Careers

At CERT, we study and solve problems with widespread cybersecurity implications, research security vulnerabilities in software products, contribute to long-term changes in networked systems, and develop cutting-edge information and training to help improve cybersecurity.

We develop tools, products, and methods to help organizations conduct forensic examinations, analyze  vulnerabilities, and monitor large-scale networks. We help organizations determine how effective their security-related practices are. And we share our work at conferences; in blogs, webinars, and podcasts; and through our many articles, technical reports, and white papers.

Our work environment is collaborative in nature as staff members work on cross-functional teams within the CERT Division, the Software Engineering Institute, other Carnegie Mellon departments, and across the global community. We also collaborate with high-level organizations, such as the U.S. Department of Defense and the Department of Homeland Security; law enforcement including the FBI; the intelligence community; and many industry organizations.

Staff members say that one of the most satisfying aspects of working in the CERT Division "is being able to contribute to a global community that can impact the state of internet security."

Current Job Openings

Your top-notch skills and knowledge can help us make a difference in our nation's cybersecurity. To learn more about working at CERT, see Our Place at Carnegie Mellon University and Living in Pittsburgh.

 

The position you are looking for is not available. Please take a look at our current open positions listed below.

Select Job Location

Sort by Date Posted Title Location

13 Feb
2018
Associate Security Engineer - 2008163
Arlington, VA or Pittsburgh, PA

What We Do:

CERT is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. We engage in state of the art research and development, and provides robust programs focused on ensuring that software developers, internet security experts, network and system administrators, and others are able to resist, recognize, and recover from attacks on networked systems.

Position Summary:

As a member of our team, you will assist in evaluating new technologies and design approaches for various cyber security use cases. We are looking for engineers who will help advance our evaluation methods and develop recommendations on the use of the latest architectures and analytic techniques. We work in a lab environment providing hands-on access to hardware allowing us to install and change components as needed for a given project. We build prototypes to prove how components really function and gain operational experience before making recommendations. You will have opportunities to implement new tools to measure performance, assess scalability, and imagine potential capabilities. We want ambitious individuals who have the desire to learn and will embrace brainstorming new ideas with others.

The open source communities continue to grow and enterprises are evolving their infrastructure at an increasing pace. Financial constraints and the desire to implement quickly make open source projects attractive to many engineers. We need to understand these trends and be able to offer informed advice so program managers are able to make sound decisions and execute. We want to link together security analysis and infrastructure engineering to rapidly respond to emerging threats.

Requirements:

  • BS with three (3) years or MS with one (1) year of applicable experience. Your concentration of study should be in computer science, software engineering, computer engineering, or a related quantitative field of study.
  • Willingness to travel to visit other offices and attend conferences and training. Moderate travel (15%).
  • You will be subject to a background check and must be able to obtain and maintain a Department of Defense security clearance.

Knowledge, Skills and Abilities:

Are you the type of person who likes to take the initiative to get things done and solve complex problems? Are you looking for a job that allows you to make a difference? Apply your skills and dedication to protecting our Nation from cyber security threats and join our team to solve these complex problems.

  • You have an understanding of security requirements, methods, and processes.
  • Hands-on experience with the Linux and basic networking.
  • You are comfortable investigating new software from vendors or open source projects including its installation and demonstrating capabilities.
  • You are passionate about sharing new information and brainstorming ideas with other team members.
  • You have the ability to work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff;
  • You have the ability to grasp the big picture, direction, and goals of an effort; ability to quickly learn new procedures, techniques, approaches, etc.

Desired Experience:

  • You have worked in a "security operations" environment gaining an understanding of how to analyze logs and traffic to evaluate potential security event.
  • Experience testing code for vulnerabilities using common toolsets and applications.
  • You have managed systems requiring integration and automation using scripts (Python, Ruby, Perl) and packages like Puppet and Ansible.
  • Exposure to machine learning and other advanced data analytic methods.
  • Experience with Kafka, Hadoop, Spark, Bro, Logstash, or Elasticsearch.
  • Knowledge in programming with Python, Scala, C, or Java.

Job Function Breakdown:

50% Developing and evaluating prototypes considering functionality, performance characteristics, and impact on the architecture.

25% Investigate cybersecurity use cases and related technologies.

20% Manage hardware and software to include installation and all appropriate system administration tasks and processes.

5% Present work to customers and other groups.

TOTAL = 100%

Benefits: Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/. You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

31 Jan
2018
Administrative Assistant I - 2008035
Pittsburgh, PA

What We Do: The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. We work closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Our core purpose is to help organizations improve software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

Position Summary: We are currently seeking an Administrative Assistant to support our CERT team. Do you have experience with managing calendars and creating travel itineraries? Are you a collaborative individual who can be relied upon for confidentiality and professionalism and who can anticipate needs before they arise? If this sounds like you, come join us. You will work together with all levels of our organization to support an amazing mission. Your responsibilities will include:

  • Supporting our Technical Managers and Technical Leads in logistics, including but not limited to calendar management, travel itineraries, expense reporting, etc.
  • Handling correspondence and creating and editing reports and presentations while implementing CERT/SEI/CMU policies/procedures within our team.
  • Editing, formatting, and compiling documents and meeting materials.
  • Assisting with the workflow and information organization within our team.
  • Representing our department on campus wide projects and initiatives. Demonstrating a high degree of professionalism and ability to interact with all levels of an organization.
  • Assisting in project work as needed, including data entry, searching for information using the Internet, direct phone calls, and other methods.

Requirements:

  • High School, GED, or equivalent experience.
  • Three (3) to five (5) years of administrative experience.
  • Advanced knowledge of Microsoft Office products (Word, Outlook, Excel, PowerPoint) and related software.
  • Willingness to travel to various locations to support the SEI’s overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Light travel (5%)
  • You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance.

Job Functions or Responsibilities:

65% You will provide administrative assistance such as coordinating meetings logistics and resources; maintaining calendars, drafting correspondence, reports, and other documents for supervisor’s signature and/or approval.

15% You will maintain calendars to ensure time-critical issues reviews, performance management activities, group meetings, project reviews, etc. are identified and adhered to.

10% You will act as a liaison or contact person with other university departments, and with outside organizations. You will assist in the research, preparation and processing of information.

10% You will assist with the workflow within the department. You will have the ability to recognize the opportunity for process improvement and participates in the implementation. You will participate in CERT Operations administrative meetings and activities.

100% total effort

Benefits: Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/. You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of gender, race, protected veteran status, disability, or any other legally protected status.

26 Jan
2018
Cyber Workforce Development Intern (Summer 2018)
Pittsburgh, PA

What we Do:

The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Our core purpose is to help organizations improve software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

Position Summary:

Individuals working in CERT's Cyber Workforce Development directorate are engaged in researching and developing creative new methods for training and exercising US Department of Defense cyber operators, US federal law enforcement agents, industry cybersecurity professionals and other key customers. Individuals will be teamed with and will work alongside CERT technical staff to support active projects with current US Government (primarily DoD) customers.
Individual’s interests are considered carefully to attempt to find the best match with active research and development projects. These projects may involve developing new software prototypes, exercise environments, and/or attack scenarios for realistically modeling network applications, services, and conditions supporting training activities. Furthermore, individuals may be involved in developing micro-training courses and hands-on labs to teach gap-area cybersecurity; tactics, techniques, and procedures such as vulnerability discovery, penetration testing, malware analysis, forensic examinations and computer network defense. In addition to active customer work, extensive research programs involving automated cyber operator readiness assessment, cyber-kinetic effects integration, cyber operator aptitude pre-screening, and cyber training gamification also require individual contributors.

Requirements:

  • Study of Computer Science or related field

  • Current enrollment in undergraduate or graduate studies or equivalent combination of training or experience

  • Be familiar with the Linux and Windows Operating Systems

  • Willingness to travel to various locations to support the SEI’s overall mission. This includes within the SEI and CMU community.

  • You will be subject to a background check and must be eligible to work in the United States without visa sponsorship

Knowledge, Skills and Abilities:

  • Excellent oral and written communications

  • Good technical problem-solving skills

  • Strong analytical and information organization skills, detail orientated

  • Ablilty to meet deadlines

  • Multitasking and working effectively with multiple project teams, platform sponsors, and content producers

Desired Experience:

  • Virtualization technologies, VMWare ESX server desired

  • Windows operating system

  • Programming experience in C, C++, C#, Python, or Java

Job Function Breakdown:

40%

Develop new software prototypes, exercise environments, and/or attack scenarios for realistically modeling network applications, services, and conditions supporting training activities.

40%

Develop new software prototypes, exercise environments, and/or attack scenarios for realistically modeling network applications, services, and conditions supporting training activities.

20%

In addition to active customer work, extensive research programs involving automated cyber operator readiness assessment, cyber-kinetic effects integration, cyber operator aptitude pre-screening, and cyber training gamification also require student intern contributors.

TOTAL=100%

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

24 Jan
2018
Cyber Security Engineer - 2004578
Operating Location SA - San Antonio, TX

Position Summary: As a member of CERT's Workforce Development program, the candidate will work with other team members in developing cyber-security training exercises and simulations, primarily for US military/government customers. This involves interacting directly with customers, gathering training requirements and objectives, producing and facilitating creative and engaging exercise scenarios, and building supporting physical and virtualized systems and network topologies. As such, the candidate will work regularly with a wide range of software and hardware technologies within CERT labs. The candidate may also assist in developing and teaching cyber security training content to external customers. The candidate will also be involved software and hardware prototype development. Additionally, the position requires the candidate to have demonstrated and effective leadership/management abilities as he/she may supervise and evaluate full time direct reports as well as the activities of graduate student assistants. The successful candidate must be self-directed, have an interdisciplinary approach to problem solving, and work well communicating technical information to technical and non-technical users. The candidate must also be able to interact with clients and staff of all levels in a highly professional and competent manner.

Minimum Qualifications and Requirements:

Education/Training: Bachelor’s degree in Computer Science, Information Science, or related discipline with eight (8) years applicable working experience in information technology, Master’s degree in Computer Science, Information Science, or related discipline with five (5) years of applicable working experience in information technology, PhD Computer Science, Information Science, or related discipline with two (2) years of applicable working experience in information technology, or equivalent combination of training or experience.

Experience: Successful candidates must possess "hands-on" experience with Computer/Network Security and I.T. system and network administration. Additionally, he/she must have practical experience with Windows server and desktop platforms and Linux/Unix operating systems. The candidate must have experience in network design and troubleshooting and implementing standard networking protocols. Additionally, demonstrated practical experience working with common commercial and open-source cyber security tools is required. The candidate should have some experience teaching technical content to students, peers, and non-technical individuals and must enjoy doing so.

Skills/Abilities: Candidate must be able to prioritize workload and complete deliverables on time, have good technical problem-solving skills, strong analytical and information organization skills, excellent oral and written communication skills, and strong technical teaching skills. Candidate must be able to multitask and work effectively with multiple project teams and sponsors/customers. Experience with virtualization technologies, particularly VMWare ESX server is highly desired. Programming experience in C, C++, C#, Python, and Java is also highly desirable.

Physical Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites.

Environmental Conditions: Close contact with computer for long periods of time.

Mental: Ability to pay close attention to detail, meet deadlines, work under pressure, and communicate effectively

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: BS and MS in Computer Science; training in enterprise security tools (i.e. McAfee ePO/HIPS, ArcSight, etc.)

Licenses: CISSP, Network+, Security+ and/or other industry standard certifications

Experience: US military service in a series of positions involving information technology, cyber security, and management of large scale government networks.

Skills/Abilities: Strong presentation/platform skills and excellent writing skills

Accountability: The incumbent is accountable for the definition, creation, and maintenance of final deliverables and products and may manage unclassified/classified DoD projects in excess of $3M annually.

Direction: The incumbent is expected to act independently using CMU and SEI defined policies, practices, and procedures.

Decisions: The incumbent must use good judgment to solve customer and personnel problems and is required to envision, design, develop, pilot, and deliver new capabilities, products, and services. Candidate will also be required to accurately represent SEI/CERT and its technical work in interactions with customers, sponsors, and the public.

Supervisory Responsibilities:The incumbent may have at least 2 direct reports as well as up to 15 secondary reports and will be required to provide performance management, career guidance, and take personnel corrective actions as required.

Job Functions or Responsibilities:

10% Design and develop technical documents and instructional materials.

10% Research, evaluate, develop, install/configure hardware and software including promising new technologies that require examination for cyber security research and development.

10% Deliver technical and management training to customers.

55% Mentor, guide and interact with team and other staff.

15% Contribute to transition planning and strategy.

100% TOTAL EFFORT

Benefits: Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/. You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

22 Jan
2018
Vulnerability Analyst (Entry-Level) - 2007953
Pittsburgh, PA

What We Do

The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve the quality and security of software-intensive systems.

The Vulnerability Analysis Team, within the CERT Coordination Center (CERT/CC) at the SEI, is a group of internet security experts focused on advancing the state of the art in vulnerability assessment and discovery, coordinated vulnerability disclosure, and software security on a national and global scale. We participate in communities of network defenders, software developers and vendors, security researchers, and policy-makers. We publish security advisories, papers, blog posts, data, and tools.

