical guidance, and training) that allow organizations to assess, analyze, and manage organizational, operational, and technical risks to mission-critical assets, processes, systems, and infrastructures.

 

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science (or other technical field) with eight (8) years’ experience, or equivalent combination of training and experience.

Certifications:  Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), and/or Certified Ethical Hacker (CEH)

Experience: Professional experience as a penetration tester, system or network administrator, information systems auditor, software engineer, information systems analyst, or similarly technical occupation.

Experience with and applied knowledge in:

  • Common penetration testing methodologies and tactics (PTES, OWASP testing guide, etc.)

  • Popular penetration testing toolsets (Metasploit framework, vulnerability scanners, web application scanners, Nmap)

  • Knowledge of common networking protocols and services

  • Basic knowledge of exploit development and application fuzzing

  • Windows and Linux Operating System environments, networking devices, and common database platforms

  • Cyber security, survivability, and resilience concepts and issues

  • Software and systems engineering

  • Building and maintaining customer relationships

  • Data analytics and quantitative measures

  • Strategic Planning and requirements definition

  • Process improvement

  • Program planning, budgeting, and management

Skills/Abilities: Must exhibit the following skills and abilities:

  • Understanding of information technology, penetration testing, and telecommunications systems

  • Working knowledge of network interoperability, cyber security, and survivability issues, including cyber security best practices and standards

  • Working knowledge of DHS critical infrastructure sectors and related security and resilience issues

  • Working knowledge of the DoD and Agency resilience needs and cyber security roadmaps

  • Development and delivery of information and infrastructure security risk and vulnerability evaluations

  • Ability to conduct analytical studies and investigations

  • Reasoning and problem-solving skills

  • Ability to work independently with limited supervision

  • Ability to interact effectively with diverse constituencies internally and externally

  • Ability to work well as a member of a cooperative team; ability to work in a matrix organizational structure

  • Ability to recognize and deal appropriately with confidential and sensitive information

  • Ability to implement project plans, monitor project budgets, and identify and mitigate project risks

  • Leadership and mentoring skills

  • Excellent written and oral communication skills; ability to contribute to technical research white papers and reports; ability to prepare papers and deliver presentations to technical and non-technical audiences; ability to contribute to customer technical exchanges and marketing presentations

  • Ability to work on customer sites with high-ranking members of the Federal Government and US

  • Participation in professional society activities, particularly IEEE and ACM 

Physical/Mobility: Primarily sedentary in an office setting with some mobility. Ability to travel frequently to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings.

Environmental Conditions: Close contact with computer for extended periods of time.

Mental: Strong interest in the human, managerial, and technical aspects of cyber security is critical for this position as are these abilities:

  • Take or share leadership role in technical projects

  • Work meticulously with careful attention to detail

  • Meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities

  • Deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff

  • Ability to understand the direction, and goals of an effort; ability to develop and communicate innovative ideas; ability to demonstrate initiative and to quickly learn new procedures, techniques, approaches, etc.

Other: Must be able to work independently and travel as needed; this position requires frequent solo travel by car to customer sites in remote areas. Strong interest in cyber security and critical infrastructure protection analysis basis research, applied research, and development.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information. Candidates must be able to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science (or related technical field) with five (5) years’ experience or equivalent experience.

Certifications:  Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), and Certified Information Systems Auditor (CISA),

Experience: 

  • Expert proficiency with a variety of technical vulnerability analysis tools
  • Advanced penetration testing experience
  • Software development experience and advanced exploit development

Skills/Abilities: Strong presentation/platform skills and excellent writing skills.

 

Accountability: The individual will implement and participate in the planning and execution of projects leading to technical results. The individual will also contribute to project, department, or program objectives and planning document development. The individual will keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution.

Direction: The individual is expected to act independently using CMU, SEI, and NSS defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual must make sound technical decisions with little supervision. The individual must accurately represent the program in interactions with customers, sponsors, and the public. The individual is expected to perform analysis on-site at customer locations and immediately assess potential vulnerabilities requiring further investigation. 

Supervisory Responsibilities: This position could involve the training and oversight of the work of other staff members, graduate students, resident affiliates, visiting scientists, and independent contractors. Depending on research project or customer work plan, position may involve task leadership.

 

Job Functions or Responsibilities:

60% Participate in risk and vulnerability assessments operating in a technical leadership role; analyze assessment data to identify risk areas and propose mitigation alternatives.

15% Participate in research into innovative and cutting-edge tools, techniques, and methods to improve cyber security and penetration testing; transition research into applied knowledge for customers.

10% Deliver courses on offensive security tools and tactics and penetration testing management.

5% Contribute to conferences and meetings; participate in marketing calls and technical exchanges with clients; give talks and lectures as appropriate; participate on working groups for subjects of interest.

5% Contribute to and review the literature in cyber security, resilience, and software engineering.

5% Provide assistance and input to other teams and projects within the SEI.                     

100% Total Effort

 

Organizational Chart:  Director, CERT Division < Technical Director, Cyber Security Solutions Directorate < Deputy Director, Cyber Security Solutions Directorate < Technical Manager, Cybersecurity Assurance Team < Cyber Security Engineer

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

 

 

21 Jul
2016
Software Systems Engineer - 2003677
Operating Location SA - San Antonio, TX

Position Summary: The Client Technical Solutions (CTS) Directorate is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. CTS is focused on matching state-of-the-art software capabilities with critical US Department of Defense and other government agency acquisitions and organizations. This position will support the SEI’s mission by capturing government needs and identifying, shaping, and guiding programs to operationalize the most appropriate software engineering and acquisition techniques and practices. If you are an engineer passionate about improving the ability to deliver high quality, mission critical systems, and you are committed to bringing innovation to government and beyond, then this is the position for you.

The Member of the Engineering Technical Staff of the Software Solutions Division will be responsible for participating on teams that enable the organizations within the Department of Defense to enhance the predictable performance and mission assurance in the acquisition, evolution and operations of software-reliant systems. Key activities include understanding customer requirements and key challenge problems and addressing them with tailored solutions; applying, adapting, integrating, verifying and transitioning the SEI body of knowledge and other bodies of knowledge to maximize impact; creating, applying and codifying new approaches to support customer needs and advance the software engineering state of the practice; and maintaining situational awareness in technical and DoD domains. The candidate will coordinate closely with staff across the SEI to deliver software engineering technical expertise to customers throughout the life-cycle.

 

Minimum Qualifications and Requirements:

Education/Training: BS or equivalent degree in relevant discipline with eight (8) years applicable experience; MS or equivalent degree in relevant discipline with five (5) years applicable experience; PhD or equivalent degree in relevant discipline with two (2) years applicable experience, or equivalent combination of training and experience.

Experience: The candidate must have experience in software engineering, development or management, and/or systems engineering. Must be knowledgeable of the software engineering and system engineering disciplines as well as understanding the DoD, Intelligence Community, or Civilian Agency acquisition processes. The candidate should have experience building, leading, managing, and participating on cross-functional, high technology teams. The candidate should be able to operate effectively with all organizations within the software and acquisition communities and be able to interact diplomatically with partners, customers and sponsors.  Experience in three (3) or more of the following: DoD or Civilian Agency software systems acquisition on major programs (~100K SLOC or more of custom developed code, and/or significant integration of COTS/GOTS products); solid technical breadth and understanding of all aspects of the end-to-end software lifecycle (e.g., requirements, design, implementation, testing, etc.); alternative life cycles (e.g. waterfall, agile); major DoD, Intelligence Community, or Civilian Agency software acquisition policies and directives; enterprise architecture; software architecture development and evaluation, software architecture patterns (e.g. SOA) and concepts (e.g. Cloud computing); information Assurance/survivability; systems engineering on software intensive systems; COTS product integration; performance measurement including definition and application of goals, measurements and metric; system of systems engineering; requirements development and management; software integration and test and software/hardware integration; deployment of software intensive systems, especially including transition from legacy systems; cost estimation.

Skills/Abilities: Detailed knowledge of software engineering; detailed knowledge of at least one (1) core competency: requirements, architecture and design, program and acquisition management, performance improvement, assurance, or security and depth in at least one SEI body of work.  [Excellent] Strong written and verbal communications skills and the ability to present to high visibility stakeholders internal and external to the organization.  Good program and project management skills including: interfacing with clients, developing proposals, and establishing relationships with new DoD and/or government clients and programmatic and project management skills (e.g., ability to develop project plans, track deliverables, manage risks, perform staff planning, provide budget oversight). Good team related skills with the desire to lead and participate in multidisciplinary teams.

Mobility: Will be required to travel on overnight assignments.

Environmental Conditions: Usual office setting with extended use of CRT.