We seek self-motivated applicants who want to improve the security of software systems.

  • You have a deep interest in cybersecurity, intellectual curiosity and a desire to make an impact beyond your organization
  • You enjoy developing and communicating innovative ideas and thinking creatively to take on tough problems
  • You can work under stress and adapt to shifting priorities and flexible tasking
  • You relate collaboratively and diplomatically with people inside and outside the organization

Requirements

Bachelor of Science in Computer Science, Information Technology, Information Science, or a similar degree.

You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance.

Knowledge, Skills, and Abilities

We seek applicants with knowledge, skills, and abilities including:

  • Fundamental understanding of common computer, network, and internet technologies, including basic computer architecture and common network protocols
  • Vulnerabilities and software security in general
  • Vulnerability assessment and discovery
  • Internet security issues, including common security technology
  • Software development
  • Basic cryptography
  • Broad communications skills, including writing, speaking, explaining complex technical issues, working with parties in conflict
  • Logic and reasoning, separate evidence from opinion, decision-making under uncertainty
  • Attention to detail, when needed
  • Creative problem solving
  • Recognize and properly handle confidential and sensitive information
  • Determination, motivation
  • Collaborator and team member

Experience

We seek applicants with experience that includes:

  • System and network administration
  • Software development, including web applications and DevOps
  • IT support and troubleshooting
  • Embedded systems
  • Reverse engineering
  • Penetration testing and vulnerability assessment
  • Incident response and management
  • Security auditing
  • Vulnerability management
  • Government or contractor support
  • Bottom-up project development and task selection
  • Writing and publication

Job Function Breakdown

40% Analyze, coordinate, and publish vulnerability reports

40% Research, develop, and publish vulnerability analysis tools, processes, techniques, and data

15% Participate in various communities (including conferences, workshops, meetings, and similar events) to promote collaboration, progress, and shared understanding

5% Support other teams and projects within the SEI.

100% total effort

Location

This position is located in Pittsburgh, PA with the possibility of location in the Washington D.C. area. Limited domestic travel (5% or less) is required, more travel is optional.

Benefits

Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/. You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

#seijob

08 Jan
2018
Senior Analysis Team Lead - 2007836
Pittsburgh, PA

Who We Are

You will work within the Monitoring & Response Directorate of the CERT Division of the Software Engineering Institute (SEI). The SEI is a federally funded research and development center on the campus of Carnegie Mellon University in Pittsburgh. CERT engages with the US Government, mainly the defense and intelligence sectors, to research, develop, apply and transition complex cybersecurity solutions. CERT generates some of the highest level of original research and takes on many of the most complex problems facing cybersecurity for the US Government. You will lead a team that is thoughtfully engaged with its clients involved in emerging technology gaps and aggressively solving problems to migrate solutions to our clients.

What We Do:

The CERT Situational Awareness group works with government customers to help them protect and defend their networks. We pioneer innovative ways to monitor and safeguard networked systems, and develop new ways of identifying and investigating network anomalies. We spend time observing real-world security operations teams, and help them improve how they do their jobs. Our work ranges in scope from the close-up investigation and examination of security data, to the assessment of large, enterprise-wide networks.

About You:

  • You want to make an impact beyond your organization.
  • You want to engage with worldwide leaders with vision.
  • Your strengths are curiosity, love of learning, deep interest in cybersecurity, and a desire to innovate—while motivating and inspiring your team.

Position Summary:

We research and develop ground breaking technical solutions for operational use in high-impact environments. Would you like to work at the forefront of network security?

As the Analysis Team Lead, you will be responsible for:

  • Managing, mentoring, and advising team members
  • Directing your team in the development of new analytic techniques and tools
  • Helping to develop new projects and opportunities for your team
  • Providing strategic technical support to senior decision makers
  • Providing guidance to customers on how to apply the latest research to solve their toughest security challenges
  • Advising customers on current and emerging threats, analytic workflows, and standard methodologies
  • Participating in technical efforts, including development and prototyping of new analysis techniques, tools, and platforms, preparation of analytic reports, and contributions to research publications
  • Being a recognized and respected domain expert by customers, commercial vendors, and the Internet community as a whole
  • Advancing the state of art of cybersecurity analysis

Requirements:

  • BS in with ten (10) years or MS with eight (8) years or equivalent combination of training and experience
  • Your concentration of study should be in computer science, software engineering, mathematics, or a related quantitative field of study in network operations, security operations, or network security research
  • Willingness to travel to various locations to support the SEI’s overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Moderate Travel (20%)
  • You will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance

Knowledge, Skills and Abilities:

  • Demonstrated ability to lead a team engaged in a variety of technical tasks, and to lead large-scale technical projects
  • Practical network security training (e.g. SANS GIAC Level 2 courses, GIAC Certifications, CCNP, CCIE Security, CISSP, CEH, CISM)
  • Experience working with the government, or within a critical infrastructure sector
  • Experience developing briefing materials for senior leadership within government or industry
  • Experience deploying or supporting large-scale network security monitoring infrastructures, including experience with distributed architectures

Desired Experience:

  • Prior management experience
  • PhD in Computer Science or related discipline with two (2) years of experience in network operations, security operations, or network security research; or equivalent combination of training and experience
  • Experience with data visualization
  • Skilled at working with specialized technologies such as data mining, clustering, machine learning, neural networks, distributed computing and/or big data platforms
  • Strong statistics background
  • Prior responsibility in leading a body of work consisting of numerous large-scale projects and multiple customers/external sponsors
  • History of contributions to the broader industry or research community and experience in a variety of network security areas

Job Function Breakdown:

45% Manages the team to effectively execute the SEI and task order work plans. Assesses performance of direct reports and provides team members with ongoing feedback and mentoring. Reviews team projects to ensure quality work. Identifies resource constraints and works with the Technical Manager to develop staffing plans. Contributes to the technical area planning process, including development of the technical roadmap

45% Provides direct support to government program offices in the areas of strategy, process/policies, requirements elicitation, tools and techniques, operations, outreach, and training. Enables the transition of SEI analysis and engineering approaches and tools into operational environments

10% Briefs senior leadership of government and DoD customers on SEI's technical capabilities, vision, and work performed. Speaks in public forums, including conferences and training events

100% total effort

Benefits:

Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/. You can join an institution and encourage innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

#seijob

05 Jan
2018
Senior Security Solutions Team Lead - 2007772
Pittsburgh, PA or Arlington, VA

Who We Are:

The SEI is a federally funded research and development center on the campus of Carnegie Mellon University in Pittsburgh. CERT engages with the US Government, mainly the defense and intelligence sectors, to research, develop, apply and transition complex cybersecurity solutions. CERT generates some of the highest level of original research and takes on many of the most complex problems facing cybersecurity for the US Government. You will lead a team that is thoughtfully engaged with its clients involved in emerging technology gaps and boldly solving problems to migrate solutions to our clients.

What We Do:

The CERT Situational Awareness group works with government customers to help them protect and defend their networks. We pioneer innovative ways to monitor and safeguard networked systems, and develop new ways of identifying and investigating network anomalies. We spend time observing real-world security operations teams, and help them improve how they do their jobs. Our work ranges in scope from the close-up investigation and examination of security data, to the assessment of large, enterprise-wide networks.

About You:

  • You want to make an impact beyond your organization.
  • You want to engage with worldwide leaders with vision.
  • Your strengths are curiosity, love of learning, deep interest in cybersecurity, and a desire to innovate—while motivating and inspiring your team.

Position Summary:

We research and develop ground breaking technical solutions for operational use in high-impact environments. Would you like to work at the forefront of network security?

As the Solutions Team Lead, you will be responsible for:

  • Managing, mentoring, and advising team members
  • Leading your team in the development of security architectures
  • Helping to develop new projects and opportunities for your team
  • Providing strategic technical support to senior decision makers
  • Providing systems engineering, systems requirements development, technology evaluation and deployment guidance
  • Participating in technical efforts, including development and prototyping of new analysis techniques, tools, and platforms, preparation of analytic reports, and contributions to research publications
  • Being a recognized and respected domain expert by customers, commercial vendors, and the Internet community as a whole
  • Advancing the state of art of cybersecurity architectures

Requirements:

  • BS with ten (10) years or MS with eight (8) years or equivalent combination of training and experience.
  • Your concentration of study should be in computer science, software engineering, mathematics, or a related quantitative field of study in network operations, security operations, or network security research.
  • Willingness to travel to various locations to support the SEI’s overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Moderate Travel (20%)
  • You will be subject to a background check and will need to obtain and maintain a Department of Defense TS/SCI security clearance.

Knowledge, Skills and Abilities:

  • Demonstrated ability to lead a team engaged in a variety of technical tasks, and to lead large-scale technical projects.
  • Practical network security training (e.g. SANS GIAC Level 2 courses, GIAC Certifications, CCNP, CCIE Security, CISSP, CEH, CISM).
  • Experience working with the government, or within a critical infrastructure sector.
  • Developing briefing materials for senior leadership within government or industry.
  • Deploying or supporting large-scale network security monitoring infrastructures, including experience with distributed architectures.

Desired Experience:

  • Prior management experience.
  • PhD in Computer Science or related discipline with five (5) years of experience in network operations, security operations, or network security research; or equivalent combination of training and experience.
  • Prior responsibility in leading a body of work consisting of numerous large-scale projects and multiple customers/external sponsors.
  • History of contributions to the broader industry or research community and experience in a variety of network security areas.

Benefits:

Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/. You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

#seijob

05 Jan
2018
Associate Software Engineer - 2007796
Pittsburgh, PA or Arlington, VA

What We Do:

CERT is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. We engage in state of the art research and development, and provides robust programs focused on ensuring that software developers, internet security experts, network and system administrators, and others are able to resist, recognize, and recover from attacks on networked systems.

Position Summary:

As a member of CERT Systems Team, you will be responsible for crafting, developing, and deploying software applications and systems to improve the capabilities of CERT customers. You will participate in all phases of the software development lifecycle, and will be involved in key decisions regarding software design and technology selection, architecture and design of cyber-resilient and cyber-secure systems.

Requirements:

  • BS in computer science, software engineering, computer engineering, or a related quantitative field of study with three (3) years of applicable experience
  • MS in computer science, software engineering, computer engineering, or a related quantitative field of study with one (1) year of applicable experience.
  • Willingness to travel to various locations to support the SEI’s overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Expected 15%
  • You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance.

Knowledge, Skills and Abilities:

We are looking for someone who has the ability to function within a development team. Willingness to learn new skills, programming languages, and technologies as necessary, and a desire to solve meaningful problems through technical innovation.

  • You have the skills to analyze customer requirements and provide novel solutions.
  • Willingness and ability to provide accurate estimates of development time and risk.
  • Capable to attend customer meetings and respond to customer requirements. Ability to multitask, solve problems and work with end users.
  • Ability to quickly learn new technologies (COTS/GOTS) and integrate them with existing applications and/or systems.
  • Knowledge of various hardware architectures and embedded systems. Embedded system design and embedded software implementation.

Desired Experience:

  • Experience as a software developer working on software applications in a professional environment.
  • You have experience writing code and applications in Java, and have experience with a scripting language such as Perl or Python, proficiency with HTML/CSS/JavaScript, and familiarity with SQL and modern databases.
  • Capable of working with software development tools such as version control systems (Git, Mercurial) and bug tracking systems (JIRA); knowledge of agile software development practices and team design sessions. Experience developing within a UNIX/Linux environment.
  • Working knowledge of general networking concepts and experience with deep software analysis, debugging, or reverse engineering, with a background in cyber security or cyber analytics.
  • Experience with Hadoop and related big-data systems, relational databases, LDAP directories, Apache httpd and Tomcat, and working in a development and operations (DevOps) environment.
  • Experience coding with C, C++, C#, Scala, Ruby and other commonly used languages. Familiarity with SQL and non-relational database technologies such as MongoDB. Cassandra, HBase, Neo4j or others.

Job Function Breakdown:

90% Design and implementation of software requirements and integrate with other software tools or relational databases.

Secondary Functions

5% Participate in conferences and meetings; join marketing calls on clients; present technical talks as appropriate.

5% Contribute to the broader software engineering and security community.

TOTAL = 100%

Benefits: Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/. You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

04 Jan
2018
SEI Internship Opportunities - Fall 2018
Pittsburgh, PA

We are looking for Fall Interns, part-time, 20 hours/week. If you are a student looking to expand your education beyond what you can learn in school, and earn money doing it, we want you to come work with us! You’ll have an opportunity to work on cutting-edge projects while adding experience to your resume. Our interns do real work: writing code, analyzing data, and collaborating as valuable team members.

What We Do: The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Our core purpose is to help organizations improve software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

Internship opportunities may be available in the following areas:

  • Programming
  • Cybersecurity Research
  • Design / Communication
  • Software Design/Development
  • Project Management
  • Computer Engineering
  • Help Desk Support
  • Computer Science
  • Information Systems
  • Management Information Systems
  • Mathematics
  • Statistics
  • Systems Engineering
  • Malware Analysis

Requirements:

  • You must be currently enrolled in a degree granting program.
  • You will be subject to a background check and must be eligible to work in the United States without Visa sponsorship.

Check for our positions on Handshake!

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

04 Jan
2018
Scholarship for Service (SFS) Internship Opportunities 2018
Pittsburgh, PA

What We Do: The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. We work closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Our core purpose is to help organizations improve software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

The SEI participates in the OPM CyberCorps Scholarship for Service (SFS) program. Are you passionate about contributing to leading edge projects that make a difference in our world? Do you want to expand your education beyond the classroom, and earn money while doing it? Come to work with us!

Our interns are valued team members, and do real work related to cyber security, emerging technologies, and software solutions.

SFS internship opportunities may be available in the following areas:

  • Software Development
  • Cybersecurity research, including: vulnerability assessment, insider threat research, penetration testing, risk management, incident response, digital forensics, network defense, and malware analysis.
  • Machine Learning, Data Science, and Statistics
  • Artificial Intelligence
  • Systems Engineering
  • Mobile Computing
  • Secure Coding

Requirements:

  • SFS student with current enrollment in a relevant BS or MS degree program: Computer Science, Computer Engineering, Information Security/Assurance, Mathematics, Statistics, or related discipline.
  • You will be subject to a background check and must be able to work in the United States without visa sponsorship.

Check for our positions on Handshake!

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

21 Dec
2017
Senior Security Solutions Engineer - 2007753
Pittsburgh, PA or Arlington, VA

Who We Are

You will work within the Monitoring & Response Directorate of the CERT Division of the Software Engineering Institute (SEI). The SEI is a federally funded research and development center on the campus of Carnegie Mellon University in Pittsburgh. CERT engages with the US Government, mainly the defense and intelligence sectors, to research, develop, apply and transition complex cybersecurity solutions. CERT generates some of the highest level of original research and takes on many of the most complex problems facing cybersecurity for the US Government. You will be part of a team that is thoughtfully engaged with its clients involved in emerging technology gaps and boldly solving problems to migrate solutions to our clients.

What We Do:

The CERT Situational Awareness group works with government customers to help them protect and defend their networks. We pioneer innovative ways to monitor and safeguard networked systems, and develop new ways of identifying and investigating network anomalies. We spend time observing real-world security operations teams, and help them improve how they do their jobs. Our work ranges in scope from the close-up investigation and examination of security data, to the assessment of large, enterprise-wide networks.

About You:

  • You want to make an impact beyond your organization.
  • You want to engage with worldwide leaders with vision.
  • Your strengths are curiosity, love of learning, deep interest in cybersecurity, and a desire to innovate.

Position Summary:

We research and develop ground breaking technical solutions for operational use in high-impact environments. Would you like to work at the forefront of network security?

As a member of the team you will be responsible for:

  • Providing strategic technical support to senior decision makers.
  • Leading teams in the development of security architectures.
  • Providing systems engineering, systems requirements development, technology evaluation and deployment guidance.
  • Participating in technical efforts, including development and prototyping of new analysis techniques, tools, and platforms, preparation of analytic reports, and contributions to research publications.
  • Becoming a respected domain expert by customers, commercial vendors, and the Internet community as a whole.
  • Advancing the state of art of cybersecurity architectures.

Requirements:

  • BS with ten (10) years or MS with eight (8) years or equivalent combination of training and experience.
  • Your concentration of study should be in computer science, software engineering, mathematics, or a related quantitative field of study in network operations, security operations, or network security research.
  • Willingness to travel to various locations to support the SEI’s overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Moderate Travel (20%).
  • You will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Knowledge, Skills and Abilities:

  • Practical network security training (e.g. SANS GIAC Level 2 courses, GIAC Certifications, CCNP, CCIE Security, CISSP, CEH, CISM).
  • Experience working with the government, or within a critical infrastructure sector.
  • Developing briefing materials for senior leadership within government or industry.
  • Deploying or supporting large-scale network security monitoring infrastructures.

Desired Experience:

  • PhD in Computer Science or related discipline with two (2) years of experience in network operations, security operations, or network security research; or equivalent combination of training and experience.
  • Prior responsibility in leading a body of work consisting of numerous large scale projects and multiple customers/external sponsors.
  • History of contributions to the broader industry or research community and experience in a variety of network security areas.

Job Function Breakdown:

75% Lead support to government program offices in the areas of strategy; process/policies; requirements elicitation; design and architecture; operations; outreach; and training.

15% Enable the transition and appropriate focus of NetSA analysis and engineering approaches and tools into operational environments.

10% Design, prototype, and transition tactical analysis studies and tools appropriate for operational use in situational awareness.

100% total effort

Benefits:

Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/. You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

#seijob

21 Dec
2017
Associate Software Security Engineer - 2007751
Pittsburgh, PA or Arlington, VA

What We Do:

The Software Engineering Institute helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Our core purpose is to help organizations improve software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

The Secure Coding Team, of the world renowned CERT division of the SEI, is a pioneer of the identification and development of secure coding and secure software development practices. We are looking for an exceptional person to help us continue our leadership of ground-breaking improvements for securing software during development. Software has never been more important to our lives and our national security, nor has software insecurity ever been a greater risk.

If you join the team, you will work with elite cyber security experts to help software developers and software development organizations reduce vulnerabilities resulting from coding errors before they are deployed. We improve software security by identifying common programming errors that lead to software vulnerabilities, establishing secure coding standards, developing evaluation tools, and educating software developers.

Position Summary:

You will participate in research and engineering projects related to developing secure software systems, write reports, and deliver presentations that explain the findings of your work, and work directly with customers to help transition our work into practice. We are looking for someone familiar with compilers (particularly dataflow analysis or other forms of static analysis) to work on projects developing techniques for automatically repairing source code to remove certain common classes of vulnerabilities.

Software vulnerabilities constitute a major threat to many of our nation’s critical systems. Static analysis tools help identify these bugs, but they typically are used late in the development process and produce an enormous number of warnings, overwhelming the ability of the development team to fix the code. Automated code repair holds the potential to eliminate security vulnerabilities much faster and at a much lower cost than manual repair.

Requirements:

  • You have a BS in Computer Science or Software Engineering with at least three (3) years applicable experience.

  • You are willing to travel to other SEI locations, sponsor sites, conferences and offsite meetings.

  • You are able to thrive in an office setting, sitting for long time periods and having close contact with a computer.

  • You are able to multi-task and be detailed oriented.

  • You can meet inflexible deadlines and deal with challenges while maintaining professionalism.

  • You will be subject to a background investigation and must be eligible to obtain and maintain a Department of Defense security clearance.

Knowledge, Skills and Abilities:

You will have the knowledge, skills, and abilities to:

  • Develop new analytical functionality in compilers. Familiarity with compilers at least to the level of an undergrad compilers course, especially dataflow analysis. Firm grasp of data structures and algorithms.

  • Develop and analyze source code in common programming languages such as C, C#, C++, Java, and Python, with a focus on secure coding principles and practices.

  • Use static and dynamic analysis tools to evaluate software to find and remove vulnerabilities.

  • Build and configure various software build environments, and build custom tools to integrate and automate the use of software building and analysis tools.

  • Analyze data from multiple sources, generate defensible results, and represent them in reporting products and interactions with customers, sponsors, and the public.

  • Collaborate in a team environment with other team members with varying skills, experience and locations.

  • Recognize and deal appropriately with confidential and sensitive information such as source code and software weaknesses and vulnerabilities.

  • Develop and explain technical decisions and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements.

  • Work meticulously with careful attention to detail required to identify defects and weaknesses in large software systems, and to identify development process improvement opportunities.

  • Be self-motivated and capable of self-learning to maintain a working knowledge of the ever-changing software development landscape.

  • Contribute to program objectives and plan development.

  • Perform under minimal direction and use independent judgement when necessary.

Desired Experience:

  • MS in Computer Science or Software Engineering, with at least one (1) year applicable experience.

  • Thorough knowledge of the C programming language. Basic familiarity with x86 assembly language. Ability to read and write code in Python. Ability to write an analysis pass for LLVM. Ability to develop software that exhibits desired security properties. Ability to evaluate software for desired security properties.

  • Develop and analyze software for specific platforms, such as mobile platforms and embedded systems.

Job Function Breakdown:

40% Contribute to internally funded research projects, developing experimentation environments, evaluating secure software development practices, and communicating results internally and externally in reports and presentations.

30% Directly support customer work in secure coding, verification and validation techniques, and technical training. Tailor our current offerings to provide value to customers by evaluating their software, software development, and software acquisition/procurement practices, and providing improvement recommendations. Communicate the findings of such evaluations through reports and presentations. Build new tools and capabilities that improve our ability to meet customer needs.

15% Codify knowledge that has been gained through customer and research projects to expand and update knowledge transfer materials, such as Secure Coding guidelines, training materials, and tools.

15% Develop knowledge and understanding of SEI capabilities; learn how SEI capabilities can be applied to customer problems; work directly with SEI staff supporting the community with disciplines related to secure coding and secure development.

Total 100%

Benefits:

Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/ . You can join an institution and encourage innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

21 Dec
2017
Software Security Engineer (Entry-Level) - 2007752
Pittsburgh, PA

What We Do:

The Software Engineering Institute helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Our core purpose is to help organizations improve software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

The Secure Coding Team, of the world renowned CERT division of the SEI, is a pioneer of the identification and development of secure coding and secure software development practices. We are looking for an exceptional person to help us continue our leadership of ground-breaking improvements for securing software during development. Software has never been more important to our lives and our national security, nor has software insecurity ever been a greater risk.

If you join the team, you will work with elite cyber security experts to help software developers and software development organizations reduce vulnerabilities resulting from coding errors before they are deployed. We improve software security by identifying common programming errors that lead to software vulnerabilities, establishing secure coding standards, developing evaluation tools, and educating software developers.

Position Summary:

You will participate in research and engineering projects that identify and implement standards for organizations to develop secure software systems. This will include developing and applying guidelines for writing secure code in C, C++, Java, and other popular languages. It also includes developing and using tools to verify that software is developed securely. You will work directly with customers to: develop and provide training in secure coding practices; evaluate, extend, and use tools to improve and automate source code analysis; review and improve code bases to ensure that the standards are being followed; and enhance the customers’ organizational capabilities to produce secure software systems. You will be expected to help customers improve their software to meet the security and privacy needs of their users by writing reports and delivering presentations that explain the results of your research and software evaluations.

Requirements:

  • You have a BS in Computer Science, Software Engineering, Information Science, or Information Systems Management or equivalent combination of training and experience.

  • You are willing to travel to other SEI locations, sponsor sites, conferences and offsite meetings.

  • You are able to thrive in an office setting, sitting for long time periods and having close contact with a computer.

  • You are able to multi-task and be detailed oriented.

  • You can meet inflexible deadlines and deal with challenges while maintaining professionalism.

  • You will be subject to a background investigation and must be eligible to obtain and maintain a Department of Defense security clearance.

Knowledge, Skills and Abilities:

You will have the knowledge, skills, and abilities to:

  • Develop and analyze source code in common programming languages such as C, C#, C++, Java, and Python, with a focus on secure coding principles and practices.

  • Use static and dynamic analysis tools to evaluate software to find and remove vulnerabilities.

  • Build and configure various software build environments, and build custom tools to integrate and automate the use of software building and analysis tools.

  • Analyze data from multiple sources, generate defensible results, and represent them in reporting products and interactions with customers, sponsors, and the public.

  • Collaborate in a team environment with other team members with varying skills, experience and locations.

  • Recognize and deal appropriately with confidential and sensitive information such as source code and software weaknesses and vulnerabilities.

  • Develop and explain technical decisions and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements.

  • Work meticulously with careful attention to detail required to identify defects and weaknesses in large software systems, and to identify development process improvement opportunities.

  • Be self-motivated and capable of self-learning to maintain a working knowledge of the ever-changing software development landscape.

  • Contribute to program objectives and plan development.

  • Perform under some direction to establish and define work; use independent judgement when necessary to meet established work milestones and deadlines.

Desired Experience:

  • MS in Computer Science, Software Engineering, Information Science, Information Systems Management.

  • Developing and analyzing software for specific platforms, such as mobile platforms and embedded systems.

  • Using threat modeling tools to perform threat analysis on software systems.

Job Function Breakdown:

40% Contribute to internally funded research projects, developing experimentation environments, evaluating secure software development practices, and communicating results internally and externally in reports and presentations.

30% Directly support customer work in secure coding, verification and validation techniques, and technical training. Tailor our current offerings to provide value to customers by evaluating their software, software development, and software acquisition/procurement practices, and providing improvement recommendations. Communicate the findings of such evaluations through reports and presentations. Build new tools and capabilities that improve our ability to meet customer needs.

15% Codify knowledge that has been gained through customer and research projects to expand and update knowledge transfer materials, such as Secure Coding guidelines, training materials, and tools.

15% Develop knowledge and understanding of SEI capabilities; learn how SEI capabilities can be applied to customer problems; work directly with SEI staff supporting the community with disciplines related to secure coding and secure development.