Other:  Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training: Master's degree in Computer Science, Information Systems, systems engineering, software engineering, or acquisition management, or equivalent combination of training and experience.

Licenses: Certified DoD Acquisition Professional. Certified PMP.

 

Accountability:  The member will be directly accountable for understanding DoD acquisition needs, applying new technologies, and establishing delivery capabilities to meet the needs of the sponsoring organization and the acquisition community.

Direction:  As a technical staff member, he/she will be expected to operate with minimum supervision using CMU and SEI defined practice, policies and procedures, in concert with the SEI mission.

Decisions:  Will be required to work with government program offices to identify strengths and weaknesses within the acquisition program and their contractor base and build solutions to address the weaknesses and recognize and encourage the strengths.

Supervisory Responsibilities:  Must be able to lead and supervise others.

 

Job Functions or Responsibilites:

85%  Participate as a leader or member of technical teams in support of government acquisition program offices or participate as a member of a technical team performing research. Identify and support the implementation strategies for the capture and application of learning and knowledge transfer from assignments (e.g. dissemination of research results, case studies, guides, reports, presentations, articles, workshops, courses, and blog entries).

10%  Other duties as assigned by the Client Technical Solutions Directorate Executive Director, Deputy Director, Associate Director or Chief Engineer.

5%  Serve in an advisory capacity to other SEI technical programs on acquisition or technical issues.

100% TOTAL EFFORT

 

Organizational Chart:  SEI Director’s Office < Director, Software Solutions Division < Technical Director, Client Technical Solutions Directorate < Engineer, Member of the Technical Staff

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

21 Jul
2016
Software Systems Engineer - 2003689
El Segundo, CA

This position is located in Los Angeles, CA.

Position Summary: The Client Technical Solutions (CTS) Directorate is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. CTS is focused on matching state-of-the-art software capabilities with critical US Department of Defense and other government agency acquisitions and organizations. This position will support the SEI’s mission by capturing government needs and identifying, shaping, and guiding programs to operationalize the most appropriate software engineering and acquisition techniques and practices. If you are an engineer passionate about improving the ability to deliver high quality, mission critical systems, and you are committed to bringing innovation to government and beyond, then this is the position for you.

The Member of the Engineering Technical Staff of the Software Solutions Division will be responsible for participating on teams that enable the organizations within the Department of Defense to enhance the predictable performance and mission assurance in the acquisition, evolution and operations of software-reliant systems. Key activities include understanding customer requirements and key challenge problems and addressing them with tailored solutions; applying, adapting, integrating, verifying and transitioning the SEI body of knowledge and other bodies of knowledge to maximize impact; creating, applying and codifying new approaches to support customer needs and advance the software engineering state of the practice; and maintaining situational awareness in technical and DoD domains. The candidate will coordinate closely with staff across the SEI to deliver software engineering technical expertise to customers throughout the life-cycle.

 

Minimum Qualifications and Requirements:

Education/Training: BS or equivalent degree in relevant discipline with eight (8) years applicable experience; MS or equivalent degree in relevant discipline with five (5) years applicable experience; PhD or equivalent degree in relevant discipline with two (2) years applicable experience, or equivalent combination of training and experience.

Experience: The candidate must have experience in software engineering, development or management, and/or systems engineering. Must be knowledgeable of the software engineering and system engineering disciplines as well as understanding the DoD, Intelligence Community, or Civilian Agency acquisition processes. The candidate should have experience building, leading, managing, and participating on cross-functional, high technology teams. The candidate should be able to operate effectively with all organizations within the software and acquisition communities and be able to interact diplomatically with partners, customers and sponsors.  Experience in three (3) or more of the following: DoD or Civilian Agency software systems acquisition on major programs (~100K SLOC or more of custom developed code, and/or significant integration of COTS/GOTS products); solid technical breadth and understanding of all aspects of the end-to-end software lifecycle (e.g., requirements, design, implementation, testing, etc.); alternative life cycles (e.g. waterfall, agile); major DoD, Intelligence Community, or Civilian Agency software acquisition policies and directives; enterprise architecture; software architecture development and evaluation, software architecture patterns (e.g. SOA) and concepts (e.g. Cloud computing); information Assurance/survivability; systems engineering on software intensive systems; COTS product integration; performance measurement including definition and application of goals, measurements and metric; system of systems engineering; requirements development and management; software integration and test and software/hardware integration; deployment of software intensive systems, especially including transition from legacy systems; cost estimation.

Skills/Abilities: Detailed knowledge of software engineering; detailed knowledge of at least one (1) core competency: requirements, architecture and design, program and acquisition management, performance improvement, assurance, or security and depth in at least one SEI body of work.  [Excellent] Strong written and verbal communications skills and the ability to present to high visibility stakeholders internal and external to the organization.  Good program and project management skills including: interfacing with clients, developing proposals, and establishing relationships with new DoD and/or government clients and programmatic and project management skills (e.g., ability to develop project plans, track deliverables, manage risks, perform staff planning, provide budget oversight). Good team related skills with the desire to lead and participate in multidisciplinary teams.

Mobility: Will be required to travel on overnight assignments.

Environmental Conditions: Usual office setting with extended use of CRT.

Other:   Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training: Master's degree in Computer Science, Information Systems, systems engineering, software engineering, or acquisition management, or equivalent combination of training and experience.

Licenses: Certified DoD Acquisition Professional. Certified PMP.

 

Accountability:  The member will be directly accountable for understanding DoD acquisition needs, applying new technologies, and establishing delivery capabilities to meet the needs of the sponsoring organization and the acquisition community.

Direction:  As a technical staff member, he/she will be expected to operate with minimum supervision using CMU and SEI defined practice, policies and procedures, in concert with the SEI mission.

Decisions:  Will be required to work with government program offices to identify strengths and weaknesses within the acquisition program and their contractor base and build solutions to address the weaknesses and recognize and encourage the strengths.

Supervisory Responsibilities:  Must be able to lead and supervise others.

 

Job Functions or Responsibilites:

85%  Participate as a leader or member of technical teams in support of government acquisition program offices or participate as a member of a technical team performing research. Identify and support the implementation strategies for the capture and application of learning and knowledge transfer from assignments (e.g. dissemination of research results, case studies, guides, reports, presentations, articles, workshops, courses, and blog entries).

10%  Other duties as assigned by the Client Technical Solutions Directorate Executive Director, Deputy Director, Associate Director or Chief Engineer.

5%  Serve in an advisory capacity to other SEI technical programs on acquisition or technical issues.

100% TOTAL EFFORT

 

Organizational Chart:  SEI Director’s Office < Director, Software Solutions Division < Technical Director, Client Technical Solutions Directorate < Engineer, Member of the Technical Staff

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

19 Jul
2016
Software Systems Engineer - 2003630
Pittsburgh, PA or Arlington, VA

Position Summary: The Client Technical Solutions (CTS) Directorate is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. CTS is focused on matching state-of-the-art software capabilities with critical US Department of Defense and other government agency acquisitions and organizations. This position will support the SEI’s mission by capturing government needs and identifying, shaping, and guiding programs to operationalize the most appropriate software engineering and acquisition techniques and practices. If you are an engineer passionate about improving the ability to deliver high quality, mission critical systems, and you are committed to bringing innovation to government and beyond, then this is the position for you.

The Member of the Engineering Technical Staff of the Software Solutions Division will be responsible for participating on teams that enable the organizations within the Department of Defense to enhance the predictable performance and mission assurance in the acquisition, evolution and operations of software-reliant systems. Key activities include understanding customer requirements and key challenge problems and addressing them with tailored solutions; applying, adapting, integrating, verifying and transitioning the SEI body of knowledge and other bodies of knowledge to maximize impact; creating, applying and codifying new approaches to support customer needs and advance the software engineering state of the practice; and maintaining situational awareness in technical and DoD domains. The candidate will coordinate closely with staff across the SEI to deliver software engineering technical expertise to customers throughout the life-cycle.

Minimum Qualifications and Requirements:

Education/Training: BS or equivalent degree in relevant discipline with eight (8) years applicable experience; MS or equivalent degree in relevant discipline with five (5) years applicable experience; PhD or equivalent degree in relevant discipline with two (2) years applicable experience, or equivalent combination of training and experience.