Total 100%

Benefits:

Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/ . You can join an institution and encourage innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

15 Dec
2017
Senior Software Engineer - 2007679
Pittsburgh, PA

What We Do:

CERT is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. We engage in state of the art research and development, and provides robust programs focused on ensuring that software developers, internet security experts, network and system administrators, and others are able to resist, recognize, and recover from attacks on networked systems.

Position Summary:

As a member of CERT Systems Team, you will be responsible for crafting, developing, and deploying software applications and systems to improve the capabilities of CERT customers. You will participate in all phases of the software development lifecycle, and will be involved in key decisions regarding software design and technology selection, architecture and design of cyber-resilient and cyber-secure systems.

Requirements:

  • BS in computer science, software engineering, computer engineering, or a related quantitative field of study with ten (10) years of applicable experience.
  • MS in computer science, software engineering, computer engineering, or a related quantitative field of study with eight (8) years of applicable experience.
  • PhD in computer science, software engineering, computer engineering, or a related quantitative field of study with five (5) years of experience or equivalent combination of training or experience.
  • Willingness to travel to various locations to support the SEI’s overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Expected 15%.
  • You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance.

Knowledge, Skills and Abilities:

We are looking for someone who has the ability to function within a development team. Willingness to learn new skills, programming languages, and technologies as necessary, and a desire to solve meaningful problems through technical innovation.

  • You have the skills to analyze customer requirements and provide novel solutions.
  • Willingness and ability to provide accurate estimates of development time and risk.
  • Capable to attend customer meetings and respond to customer requirements. Ability to multitask, solve problems and work with end users.
  • Ability to quickly learn new technologies (COTS/GOTS) and integrate them with existing applications and/or systems.
  • Knowledge of various hardware architectures and embedded systems. Embedded system design and embedded software implementation.

Desired Experience:

  • Experience as a software developer working on software applications in a professional environment.
  • You have experience writing code and applications in Java, and have experience with a scripting language such as Perl or Python, proficiency with HTML/CSS/JavaScript, and familiarity with SQL and modern databases.
  • Capable of working with software development tools such as version control systems (Git, Mercurial) and bug tracking systems (JIRA); knowledge of agile software development practices and team design sessions. Experience developing within a UNIX/Linux environment.
  • Working knowledge of general networking concepts and experience with deep software analysis, debugging, or reverse engineering, with a background in cyber security or cyber analytics.
  • Experience with Hadoop and related big-data systems, relational databases, LDAP directories, Apache httpd and Tomcat, and working in a development and operations (DevOps) environment.
  • Experience coding with C, C++, C#, Scala, Ruby and other commonly used languages. Familiarity with No SQL and non-relational database technologies such as MongoDB. Cassandra, HBase, Neo4j or others.

Job Function Breakdown:

90% Design and implementation of software requirements and integrate with other software tools or relational databases.

Secondary Functions

5% Participate in conferences and meetings; join marketing calls on clients; present technical talks as appropriate.

5% Contribute to the broader software engineering and security community.

TOTAL = 100%

Benefits: Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/. You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

#seijob

15 Dec
2017
Cyber Security Modeling and Simulation Capability Developer - 2007678
Pittsburgh, PA or Arlington, VA

This opportunity is available in our Pittsburgh, PA or Arlington, VA offices.

What We Do:

The CERT Cyber Workforce Development (CWD) team aims to lower the cost and time required to build cybersecurity expertise and to amplify that expertise to a globally distributed workforce. To achieve this, we develop and integrate innovative tools and processes to train, exercise, and assess cybersecurity professionals and teams. In doing so, CWD pioneers research and development efforts designed to counter cybersecurity threats to our nation.

CWD develops solutions for improving an organization’s cyber workforce development program. CWD partners with sponsors to identify and resolve gaps that hinder a workforce’s ability to counter rapidly evolving adversary tactics in cyberspace. We achieve this by guiding organizations through improvement of their cyber workforce’s knowledge, skills, and abilities.

CWD’s core strength is our supportive and highly collaborative culture. Our team recognizes the importance of our mission: to ensure that our nation’s cybersecurity workforce is the best in the world. We are looking for people of character who share our passion, love technology and teamwork, and who have a desire to teach, learn from, and collaborate with others. We provide numerous internal and external training and professional development opportunities for members of our team. We also learn from each other through cross-training and mentoring.

Position Summary:

As a member of CWD, you will work with other team members to develop and deliver cybersecurity training capabilities and programs -- primarily for US military/government sponsors.

Requirements:

  • BS in Computer Science, Information Science, or related discipline with eight (8) years applicable working experience; MS in the same fields with five (5) years of experience or equivalent combination of training or experience.

  • Willingness to travel to various locations in support of the SEI’s overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Moderate travel (15%).

  • You will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Duties:

In CWD, we certainly do not expect you to know or have experience with everything; however, our wish-list includes the following:

  • Interacting directly with sponsors, gathering requirements and objectives, producing and facilitating creative and engaging scenario exercises, and building physical and virtualized network systems to support training programs.

  • Defining, creating, and maintaining solutions in support of DoD’s cyberspace responsibilities.

  • Working regularly with a wide range of software and hardware technologies.

  • Developing and instructing cybersecurity training content to sponsors.

  • Developing software and hardware proofs of concept and prototypes.

  • Leading and supervising direct reports as well as secondary reports; providing performance management, career guidance, and corrective actions as required.

Knowledge, Skills and Abilities:

  • Excellent oral and written communications

  • Server and desktop platforms (e.g. Windows, Linux)

  • Network administration (e.g. Routers, Switches, Firewalls, Proxies, etc.)

  • Programming (e.g. C, C++, C#, Python, Java, etc.)

  • Frameworks (e.g. Angular.js, Node.js, Django, RESTful API, .NET, etc.)

  • Version Control Systems (e.g. Git, Bitbucket, etc.)

  • Scripting (e.g. Bash, PowerShell, etc.)

  • Configuration management and deployment automation (e.g. Ansible, Puppet, Chef, Packer, etc.)

  • Virtualization and cloud technologies (e.g. VMWare ESX server, Linux KVM/QEMU, Xen, OpenNebulla, Microsoft Azure, Amazon AWS, etc.)

  • Commercial and open source security tools (e.g. McAfee ePO/HIPS, ArcSight, Splunk, Security Onion, ELK stack, etc.)

  • Penetration testing (Kali, Metasploit, Powershell Empire, etc.)

  • Data science (R query design, Elastic Stack, Bro, Hadoop, etc)

  • Learning analytics (curriculum design, knowledge and performance assessment, feedback, remediation, etc.)

  • Multitasking and working effectively with multiple project teams and sponsors

  • Technical problem-solving, analytical and information organization

  • Network system design and troubleshooting

Desired Experience:

  • US military service in positions involving information technology, cybersecurity, and management of large-scale government networks

  • Team leadership positions within cybersecurity and/or IT-focused organizations

  • Demonstrated software engineering and development experience

  • Demonstrated practical experience with commercial and open-source cyber security tools

  • Teaching experience

Job Function Breakdown:

40% Mentor, guide and interact with team and other staff.

30% Develop software solutions to training challenges.

15% Contribute to transition planning and strategy.

10% Design and develop technical documents and instructional materials.

5% Research, evaluate, develop, install/configure hardware and software cyber security solutions.

TOTAL=100%

Benefits:

Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/ . You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

15 Dec
2017
Software Engineer - 2007677
Pittsburgh, PA

What We Do:

CERT is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. We engage in state of the art research and development, and provides robust programs focused on ensuring that software developers, internet security experts, network and system administrators, and others are able to resist, recognize, and recover from attacks on networked systems.

Position Summary:

As a member of CERT Systems Team, you will be responsible for crafting, developing, and deploying software applications and systems to improve the capabilities of CERT customers. You will participate in all phases of the software development lifecycle, and will be involved in key decisions regarding software design and technology selection, architecture and design of cyber-resilient and cyber-secure systems.

Requirements:

  • BS in computer science, software engineering, computer engineering, or a related quantitative field of study with eight (8) years of applicable experience.
  • MS in computer science, software engineering, computer engineering, or a related quantitative field of study with five (5) years of applicable experience.
  • PhD in computer science, software engineering, computer engineering, or a related quantitative field of study with two (2) years of experience or equivalent combination of training or experience.
  • Willingness to travel to various locations to support the SEI’s overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Expected 15%
  • You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance.

Knowledge, Skills and Abilities:

We are looking for someone who has the ability to function within a development team. Willingness to learn new skills, programming languages, and technologies as necessary, and a desire to solve meaningful problems through technical innovation.

  • You have the skills to analyze customer requirements and provide novel solutions.
  • Willingness and ability to provide accurate estimates of development time and risk.
  • Capable to attend customer meetings and respond to customer requirements. Ability to multitask, solve problems and work with end users.
  • Ability to quickly learn new technologies (COTS/GOTS) and integrate them with existing applications and/or systems.
  • Knowledge of various hardware architectures and embedded systems. Embedded system design and embedded software implementation.

Desired Experience:

  • Experience as a software developer working on software applications in a professional environment.
  • You have experience writing code and applications in Java, and have experience with a scripting language such as Perl or Python, proficiency with HTML/CSS/JavaScript, and familiarity with SQL and modern databases.
  • Capable of working with software development tools such as version control systems (Git, Mercurial) and bug tracking systems (JIRA); knowledge of agile software development practices and team design sessions. Experience developing within a UNIX/Linux environment.
  • Working knowledge of general networking concepts and experience with deep software analysis, debugging, or reverse engineering, with a background in cyber security or cyber analytics.
  • Experience with Hadoop and related big-data systems, relational databases, LDAP directories, Apache httpd and Tomcat, and working in a development and operations (DevOps) environment.
  • Experience coding with C, C++, C#, Scala, Ruby and other commonly used languages. Familiarity with No SQL and non-relational database technologies such as MongoDB. Cassandra, HBase, Neo4j or others.

Job Function Breakdown:

90% Design and implementation of software requirements and integrate with other software tools or relational databases.

Secondary Functions

5% Participate in conferences and meetings; join marketing calls on clients; present technical talks as appropriate.

5% Contribute to the broader software engineering and security community.

TOTAL = 100%

Benefits: Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/. You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

#seijob

08 Dec
2017
SEI Summer Internship Opportunities 2018 - Arlington, VA
Arlington, VA

We are looking for Summer Interns, full-time, 40 hours/week. If you are a student looking to expand your education beyond what you can learn in school, and earn money doing it, we want you to come work with us! You’ll have an opportunity to work on cutting-edge projects while adding experience to your resume. Our interns do real work: writing code, analyzing data, and collaborating as valuable team members.

What We Do: The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Our core purpose is to help organizations improve software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

Internship opportunities may be available in the following areas:

  • Programming
  • Cybersecurity Research
  • Design / Communication
  • Software Design/Development
  • Project Management
  • Computer Engineering
  • Help Desk Support
  • Computer Science
  • Information Systems
  • Management Information Systems
  • Mathematics
  • Statistics
  • Systems Engineering
  • Malware Analysis

Requirements:

  • You must be currently enrolled in a degree granting program.
  • You will be subject to a background check and must be eligible to work in the United States without Visa sponsorship.

Check for our positions on Handshake!

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

05 Dec
2017
Chief Technology Officer - 2007594
Pittsburgh, PA

The SEI requests that any inquiries about this position be directed to Joel Willett and Eric Sigurdson at Russell Reynolds Associates (see below). The SEI will not respond to any direct outreach.

Our Client:

Our client, the Carnegie Mellon University Software Engineering Institute (SEI), is seeking a highly experienced and dynamic candidate to fill the position of Chief Technical Officer (CTO).

Since 1984, the SEI has served the nation as a federally funded research and development center. As part of Carnegie Mellon University, which is well known for its highly rated programs in computer science and engineering, the SEI operates at the leading edge of technical innovation.

The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. We work closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Our core purpose is to help organizations improve software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

SEI is positioned at the nexus of academia, government and industry and undertakes the following activities to fulfill its mission as a national resource:

  • Performs research to advance and mature the discipline of engineering and securing software systems
  • Builds proof-of-concept and demonstration systems that are used in conjunction with stakeholders, to assess the viability of new approaches to mission challenges
  • Widely disseminates recent advances and proven solutions relevant to is mission statement
  • Deploys domain expertise, on-demand in short order to assist with critical, urgent or sensitive government program challenges

SEI aspires to bring software-based capabilities with confidence to the Department of Defense and other government entities. Confidence is multi-faceted—in cost and schedule, in functionality, in security, and in desirable architectural properties (i.e., the “ilities” or non-functional requirements such as reliability, sustainability, extensibility, flexibility, availability, safety, etc.). It is also the confidence that people with moderate levels of education and training are able to operate software systems effectively and safely.

The SEI is recognized internationally for its work in software engineering and cyber security. For more information, you may visit the SEI web site at www.sei.cmu.edu

The Role:

Would you like to set the course for the research direction of an internationally recognized institute focused on software engineering and cybersecurity?

As a member of the executive leadership team and reporting to the Director/Chief Executive Officer, the Chief Technology Officer (CTO) has a strategic focus. The CTO role formulates technical strategy that is responsive to the needs of our sponsor and that demonstrates a forward leaning view of technology. With a total budget for the institute of approximately $150 million, the CTO has a direct impact and responsibility for $20 million of research funding which we wish to grow. Additionally, this role provides technical oversight and influence over the entire SEI program.