Experience: The candidate must have experience in software engineering, development or management, and/or systems engineering. Must be knowledgeable of the software engineering and system engineering disciplines as well as understanding the DoD, Intelligence Community, or Civilian Agency acquisition processes. The candidate should have experience building, leading, managing, and participating on cross-functional, high technology teams. The candidate should be able to operate effectively with all organizations within the software and acquisition communities and be able to interact diplomatically with partners, customers and sponsors. Experience in three (3) or more of the following: DoD or Civilian Agency software systems acquisition on major programs (~100K SLOC or more of custom developed code, and/or significant integration of COTS/GOTS products); solid technical breadth and understanding of all aspects of the end-to-end software lifecycle (e.g., requirements, design, implementation, testing, etc.); alternative life cycles (e.g. waterfall, agile); major DoD, Intelligence Community, or Civilian Agency software acquisition policies and directives; enterprise architecture; software architecture development and evaluation, software architecture patterns (e.g. SOA) and concepts (e.g. Cloud computing); information Assurance/survivability; systems engineering on software intensive systems; COTS product integration; performance measurement including definition and application of goals, measurements and metric; system of systems engineering; requirements development and management; software integration and test and software/hardware integration; deployment of software intensive systems, especially including transition from legacy systems; cost estimation.

Skills/Abilities: Detailed knowledge of software engineering; detailed knowledge of at least one (1) core competency: requirements, architecture and design, program and acquisition management, performance improvement, assurance, or security and depth in at least one SEI body of work. [Excellent] Strong written and verbal communications skills and the ability to present to high visibility stakeholders internal and external to the organization. Good program and project management skills including: interfacing with clients, developing proposals, and establishing relationships with new DoD and/or government clients and programmatic and project management skills (e.g., ability to develop project plans, track deliverables, manage risks, perform staff planning, provide budget oversight). Good team related skills with the desire to lead and participate in multidisciplinary teams.

Mobility: Will be required to travel on overnight assignments.

Environmental Conditions: Usual office setting with extended use of CRT.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

#seijob

Preferred Qualifications and Requirements:

Education/Training: Master's degree in Computer Science, Information Systems, systems engineering, software engineering, or acquisition management, or equivalent combination of training and experience.

Licenses: Certified DoD Acquisition Professional. Certified PMP.

Accountability: The member will be directly accountable for understanding DoD acquisition needs, applying new technologies, and establishing delivery capabilities to meet the needs of the sponsoring organization and the acquisition community.

Direction: As a technical staff member, he/she will be expected to operate with minimum supervision using CMU and SEI defined practice, policies and procedures, in concert with the SEI mission.

Decisions: Will be required to work with government program offices to identify strengths and weaknesses within the acquisition program and their contractor base and build solutions to address the weaknesses and recognize and encourage the strengths.

Supervisory Responsibilities: Must be able to lead and supervise others.

Job Functions or Responsibilities:

85% Participate as a leader or member of technical teams in support of government acquisition program offices or participate as a member of a technical team performing research. Identify and support the implementation strategies for the capture and application of learning and knowledge transfer from assignments (e.g. dissemination of research results, case studies, guides, reports, presentations, articles, workshops, courses, and blog entries).

10% Other duties as assigned by the Client Technical Solutions Directorate Executive Director, Deputy Director, Associate Director or Chief Engineer.

5% Serve in an advisory capacity to other SEI technical programs on acquisition or technical issues.

100% TOTAL EFFORT

Organizational Chart: SEI Director’s Office < Director, Software Solutions Division < Technical Director, Client Technical Solutions Directorate < Engineer, Member of the Technical Staff

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

11 Jul
2016
Senior Software Systems Engineer - 2003538
Pittsburgh, PA or Arlington, VA

Position Summary: The Client Technical Solutions (CTS) Directorate is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. CTS is focused on matching state-of-the-art software capabilities with critical US Department of Defense and other government agency acquisitions and organizations. This position will support the SEI’s mission by capturing government needs and identifying, shaping, and guiding programs to operationalize the most appropriate software engineering and acquisition techniques and practices. If you are an engineer passionate about improving the ability to deliver high quality, mission critical systems, and you are committed to bringing innovation to government and beyond, then this is the position for you.

The Senior Technical Staff Member of the Engineering Technical Staff of the Software Solutions Division will be responsible for leading and/or participating on teams that enable the organizations within the Department of Defense to enhance the predictable performance and mission assurance in the acquisition, evolution and operations of software-reliant systems. Key activities include understanding customer requirements and key challenge problems and addressing them with tailored solutions; applying, adapting, integrating, verifying and transitioning the SEI body of knowledge and other bodies of knowledge to maximize impact; creating, applying and codifying new approaches to support customer needs and advance the software engineering state of the practice; and maintaining situational awareness in technical and DoD domains. The candidate will coordinate closely with staff across the SEI to deliver software engineering technical expertise to customers throughout the life-cycle.

 

Minimum Qualifications and Requirements:

Education/Training: BS or equivalent degree in relevant discipline with ten (10) years applicable experience; MS or equivalent degree in relevant discipline with eight (8) years applicable experience; PhD or equivalent degree in relevant discipline with five (5) years applicable experience, or equivalent combination of training and experience.

Experience: The candidate must have experience in software engineering, development or management, and/or systems engineering. Must be knowledgeable of the software engineering and system engineering disciplines as well as understanding the DoD, Intelligence Community, or Civilian Agency acquisition processes. The candidate should have experience building, leading, managing, and participating on cross-functional, high technology teams. The candidate should be able to operate effectively with all organizations within the software and acquisition communities and be able to interact diplomatically with partners, customers and sponsors.  Experience in five (5) or more of the following: DoD or Civilian Agency software systems acquisition on major programs (~100K SLOC or more of custom developed code, and/or significant integration of COTS/GOTS products); solid technical breadth and understanding of all aspects of the end-to-end software lifecycle (e.g., requirements, design, implementation, testing, etc.); alternative life cycles (e.g. waterfall, agile); major DoD, Intelligence Community, or Civilian Agency software acquisition policies and directives; enterprise architecture; software architecture development and evaluation, software architecture patterns (e.g. SOA) and concepts (e.g. Cloud computing); information Assurance/survivability; systems engineering on software intensive systems; COTS product integration; performance measurement including definition and application of goals, measurements and metric; system of systems engineering; requirements development and management; software integration and test and software/hardware integration; deployment of software intensive systems, especially including transition from legacy systems; cost estimation.

Skills/Abilities: Deep detailed knowledge of software engineering; detailed knowledge of at least two core competencies: requirements, architecture and design, program and acquisition management, performance improvement, assurance, or security and depth in at least one SEI body of work.  Excellent written and verbal communications skills and the ability to present to high visibility stakeholders internal and external to the organization.  Proven program and project management skills including: interfacing with clients, developing proposals, and establishing relationships with new DoD and/or government clients and programmatic and project management skills (e.g., ability to develop project plans, track deliverables, manage risks, perform staff planning, provide budget oversight).  Proven team related skills with the ability to lead and participate in multidisciplinary teams.

Mobility: Will be required to travel on overnight assignments.

Environmental Conditions: Usual office setting with extended use of CRT.

Other:  Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training: Master's degree in Computer Science, Information Systems, systems engineering, software engineering, or acquisition management.

Licenses: Certified DoD Acquisition Professional. Certified PMP.

 

Accountability:  The member will be directly accountable for understanding DoD acquisition needs, applying new technologies, and establishing delivery capabilities to meet the needs of the sponsoring organization and the acquisition community.

Direction:  As a technical staff member, he/she will be expected to operate with minimum supervision using CMU and SEI defined practice, policies and procedures, in concert with the SEI mission.

Decisions:  Will be required to work with government program offices to identify strengths and weaknesses within the acquisition program and their contractor base and build solutions to address the weaknesses and recognize and encourage the strengths.

Supervisory Responsibilities:  Must be able to lead and supervise others.

 

Job Functions or Responsibilities:

85%  Participate as a leader or member of technical teams in support of government acquisition program offices or participate as a member of a technical team performing research. Identify and support the implementation strategies for the capture and application of learning and knowledge transfer from assignments (e.g. dissemination of research results, case studies, guides, reports, presentations, articles, workshops, courses, and blog entries).

10%  Other duties as assigned by the Client Technical Solutions Directorate Executive Director, Deputy Director, Associate Director or Chief Engineer.

5%  Serve in an advisory capacity to other SEI technical programs on acquisition or technical issues.

100% TOTAL EFFORT

 

Organizational Chart:  SEI Director’s Office < Director, Software Solutions Division < Technical Director, Client Technical Solutions Directorate < Sector Lead, CTSD Sector Team

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

Search for Postions

 Interested in working with us?

Search positions

Resumes from recruiting firms will not be accepted.

Accessibility Needs for Applicants, Students, and Visitors

Carnegie Mellon University makes every effort to provide physical and programmatic access to individuals with disabilities. If you require an accommodation to participate in any part of the employment process, please contact Disability Resources by emailing access@andrew.cmu.edu or calling 412-268-3930.

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

Carnegie Mellon University considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.