Although the CTO is engaged in providing input and shares in the development of the overall SEI strategic plan, you will ultimately have responsibility for the creation and maintenance of our research plan. You will develop this plan based on current and predicted future trends in technology, government and industry with feedback from the research programs and through performance indicators. You ensure that the programs’ research plans are aligned with the overall research strategy plan. Your responsibilities will also include technical and business reviews of line funded projects, and for a program that explores and cultivates new research that develops, realizes, and transitions the strategic research vision. This role is also responsible for understanding the breadth of technical work at the SEI.

The key responsibilities of the CTO are:

  • Leading and reviewing the funded research program.
  • Creating a long range vision and developing it into an executable strategic research program.
  • Conducting activities to predict the future of technology in both industry and government
  • Creating and overseeing an exploratory program.
  • Enhancing the brand and reputation of the SEI with current and future constituents in academia, government, and the private sector.
  • Supporting the Director/CEO and Deputy Director/COO in the conduct of reviews (programmatic, financial, technical).
  • Presenting SEI research strategic direction and technical overviews at professional and technical meetings (for example, representing the SEI at professional meetings such as, IEEE or ACM SWE Conferences, DDR&E and DARPA program reviews, etc.)
  • Identifying opportunities for technical integration among initiatives.
  • Presenting SEI research strategy plan and technical overviews at professional and technical meetings (for example, representing the SEI at professional meetings such as IEEE or ACM technical conferences, DARPA program reviews, and to forums associated with ASD(R&E), USD(AT&L), Service SAEs, PEOs, and other key partners in DoD, IC, USG, and industry).
  • Mentor and guide technical staff and teams.
  • Act as a trusted liaison between the SEI and Carnegie Mellon faculty.

Candidate Profile:

Ideally you have obtained a PhD in Computer Science, Engineering, or a related discipline. You will also have a minimum of 15 years of progressively increasing CTO responsibilities running large complex research projects in a university, the Department of Defense, or in a software intensive systems environment. You have demonstrated experience in building and leading high technology teams. You possess knowledge of the software engineering discipline and the software acquisition process as well as cyber expertise and familiarity with cyber missions. You are able to demonstrate experience managing large, complex, research projects that were focused on information technology, software technology, assurance, cyber and/or software engineering. Management experience within a university, government, military, and/or Fortune 500 technology-based organization is preferred.

Additionally, you should possess:

  • Tier one academic experience with a stellar reputation.
  • Strong business insight and be a visionary with purpose.
  • Demonstrated exposure to the cybersecurity and software engineering space.
  • A reputation for applied and/or theoretical research and be well published.
  • Success in securing support and funding for research projects.
  • Track record of accomplishment in leading the research agenda for technology-based organizations.
  • Strong influencing skills.
  • Demonstrated ability in developing a strategic plan to accomplish goals.
  • Demonstrated understanding of the DoD and Federal acquisition and developer communities.
  • Reputation for the highest level of integrity.
  • High comfort level with ambiguity.
  • Success at building consensus within a matrixed organization.
  • Excellent oral, written and presentation skills.
  • Able to obtain a clearance at the Top Secret level.

What would we expect from you in terms of setting strategy?

  • You have the creativity and articulation needed to inspire vision not only for the areas you are directly responsible for, but for the entire organization.
  • You are inclined to seek and analyze data from a variety of sources to support decisions and to align others with the institute's overall strategy.
  • You demonstrate an entrepreneurial and creative approach to developing new, innovative ideas that will stretch the organization and push the boundaries within the industry.
  • You possess the skill to effectively balance the desire and need for broad change with an understanding of how much change the organization is capable of handling, to create realistic goals and implementation plans that are achievable and successful.

How will you execute for results?

  • You set clear and challenging goals while committing the organization to improved performance; tenacious and accountable in getting results.
  • You are comfortable with ambiguity and uncertainty; and adapt nimbly and lead others through complex situations.
  • You are a risk-taker who seeks data and input from others to foresee possible threats or unintended circumstances from decisions; someone who takes smart risks.
  • You are viewed by others as having a high degree of integrity and forethought in your approach to making decisions; to act in a transparent and consistent manner while always taking into account what is best for the organization.

What will your approach be to leading teams?

  • You can attract and recruit top talent, motivate the team, delegate effectively, celebrate diversity within the team, and manage performance; widely viewed as a strong developer of others.
  • You have experience persevering in the face of challenges, and exhibit a steadfast resolve and relentless commitment to higher standards, which garners respect from followers.
  • As a technology leader you are self-reflective and aware of your own limitations; lead by example and drive the organization's performance with an attitude of continuous improvement by being open to feedback and self-improvement.

How will you build relationships and influence?

  • You naturally connect and build strong relationships with others, demonstrating strong emotional intelligence and an ability to communicate clearly and persuasively.
  • You inspire trust in others through compelling influence, powerful charisma, passion in your beliefs, and active drive.
  • You are willing to share the spotlight and visibly celebrate and support the success of the team.

The CTO creates a sense of purpose and meaning for the team that generates followership beyond his/her own personality and engages others to the greater purpose for the SEI as a whole.

The SEI requests that any inquiries about this position be directed to Joel Willett and Eric Sigurdson at Russell Reynolds Associates. The SEI will not respond to any direct outreach.

Contact:

Eric Sigurdson
Russell Reynolds Associates
155 North Wacker Drive
Suite 4100
Chicago, IL 60606-1732
Tel: +1-312-993-9696
Mobile: +1-312-543-4861
eric.sigurdson@russellreynolds.com

Joel Willett
Russell Reynolds Associates
1700 New York Ave
Suite 400
Washington, DC 20006
Tel: +1-202-654-7816

Mobile: +1-502-608-7815

Joel.willett@russellreynolds.com

30 Nov
2017
Software Security Engineer - 2007359
Pittsburgh, PA

What We Do:

The Software Engineering Institute helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Our core purpose is to help organizations improve software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

The Secure Coding Team, of the world renowned CERT division of the SEI, is a pioneer of the identification and development of secure coding and secure software development practices. We are looking for an exceptional person to help us continue our leadership of ground-breaking improvements for securing software during development. Software has never been more important to our lives and our national security, nor has software insecurity ever been a greater risk.

If you join the team, you will work with elite cyber security experts to help software developers and software development organizations reduce vulnerabilities resulting from coding errors before they are deployed. We improve software security by identifying common programming errors that lead to software vulnerabilities, establishing secure coding standards, developing evaluation tools, and educating software developers.

Position Summary:

You will lead and participate in research and engineering projects that identify and implement standards for organizations to develop secure software systems. This will include developing and applying guidelines for writing secure code in C, C++, Java, and other popular languages. It also includes developing and using tools to verify that software is developed securely. You will work directly with customers to: develop and provide training in secure coding practices; evaluate, extend, and use tools to improve and automate source code analysis; review and improve code bases to ensure that the standards are being followed; and enhance the customers’ organizational capabilities to produce secure software systems. You will be expected to help customers improve their software to meet the security and privacy needs of their users by writing reports and delivering presentations that explain the results of your research and software evaluations.

Requirements:

  • You have a BS in Computer Science, Software Engineering, Information Science, or Information Systems Management with at least eight (8) years applicable experience.
  • You are willing to travel to other SEI locations, sponsor sites, conferences and offsite meetings.
  • You are able to thrive in an office setting, sitting for long time periods and having close contact with a computer.
  • You are able to multi-task and be detailed oriented.
  • You can meet inflexible deadlines and deal with challenges while maintaining professionalism.
  • You will be subject to a background investigation and must be eligible to obtain and maintain a Department of Defense security clearance.

Knowledge, Skills and Abilities:

You will have the knowledge, skills, and abilities to:

  • Develop and analyze source code in common programming languages such as C, C#, C++, Java, and Python, with a focus on secure coding principles and practices
  • Use static and dynamic analysis tools to evaluate software to find and remove vulnerabilities
  • Build and configure various software build environments, and build custom tools to integrate and automate the use of software building and analysis tools
  • Develop and implement novel and advanced software analysis techniques
  • Lead projects in a team environment with varying skills, experience and locations
  • Plan and organize the evaluation approach for projects, including the collection and analysis of data from multiple sources, generate defensible results, and represent them in reporting products and interactions with customers, sponsors, and the public
  • Recognize and deal appropriately with confidential and sensitive information such as source code and software weaknesses and vulnerabilities
  • Develop and explain technical decisions and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements
  • Work meticulously with careful attention to detail required to identify defects and weaknesses in large software systems, and to identify development process improvement opportunities
  • Be self-motivated and capable of self-learning to maintain a working knowledge of the ever-changing software development landscape
  • Contribute to program objectives and plan development
  • Perform under minimal direction and use independent judgement when necessary
  • Participate in conferences and workshops where security-related issues are discussed

Desired Experience:

  • MS in Computer Science, Software Engineering, Information Science, or Information Systems Management with five (5) years applicable experience; or PhD in those disciplines with two (2) years applicable experience.
  • Develop and modify compilers and interpreters, understanding the underlying computer and compiler architectures, algorithms, performance trade-offs, and impact of optimization techniques on security issues
  • Work with DoD and other US Government software-intensive systems programs and software maintenance groups, understanding their unique needs, proposing and closing work to meet their needs, and lead projects to develop solutions that address their secure software development and acquisition needs
  • Represent DoD and US Government program constituency and perspective based on experience to other team members to aid in developing relevant research and development proposals and solutions
  • Transition knowledge, tools, and other work products from research projects to DoD and other US Government partners
  • Develop approaches to address software assurance in the risk management framework context
  • Develop and analyze software for specific platforms, such as mobile platforms and embedded systems
  • Evaluate software assurance using a range of methods, such as dynamic and binary analysis, model checking, assertions, and semantic formalizations
  • Use threat modeling tools to perform threat analysis on software systems

Job Function Breakdown:

40% Directly support customer work in secure coding, verification and validation techniques, and technical training. Tailor our current offerings to provide value to customers by evaluating their software, software development, and software acquisition/procurement practices, and providing improvement recommendations. Communicate the findings of such evaluations through reports and presentations. Build new tools and capabilities that improve our ability to meet customer needs.

30% Contribute to internally funded research projects, developing experimentation environments, evaluating secure software development practices, and communicating results internally and externally in reports and presentations.

15% Codify knowledge that has been gained through customer and research projects to expand and update knowledge transfer materials, such as Secure Coding guidelines, training materials, and tools.

15% Develop knowledge and understanding of SEI capabilities; learn how SEI capabilities can be applied to customer problems; work directly with SEI staff supporting the community with disciplines related to secure coding and secure development.

TOTAL=100%

Benefits:

Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/ . You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status

#seijob

09 Nov
2017
Security Engineer- Big Data and Analytics - 2007382
Arlington, VA

What We Do: The CERT Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. CERT engages in state of the art computer security capabilities to raise the bar across the Nation and globally.

Position Summary: As a member of our team, you will assist in evaluating new technologies and design approaches for various cyber security use cases. We are looking for engineers who will help advance our evaluation methods and develop recommendations on the use of the latest architectures and analytic techniques. We work in a lab environment providing hands-on access to hardware allowing us to install and change components as needed for a given project. We build prototypes to prove how components really function and gain operational experience before making recommendations. You will have opportunities to implement new tools to measure performance, assess scalability, and imagine potential capabilities. We want ambitious individuals who have the desire to learn and will embrace brainstorming new ideas with others.

The open source communities continue to grow and enterprises are evolving their infrastructure at an increasing pace. Financial constraints and the desire to implement quickly make open source projects attractive to many engineers. We need to understand these trends and be able to offer informed advice so program managers are able to make sound decisions and execute. We want to link together security analysis and infrastructure engineering to rapidly respond to emerging threats.

Requirements:

  • BS with eight (8) years or MS with five (5) years of applicable experience. Your concentration of study should be in computer science, software engineering, computer engineering, or a related quantitative field of study.
  • Willingness to travel to visit other offices and attend conferences and training. Moderate travel (15%).
  • You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance.

Knowledge, Skills and Abilities:

Apply your skills and dedication to protecting our Nation from cyber security threats and join our team to solve today's complex problems.

  • Experience applying security best practices and understanding of assessing risks to IT networks.
  • Understanding of the latest techniques for data pipelines involving collection, messaging, and processing frameworks.
  • Hands-on experience with the Linux and basic networking.
  • Have proven the ability to work independently addressing problems as they arise and driving projects to completion.
  • The ability to work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff;

Desired Experience:

  • Understanding of how a security operation center (SOC) works and how to analyze logs and traffic to identify potential security incidents.
  • Exposure to machine learning and other advanced data analytic methods.
  • Experience with Kafka, Hadoop, Spark, Bro, Logstash, or Elasticsearch.
  • Knowledge in programming with Python, Scala, C, or Java.

Job Functions or Responsibilities:

75% Developing and evaluating prototypes.

15% System administration and working with vendors.

5% Presenting work to customers and other groups.

5% Contributing to the broader security community.

100% Total Effort

Benefits:

Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/. You can join an institution that inspires innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

#seijob

23 Oct
2017
Senior Vulnerability Coordination Advisor - 2007238
REMOTE - Linthicum, MD

This position is located in Linthicum, Maryland

What We Do: The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Our core purpose is to help organizations improve software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

Position Summary: The CERT Division of the Software Engineering Institute (SEI) is seeking an applicant for the role of a Senior Vulnerability Coordination Advisor for the Threat Analysis directorate. The SEI is a federally funded research and development center at Carnegie Mellon University. The work of the Threat Analysis directorate includes:

  • Developing state of the art approaches for analyzing executable code.
  • Applying these approaches to understanding systemic vulnerabilities in software systems and how attackers adapt their tradecraft to exploit those vulnerabilities.
  • Studying and influencing the software security and vulnerability disclosure ecosystems.
  • You will work with a government partner located in Linthicum, Maryland, supporting operations for a government vulnerability coordination program, helping us translate our research into operational improvements to the program.

Requirements:

  • BS in Computer science, Software Engineering, information systems, or a related technical field with ten (10) years of experience; MS in computer science or technical/engineering field with eight (8) years of experience or equivalent combination of training and experience; PhD in computer science or technical/engineering field with five (5) years of experience; or equivalent combination of training and experience..
  • Requires travel to various domestic locations within the SEI and CMU community to include the SEI Pittsburgh office, sponsor sites, conferences, and offsite meetings with routine frequency (1-2 trips a month)
  • You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance.

About you:

  • You have a deep interest in cybersecurity, intellectual curiosity and a desire to make an impact beyond your organization
  • You enjoy developing and communicating innovative ideas and thinking creatively to solve tough problems
  • You can work under stress and adapt to shifting priorities;
  • You relate collaboratively and diplomatically with people inside and outside the organization
  • You can organize and plan complex projects;
  • You can recognize and properly handle confidential and sensitive information.

Skills and Abilities:

  • Understanding of Internet fundamentals including network protocols, provider operations and governance
  • Ability to apply knowledge of technology, systems architecture and security best practice to practical problems in enterprise security
  • Ability to advise on a range of security topics based on research and expert opinion
  • Ability to work independently with limited supervision, lead project teams and mentor peers;
  • Ability to objectively compare, and evaluate alternative technical solutions, and communicate results;
  • Facility communicating complex system designs, technical approaches and road maps to sponsors, project managers and technical staff;
  • Ability to distill the implications of complex research results, and apply those results to government operations;
  • Knowledge of USG networks, security operations, and policy and governance.

Desired Experience:

  • Experience in vulnerability research, analysis, disclosure, and mitigation
  • Experience applying modern data-driven research methods to business strategy, risk analysis and information security decision making
  • Experience collaborating on industry and academic community projects
  • Ability to develop software in Python and other modern programming languages
  • Background in mathematical programming, statistical modeling or machine learning

Job Function Breakdown:

60% Act as a lead for one or more engagements. This includes advising government partners on technical issues, understanding their needs, advising on improvements to operational processes, and supporting colleagues in the development and transition of new analysis methods and tools.

20% Work with colleagues on research studies and prototypes, and help assemble reports and briefings on various security topics related to the application of threat research to problems in vulnerability coordination and remediation.

15% Contribute to conferences and meetings; participate in marketing/engagement calls and technical exchanges with clients; analyst technical exchanges, training sessions and public speaking engagements; participate on working groups for subjects of interest

5% Engage in professional development activities to maintain and grow expertise.

100% total effort

Benefits: Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/. You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

23 Oct
2017
Vulnerability Coordination Advisor - 2007239
REMOTE - Linthicum, MD

This position is located in Linthicum, Maryland

What We Do: The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Our core purpose is to help organizations improve software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

Position Summary: The CERT Division of the Software Engineering Institute (SEI) is seeking an applicant for the role of a Vulnerability Coordination Advisor for the Threat Analysis directorate. The SEI is a federally funded research and development center at Carnegie Mellon University. The work of the Threat Analysis directorate includes:

  • Developing state of the art approaches for analyzing executable code.
  • Applying these approaches to understanding systemic vulnerabilities in software systems and how attackers adapt their tradecraft to exploit those vulnerabilities.
  • Studying and influencing the software security and vulnerability disclosure ecosystems.
  • You will work with a government partner located in Linthicum, Maryland, supporting operations for a government vulnerability coordination program, helping us translate our research into operational improvements to the program.

Requirements:

  • BS in Computer science, Software Engineering, information systems, or a related technical field with eight (8) years of experience; MS in computer science or technical/engineering field with five (5) years of experience or equivalent combination of training and experience; PhD in computer science or technical/engineering field with two (2) years of experience; or equivalent combination of training and experience..
  • Requires travel to various domestic locations within the SEI and CMU community to include the SEI Pittsburgh office, sponsor sites, conferences, and offsite meetings with routine frequency (1-2 trips a month)
  • You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance.

About you:

  • You have a deep interest in cybersecurity, intellectual curiosity and a desire to make an impact beyond your organization
  • You enjoy developing and communicating innovative ideas and thinking creatively to solve tough problems
  • You can work under stress and adapt to shifting priorities;
  • You relate collaboratively and diplomatically with people inside and outside the organization
  • You can organize and plan complex projects;
  • You can recognize and properly handle confidential and sensitive information
  • Knowledge, Skills and Abilities:
  • Understanding of Internet fundamentals including network protocols, provider operations and governance
  • Ability to apply knowledge of technology, systems architecture and security best practice to practical problems in enterprise security
  • Ability to advise on a range of security topics based on research and expert opinion
  • Ability to work independently with limited supervision, lead project teams and mentor peers;
  • Ability to objectively compare, and evaluate alternative technical solutions, and communicate results;
  • Facility communicating complex system designs, technical approaches and road maps to sponsors, project managers and technical staff;
  • Ability to distill the implications of complex research results, and apply those results to government operations;
  • Knowledge of USG networks, security operations, and policy and governance.

Desired Experience:

  • Experience in vulnerability research, analysis, disclosure, and mitigation
  • Experience applying modern data-driven research methods to business strategy, risk analysis and information security decision making
  • Experience collaborating on industry and academic community projects
  • Ability to develop software in Python and other modern programming languages
  • Background in mathematical programming, statistical modeling or machine learning

Job Function Breakdown:

60% Act as a lead for one or more engagements. This includes advising government partners on technical issues, understanding their needs, advising on improvements to operational processes, and supporting colleagues in the development and transition of new analysis methods and tools.

20% Work with colleagues on research studies and prototypes, and help assemble reports and briefings on various security topics related to the application of threat research to problems in vulnerability coordination and remediation.

15% Contribute to conferences and meetings; participate in marketing/engagement calls and technical exchanges with clients; analyst technical exchanges, training sessions and public speaking engagements; participate on working groups for subjects of interest

5% Engage in professional development activities to maintain and grow expertise.

100% total effort

Benefits: Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/. You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

23 Oct
2017
Machine Learning Research Scientist - 2007235
Pittsburgh, PA or Arlington, VA

What We Do:

The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Our core purpose is to help organizations improve software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

Position Summary:

Machine Learning researchers at the SEI help our government and industry clients solve their problems using ML technology. In this role, you will work with our customers to identify areas where advanced statistical techniques can help tackle problems, plan and develop prototype solutions, and build out final products. You'll get a chance to work with elite cybersecurity professionals and university faculty to build new technologies that will influence national cybersecurity strategy for decades to come. You will co-author research proposals, execute studies, and present findings to DoD sponsors and at academic conferences.

Our team works on a wide range of projects. Some of our current work includes developing metrics and experimental designs for large-scale cybersecurity research programs, researching human-in-the-loop machine learning, and building classifiers to identify security vulnerabilities in code. We have access to a wide variety of cyber-related data, including malware samples, netflow data, cybersecurity training runs and tests, incident tickets, and more. If you are a computer science or statistics expert with an interest in cybersecurity, we want to hear from you!

Requirements:

  • BS in machine learning, cybersecurity, statistics, or related discipline with eight (8) years of experience or equivalent combination of training or experience.
  • Willingness to travel to various locations to support the SEI’s overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion.
  • You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance.

Knowledge, Skills and Abilities:

  • Deep understanding of statistical modeling techniques
  • Comfortable working in the Unix command line
  • Thrives in a multi-disciplinary environment
  • Superb communication skills
  • Expertise implementing machine learning techniques (e.g., K-means, SVM, neural networks)
  • Familiar with at least one mathematical/statistical programming package (e.g., python numpy/scipy/pandas, R, MATLAB, etc.)
  • Strong software engineering skills
  • You should have Cybersecurity or privacy experience
  • Experience supporting test and evaluation for large-scale government research programs is a plus

Desired Experience:

  • MS or PhD in machine learning, computer science, statistics, or other related quantitative field
  • Two (2) to five (5) years of experience
  • Experience with specific methods and/or evidence that you can learn.

Job Function Breakdown:

60% - Collaboration - Works with CMU, SEI, other researchers, and the intelligence community to enhance the state of the art in technologies to assist in the analysis of large volume and streaming data. Works with CMU and SEI engineers to apply state of the art technologies to prototype systems that assist in the analysis of large volume and streaming data.

20% - Communication – Attends meetings, submits work progress reports, and performs related duties as required

20% - Project Work - Represents work plans and prototypes via publications, conferences, and meetings to the academic research, engineering, DoD, and first responder communities

100% Total Effort

Benefits:

Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/ . You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

#seijob

23 Oct
2017
Machine Learning Research Scientist - 2007236
Pittsburgh, PA or Arlington, VA

What We Do:

The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Our core purpose is to help organizations improve software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

Position Summary:

Machine Learning researchers at the SEI help our government and industry clients solve their problems using ML technology. In this role, you will work with our customers to identify areas where advanced statistical techniques can help tackle problems, plan and develop prototype solutions, and build out final products. You'll get a chance to work with elite cybersecurity professionals and university faculty to build new technologies that will influence national cybersecurity strategy for decades to come. You will co-author research proposals, execute studies, and present findings to DoD sponsors and at academic conferences.

Our team works on a wide range of projects. Some of our current work includes developing metrics and experimental designs for large-scale cybersecurity research programs, researching human-in-the-loop machine learning, and building classifiers to identify security vulnerabilities in code. We have access to a wide variety of cyber-related data, including malware samples, netflow data, cybersecurity training runs and tests, incident tickets, and more. If you are a computer science or statistics expert with an interest in cybersecurity, we want to hear from you!

Requirements:

  • BS in machine learning, cybersecurity, statistics, or related discipline or equivalent combination of training or experience.
  • Willingness to travel to various locations to support the SEI’s overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion.
  • You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance.

Knowledge, Skills and Abilities:

  • Deep understanding of statistical modeling techniques
  • Comfortable working in the Unix command line
  • Thrives in a multi-disciplinary environment
  • Superb communication skills
  • Expertise implementing machine learning techniques (e.g., K-means, SVM, neural networks)
  • Familiar with at least one mathematical/statistical programming package (e.g., python numpy/scipy/pandas, R, MATLAB, etc.)
  • Strong software engineering skills
  • You should have Cybersecurity or privacy experience
  • Experience supporting test and evaluation for large-scale government research programs is a plus

Desired Experience:

  • MS in machine learning, computer science, statistics, or other related quantitative field
  • Two (2) to four (4) years of experience
  • Experience with specific methods and/or evidence that you can learn.

Job Function Breakdown:

60% - Collaboration - Works with CMU, SEI, other researchers, and the intelligence community to enhance the state of the art in technologies to assist in the analysis of large volume and streaming data. Works with CMU and SEI engineers to apply state of the art technologies to prototype systems that assist in the analysis of large volume and streaming data.

20% - Communication – Attends meetings, submits work progress reports, and performs related duties as required

20% - Project Work - Represents work plans and prototypes via publications, conferences, and meetings to the academic research, engineering, DoD, and first responder communities

100% Total Effort

Benefits:

Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/ . You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

09 Oct
2017
SEI Summer Internship Opportunities 2018
Pittsburgh, PA

We are looking for Summer Interns, full-time, 40 hours/week. If you are a student looking to expand your education beyond what you can learn in school, and earn money doing it, we want you to come work with us! You’ll have an opportunity to work on cutting-edge projects while adding experience to your resume. Our interns do real work: writing code, analyzing data, and collaborating as valuable team members.

What We Do: The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Our core purpose is to help organizations improve software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

Internship opportunities may be available in the following areas:

  • Programming
  • Cybersecurity Research
  • Design / Communication
  • Software Design/Development
  • Project Management
  • Computer Engineering
  • Help Desk Support
  • Computer Science
  • Information Systems
  • Management Information Systems
  • Mathematics
  • Statistics
  • Systems Engineering
  • Malware Analysis

Requirements:

  • You must be currently enrolled in a degree granting program.
  • You will be subject to a background check and must be eligible to work in the United States without Visa sponsorship.

Check for our positions on Handshake!

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

03 Oct
2017
Senior Software Assurance Engineer - 2007077
Operating Location Boston - Bedford, MA

What We Do: The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Our core purpose is to help organizations improve software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

Position Summary: The CERT program of the Software Engineering Institute is looking to fill a leadership position to help improve cybersecurity of the NC3 Weapons System (Nuclear Command, Control and Communication). We expect the position to be highly visible and deeply impactful to assist senior leaders of the Air Force program to increase the cyber resiliency of NC3 throughout the lifecycle spanning from the requirements, development, deployment and sustainment.

Requirements:

  • Bachelor's degree or equivalent degree in a relevant discipline with ten (10) years applicable experience; MS or equivalent degree in a relevant discipline with eight (8) years applicable experience; PhD or equivalent degree in a relevant discipline with five (5) years applicable experience, or equivalent combination of training and experience.
  • Willingness to travel to various locations to support the SEI’s overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Will be required to travel on overnight assignments.
  • You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance.

Duties: As the Senior Member of the Cyber Security Foundations directorate, you will be accountable for:

  • Leading multi-functional teams in numerous areas of Cybersecurity and acquisition.
  • Understanding threat environments.
  • Completing vulnerability assessments.
  • Crafting system architecture and recommending requirements to insert into the acquisition lifecycle.
  • Aligning with cybersecurity initiatives and coordinating with the DoD and the AF.
  • Synchronizing with technical staff in CERT and SEI programs to deliver cybersecurity technical expertise to NC3.

Knowledge, Skills and Abilities: We are looking for qualified individuals that can demonstrate the following characteristics:

  • Experience in software engineering, development and/or systems engineering
  • An understanding of DoD acquisition processes and relevant cyber security processes, such as the Risk Management Framework (RMF)
  • Expertise in building, leading, managing and participating on multi-functional, technological teams
  • Engage effectively with all organizations within the software and acquisition communities
  • Interact diplomatically with partners, customers and sponsors and preferred knowledge of nuclear weapons systems is desired

You should retain detailed knowledge of cybersecurity and mission assurance in the acquisition process. Have strong written and verbal communications skills and the ability to present to high visibility partners internal and external to the organization. Also, someone that has shown their project and programmatic management skills and be able to collaborate with clients by developing proposals and establishing relationships with new and existing government clients. You should demonstrate the knowledge to mitigate risks, manage staff planning and handle budgeting needs. You will also need to lead and participate in multidisciplinary teams.

Desired Experience:

  • Master's degree in Computer Science, Information Systems, Systems Engineering, Software Engineering, or Acquisition Management.

Job Function Breakdown:

65% NC3 Leader - Participate as a leader or member of technical teams in support of NC3 Weapon System acquisition program office.

20% Business Development - Work with managers, business developers, current customers, and prospective customers to identify and define value-delivering opportunities and capture work.

10% Other Duties- Other duties as assigned by management

5% Advisory for SEI - Serve in an advisory capacity to other SEI technical programs on acquisition or technical issues.

TOTAL=100%

Benefits: Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/ . You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

03 Oct
2017
Senior Software Assurance Engineer - 2007079
Pittsburgh, PA or Arlington, VA

What We Do: The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Our core purpose is to help organizations improve software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

Position Summary: The CERT program of the Software Engineering Institute is looking to fill a leadership position to help improve cybersecurity of the NC3 Weapons System (Nuclear Command, Control and Communication). We expect the position to be highly visible and deeply impactful to assist senior leaders of the Air Force program to increase the cyber resiliency of NC3 throughout the lifecycle spanning from the requirements, development, deployment and sustainment.

Requirements:

  • Bachelor's degree or equivalent degree in a relevant discipline with ten (10) years applicable experience; MS or equivalent degree in a relevant discipline with eight (8) years applicable experience; PhD or equivalent degree in a relevant discipline with five (5) years applicable experience, or equivalent combination of training and experience.
  • Willingness to travel to various locations to support the SEI’s overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Will be required to travel on overnight assignments.
  • You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance.

Duties: As the Senior Member of the Cyber Security Foundations directorate, you will be accountable for:

  • Leading multi-functional teams in numerous areas of Cybersecurity and acquisition.
  • Understanding threat environments.
  • Completing vulnerability assessments.
  • Crafting system architecture and recommending requirements to insert into the acquisition lifecycle.
  • Aligning with cybersecurity initiatives and coordinating with the DoD and the AF.
  • Synchronizing with technical staff in CERT and SEI programs to deliver cybersecurity technical expertise to NC3.

Knowledge, Skills and Abilities: We are looking for qualified individuals that can demonstrate the following characteristics:

  • Experience in software engineering, development and/or systems engineering
  • An understanding of DoD acquisition processes and relevant cyber security processes, such as the Risk Management Framework (RMF)
  • Expertise in building, leading, managing and participating on multi-functional, technological teams
  • Engage effectively with all organizations within the software and acquisition communities
  • Interact diplomatically with partners, customers and sponsors and preferred knowledge of nuclear weapons systems is desired

You should retain detailed knowledge of cybersecurity and mission assurance in the acquisition process. Have strong written and verbal communications skills and the ability to present to high visibility partners internal and external to the organization. Also, someone that has shown their project and programmatic management skills and be able to collaborate with clients by developing proposals and establishing relationships with new and existing government clients. You should demonstrate the knowledge to mitigate risks, manage staff planning and handle budgeting needs. You will also need to lead and participate in multidisciplinary teams.

Desired Experience:

  • Master's degree in Computer Science, Information Systems, Systems Engineering, Software Engineering, or Acquisition Management.

Job Function Breakdown:

65% NC3 Leader - Participate as a leader or member of technical teams in support of NC3 Weapon System acquisition program office.

20% Business Development - Work with managers, business developers, current customers, and prospective customers to identify and define value-delivering opportunities and capture work.

10% Other Duties- Other duties as assigned by management

5% Advisory for SEI - Serve in an advisory capacity to other SEI technical programs on acquisition or technical issues.

TOTAL=100%

Benefits: Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/ . You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

#seijob

03 Oct
2017
CERT Engagement Lead - 2007082
Arlington, VA

What We Do: The Software Engineering Institute (SEI) is the applied research institute as part of world renowned Carnegie Mellon University. The SEI performs state of the art research advancing the principles and practices of software engineering, cybersecurity, and application of the most advanced information technology. The SEI advances the creation of cyber secure information systems using advanced information technology and inventing the best software practices to deliver results on time, in budget, and without defects, every time. The SEI disseminates knowledge and collaborates with defense and government, industry, and academia to fulfill its mission.

Position Summary:

  • Do you have excellent cyber security technical skills?
  • Can you communicate clearly to cyber security floor operations personnel and senior leaders?
  • Do you want to help secure the nation and its critical infrastructure from cyber attack?
  • We will combine our team of technical experts and your skills to guide our nation to better cybersecurity outcomes.
  • You as the engagement lead will work in your specialty area while representing the larger body of work to sponsor senior leaders.
  • We are an equal opportunity employer searching for the best skills possible. We have great benefits for both you and your partner or family.
  • We combine a flexible work environment with state of the art technology to make a national impact for the nations cyber security needs.

We have expertise in all phases of cyber security: security requirements definition, security systems engineering, secure coding, vulnerability testing & discovery, endpoint assessment, malware reverse engineering, network security analysis, and policy. We work on groundbreaking security problems facing the nation. You can join our team.

You will research new vulnerabilities and security techniques. You will participate in the larger security community internal to CERT and externally giving presentations and attending conferences. Your will represent your expertise and the work of the whole organization to our sponsors.

Requirements:

  • You have a bachelor degree in computer science / computer engineering or related discipline with ten (10) years of prior experience or a master degree with five (5) years of prior experience.
  • You can travel both locally and remotely to sponsor sites to give presentations and attend meetings.
  • You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance.

Desired Experience:

  • Experience researching or developing novel new security techniques or vulnerability discovery.
  • Experience working in or with computer or network security operations centers.
  • Programming and development experience with significant software systems or embedded development systems.

Job Function Breakdown:

40% - Works with team leads, technical managers, and technical directors to manage portfolio of research and development projects to support sponsor and to understand sponsor needs

30% - Leads sponsor support, gathers requirements, and develops technical work in support of sponsor and internal development teams

30% - Engages various communities presenting the work of CERT and capturing new advances in cyber security

TOTAL = 100%

Benefits: Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/. You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

02 Oct
2017
Digital Intelligence Technical Manager - 2007061
Pittsburgh, PA

Which devices should you take or prioritize when conducting a raid in a special operations mission? Can a vehicle navigation system be more valuable than a cellphone in a terrorism investigation? How do you maintain the velocity of an investigation or incident response when there are hundreds of terabytes of data to analyze from myriad devices and platforms? What is the next generation of technologies Federal Law Enforcement, the Department of Defense (DoD) and the US Intelligence Community (USIC) should be concerned about? How can you quantify the operational risk — and value — that arises through the use of consumer electronics, social media, and commercial communication networks?

Who we are:

The CERT Digital Intelligence team seeks to develop cutting edge solutions to address critical and emerging challenges encountered by the DoD, Federal Law Enforcement, and US Intelligence Community. Key to our success is a diverse team of researchers, scientists, and engineers with a passion for understanding the implications of emerging technologies on US Government defensive and offensive missions.

Who we are looking for:

You should be a strong technical leader with a solid background in digital exploitation and capable of identifying gaps between theory and practice. You will be responsible for the development and execution of a strategic vision and roadmap that advances the state of the art and practice for both defensive and offensive cyber operations. Your role will provide leadership to a diverse team working across the following areas:

  • Platform assessment
    • Hardware and systems analysis to assess the appropriateness of technological solutions based on their intended use or application.
    • Analysis of non-traditional systems with potential forensic/operational value.
  • Mobile devices and applications
    • Development of tools and methods to enable rapid analysis of mobile devices and applications for the purposes of understanding their value in digital operations as well as the potential privacy implications inherent to their use.
  • Identity Intelligence and Resolution
    • Development of science-based approaches for identifying and correlating users from unrelated or non-obvious digital artifacts.
  • Red Teaming
    • Engineering and design of focused threat-based analyses to determine the efficacy of technical solutions and approaches to US Government challenges.
  • Non-traditional forensics
    • Research and development of tools and methods for forensic analysis of non-traditional devices with potential forensic or operational value. These may include, but are not limited to, embedded systems, wearables, IoT devices, gaming consoles, vehicle-based systems, etc.
  • Radio/Spectral Research and Analysis
    • Analysis of emerging consumer technologies related to low-powered radios, cellular, and other means of communication.

Team deliverables include technical publications; industry and government conference presentations; course development and delivery; direct customer engagement; and prototype tools and techniques.

Requirements:

  • Master’s degree, preferably in Electrical/Computer Engineering, Computer Science, Machine Learning, Mathematics, or equivalent field with 5+ years of post-degree experience.
  • Technical publication and presentation experience. Demonstrated technical proficiency with contemporary computing hardware, software and network technologies.
  • Willingness to travel to various locations to support the SEI’s overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Moderate Travel (20%)
  • You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance.

Desired Experience:

Candidates with the following experience are preferred:

  • Exploratory data analysis
  • Software/Hardware debugging and prototyping
  • Reverse-engineering and vulnerability discovery
  • Technical management of staff, projects, and customer deliverables
  • Customer and community engagement

Job Function Breakdown:

30% Manages group to effectively implement the SEI and task order work plans. Sets goals and objectives and manages operational and functional business activities. Develops, implements and tracks short and long term operational plans (financial, staffing, infrastructure, project).

30% Provides guidance to and monitors the success of team and project leads in meeting strategic and operational goals. Assesses performance of direct reports and makes salary recommendations for all staff within areas of responsibility. Provides oversight of team leads and their supervisory responsibilities of technical staff and conducting performance reviews. Responsible for recruitment, hiring, development and retention of all technical and support staff.

20% Sets technical agenda of the technical area. Leads planning process and contribute to the development the CERT strategic plan. Matures the state of the art/state of practice for areas of responsibility. Ensures regular update of technical area’s plan; reviews feasibility of plan, identifies risks and defines risk mitigation strategy. Articulates vision for internal and external audiences. Engages with current and future customers to pursue growth and evolution of work.

10% Identifies opportunities for new technical projects and manages start-up of new, high-priority technical programs of work. Works with leadership to develop and implement a funding and transition plan for new work areas.

10% Directs organizational effectiveness and staff learning and development plans. Identifies operational success measures and process improvements. Leads corrective action.

100% Total Effort

Benefits:

Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/. You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

#seijob

27 Sep
2017
Senior Software Assurance Engineer - 2007007
Operating Location Boston - Bedford, MA

Position Summary: The CERT program of the Software Engineering Institute is looking to fill a leadership position improving the cyber security of acquisitions in the Air Force. This high visibility, high impact position will be responsible for helping senior leaders of Air Force programs improve the cyber resiliency of software intensive systems throughout the acquisition lifecycle, from requirements to development to deployment and sustainment.

This Senior Member of the Cyber Security Foundations directorate will be responsible for leading cross functional teams that enable the organizations within the Air Force to enhance the predictable performance and mission assurance in the acquisition, evolution and operations of software-reliant systems. Key activities include understanding customer requirements and key challenge problems and addressing them with tailored solutions; applying, adapting, integrating, verifying and transitioning applicable research and practices to maximize impact; creating, applying and codifying new approaches to support customer needs and advance the software security state of the practice; and maintaining situational awareness in technical and DoD domains. The candidate will coordinate closely with technical staff in CERT and other SEI programs to deliver cyber security technical expertise to customers throughout the life-cycle.

Minimum Qualifications and Requirements:

Education/Training: BS or equivalent degree in relevant discipline with ten (10) years applicable experience; MS or equivalent degree in relevant discipline with eight (8) years applicable experience; PhD or equivalent degree in relevant discipline with five (5) years applicable experience, or equivalent combination of training and experience.

Experience: The candidate must have experience in software engineering, development or management, and/or systems engineering. Must be knowledgeable of the software engineering and system engineering disciplines as well as understanding the DoD acquisition processes and relevant cyber security processes, such as the Risk Management Framework (RMF). The candidate should have experience building, leading, managing and participating on cross-functional, high technology teams, should be able to operate effectively with all organizations within the software and acquisition communities and be able to interact diplomatically with partners, customers and sponsors.

Skills/Abilities: Detailed knowledge of cyber security and mission assurance in the acquisition process; detailed knowledge of at least one core competency: requirements, architecture and design, program and acquisition management, performance improvement, or assurance. Experience in five or more of the following: DoD software systems acquisition on major programs (For the purposes of this announcement, our definition of major is at least 100K SLOC of custom developed code, and/or significant integration of COTS/GOTS products); solid technical breadth and understanding of all aspects of the end-to-end software lifecycle (e.g., requirements, design, implementation, testing, etc.); alternative life cycles (e.g. waterfall, agile); major DoD software acquisition policies and directives; enterprise architecture ; software architecture development and evaluation, software architecture patterns (e.g. SOA) and concepts (e.g. Cloud computing); information Assurance/survivability; systems engineering on software intensive systems; COTS product integration; performance measurement including definition and application of goals, measurements and metric; system of systems engineering; requirements development and management; software integration and test and software/hardware integration; deployment of software intensive systems, especially including transition from legacy systems; cost estimation.

Strong written and verbal communications skills and the ability to present to high visibility stakeholders internal and external to the organization. Proven program and project management skills including: interfacing with clients, developing proposals, and establishing relationships with new DoD and/or government clients and programmatic and project management skills (e.g., ability to develop project plans, track deliverables, manage risks, perform staff planning, provide budget oversight). Ability to lead and participate in multidisciplinary teams.

Mobility: Will be required to travel on overnight assignments.

Environmental Conditions: Usual office setting, close contact with computer for prolonged periods of time.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: Master's degree in Computer Science, Information Systems, Systems Engineering, Software Engineering, or Acquisition Management.

Licenses: Certified DoD Acquisition Professional. Certified PMP.

Accountability: The member will be directly accountable for understanding DoD acquisition and cyber security needs, applying new technologies, and establishing delivery capabilities to meet the needs of the sponsoring organization and the acquisition community.

Direction: As a technical staff member, he/she will be expected to operate with minimum supervision using CMU and SEI defined practice, policies and procedures, in concert with the SEI mission.

Decisions: Will be required to work with government program offices to identify strengths and weaknesses within the acquisition program and their contractor base and build solutions to address the weaknesses and recognize and encourage the strengths.

Supervisory Responsibilities: Must be able to lead and supervise others.

Job Functions or Responsibility:

65% Participate as a leader or member of technical teams in support of government acquisition program offices or participate as a member of a technical team performing research. Identify and support the implementation strategies for the capture and application of learning and knowledge transfer from assignments (e.g. dissemination of research results, case studies, guides, reports, presentations, articles, workshops, courses, and blog entries).

20% Work with managers, business developers, current customers, and prospective customers to identify and define value-delivering opportunities and capture work.

10% Other duties as assigned by management.

5% Serve in an advisory capacity to other SEI technical programs on acquisition or technical issues.

100% TOTAL EFFORT

Organizational Chart: SEI Director’s Office < Director, CERT < Technical Director, Cyber Security Foundations < Technical Manager

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

#seijob

05 Jul
2017
Associate Cyber Security Analyst - Reverse Engineering & Python - 2006085
Pittsburgh, PA

What We Do: The CMU/SEI Forensic Operations and Investigations team is a cutting edge analytical resource focusing on critical U.S. Government (USG) needs. For the past 10 years, we have provided analytical and operational support on high-profile investigations including numerous activities both nationally and internationally. Through this work the FOI can see the current limitations of digital analysis and incident response in the field first hand. We combine our applied research with the unique talents, operational experience, research capabilities, and vast knowledge base to develop new tools and methods to address cyber security limitations and critical gap areas.

Are you creative, curious, energetic, collaborative, technology-focused, and hard-working?

Position Summary: In this role you will serve in a multi-disciplinary position providing ongoing support to federal law enforcement, defense agencies, and the national intelligence community. You will provide support to on-going operations in the areas of incident response and investigation, full-spectrum digital analysis and applied research in emerging areas of cybercrime. You will build interdisciplinary approaches to problem solving, and demonstrate strong presentation and instructional skills. You will also interact with clients and staff of all levels in a highly professional and competent manner.

Requirements:

  • BS Computer Science or other related discipline and a minimum of three (3) years of related experience
  • MS in the same fields with one or more (1+) year’s relevant experience in analysis of digital artifacts or incident response
  • Willingness to travel to various locations to support the SEI's overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Moderate travel (25%)
  • You will be subject to a background investigation and need to be eligible to obtain and maintain a Department of Defense security clearance

Duties Include

  • Ability to pay close attention to detail, meet deadlines, work under stress, and communicate effectively.
  • Design, develop, pilot and deliver products. Required to accurately represent FOI and its technical work in interactions with customers, sponsors, and the public.
  • Research and characterize security threats including defining appropriate countermeasures.
  • Interact with clients and staff of all levels in a highly professional and competent manner.
  • Act independently using CMU and SEI defined policies, practices, and procedures.

Knowledge, Skills, and Abilities:

  • Hardware or software reverse engineering for either vulnerability discovery/assessment or malware analysis
  • Understanding of common security controls including firewalls, proxies, IDS/IPS, Web Application Firewalls
  • Technical knowledge of fundamental Internet protocols, services, and technologies to include HTTP(S), TLS, DNS, SMTP, TCP/IP, ICMP, JSON, REST
  • 1+ years with some of the following scripting languages: SQL, Python, JavaScript, Perl, PHP and/or shell scripting
  • Understanding of Routing protocols for Cisco and Routers
  • Penetration Testing
  • Understanding of server/client/operating systems
  • Knowledge of common vulnerabilities, exploits and mitigations
  • Digital artifact analysis (host, network, mobile devices and IoT)
  • Incident Response
  • Ability to research and characterize security threats including defining appropriate countermeasures
  • Virtual infrastructure and hypervisors

Job Function Breakdown:

70% Operational support for SEI customers.

10% Perform applied research in emerging areas of digital forensics.

15% Deliver technical and management training to customers.

5% Contribute to the research and technical agendas of the FOI.

100% Total Effort

Benefits:

Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/ . You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

#seijob

05 Jul
2017
Junior Cyber Security Analyst - 2006086
Pittsburgh, PA

What We Do:

The CMU/SEI Forensic Operations and Investigations team is a cutting edge analytical resource focusing on critical U.S. Government (USG) needs. For the past 10 years, we have provided analytical and operational support on high-profile investigations, including numerous activities both nationally and internationally . Through this work the FOI can see the current limitations of digital analysis and incident response in the field first hand. We combine our applied research with the unique talents, operational experience, research capabilities, and vast knowledge base to t develop new tools and methods to address cyber security limitations and critical gap areas.

Are you creative, curious, energetic, collaborative, technology-focused, and hard-working?

Position Summary:

In this role you will serve in a multi-disciplinary role providing ongoing support to federal law enforcement, defense agencies, and the national intelligence community. You will provide support to on-going operations in the areas of incident response and investigation, full-spectrum digital analysis and applied research in emerging areas of cybercrime. You will build interdisciplinary approaches to problem solving, and demonstrate strong presentation and instructional skills.

Requirements:

  • BS Computer Science or other related discipline and a minimum of one (1) year of related experience
  • Willingness to travel to various locations to support the SEI’s overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Moderate travel (25%)
  • You will be subject to a background investigation and need to be eligible to obtain and maintain a Department of Defense security clearance

Duties Include:

  • Ability to pay close attention to detail, meet deadlines, work under stress, and communicate effectively.
  • Design, develop, pilot and deliver products. Required to accurately represent FOI and its technical work in interactions with customers, sponsors, and the public.
  • Research and characterize security threats including defining appropriate countermeasures.
  • Interact with clients and staff of all levels in a highly professional and competent manner.

Knowledge,Skills, and Abilities:

  • Hardware or software reverse engineering for either vulnerability discovery/assessment or malware analysis
  • Experience with common security controls including firewalls, proxies, IDS/IPS, Web Application Firewalls
  • Technical knowledge of fundamental Internet protocols, services, and technologies to include HTTP(S), TLS, DNS, SMTP, TCP/IP, ICMP, JSON, REST
  • 1+ years with some of the following scripting languages: SQL, Python, JavaScript, Perl, PHP and/or shell scripting
  • Understanding of Routing protocols for Cisco and Routers
  • Understanding of server/client/operating systems
  • Penetration Testing
  • Knowledge of common vulnerabilities, exploits and mitigations
  • Digital artifact analysis (host, network, mobile devices and IoT)
  • Incident Response
  • Virtual infrastructure and hypervisors

Job Function Breakdown:

70% Operational support for SEI customers.

10% Perform applied research in emerging areas of digital forensics.

15% Deliver technical and management training to customers

5% Contribute to the research and technical agendas of the FOI

100% Total Effort

Benefits:

Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/ . You can join an institution and inspire innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

#seijob

05 Jun
2017
Senior Cyber Security Engineer - 2005737
Pittsburgh, PA or Arlington, VA

Position Summary: The CERT Division is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Division engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.

The individual in this position will work as a member of the Cybersecurity Assurance (CA) Team within the CERT Division. The CA team develops solutions (in the form of frameworks, models, tools, policies, practices, technical guidance, and training) that allow organizations to assess, analyze, and manage organizational, operational, and technical risks to mission-critical assets, processes, systems, and infrastructures.

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science (or other technical field) with ten (10) years’ experience, or equivalent combination of training and experience.

Certifications: Certified Information Systems Security Professional (CISSP), and/or Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA) and/or Certified Ethical Hacker (CEH)

Experience: Professional experience as an information security engineer, network security architect, information systems auditor, information systems analyst, or similarly technical occupation.

Experience with and applied knowledge in:

  • Common risk and cybersecurity assessment methods
  • Data analytics and cybersecurity metrics
  • Cybersecurity laws, regulations, and standards
  • Common network security architectures
  • Common networking protocols and services
  • Cyber security, survivability, and resilience concepts and issues
  • Software and systems engineering
  • Building and maintaining customer relationships
  • Strategic Planning and requirements definition
  • Process improvement
  • Program planning, budgeting, and management

Skills/Abilities: Must exhibit the following skills and abilities:

  • Understanding of information technology, security assessment methods, and telecommunications systems
  • Working knowledge of network interoperability, cyber security, and survivability issues, including cyber security best practices and standards
  • Working knowledge of DHS critical infrastructure sectors and related security and resilience issues
  • Working knowledge of the DoD and federal agency resilience needs and cyber security roadmaps
  • Development and delivery of information and infrastructure security risk and vulnerability evaluations
  • Ability to conduct analytical studies and investigations
  • Reasoning and problem-solving skills
  • Ability to work independently with limited supervision
  • Ability to interact effectively with diverse constituencies internally and externally
  • Ability to work well as a member of a cooperative team; ability to work in a matrix organizational structure
  • Ability to recognize and deal appropriately with confidential and sensitive information
  • Ability to implement project plans, monitor project budgets, and identify and mitigate project risks
  • Leadership and mentoring skills
  • Excellent written and oral communication skills; ability to contribute to technical research white papers and reports; ability to prepare papers and deliver presentations to technical and non-technical audiences; ability to contribute to customer technical exchanges and marketing presentations
  • Ability to work on customer sites with high-ranking members of federal agencies and DoD
  • Participation in professional society activities, particularly IEEE and ACM

Physical/Mobility: Primarily sedentary in an office setting with some mobility. Ability to travel frequently to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings.

Environmental Conditions: Close contact with computer for extended periods of time.

Mental: Strong interest in the human, managerial, and technical aspects of cyber security is critical for this position as are these abilities:

  • Take or share leadership role in technical projects
  • Work meticulously with careful attention to detail
  • Meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities
  • Deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff
  • Ability to understand the direction, and goals of an effort; ability to develop and communicate innovative ideas; ability to demonstrate initiative and to quickly learn new procedures, techniques, approaches, etc.

Other: Strong interest in cyber security and critical infrastructure protection analysis basis research, applied research, and development. Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science (or related technical field) with eight (8) years’ experience or equivalent experience.

Certifications: Offensive Security Certified Professional (OSCP), and/or GIAC Penetration Tester (GPEN), and/or Certified Ethical Hacker (CEH), and/or Certified Information Systems Security Professional (CISSP), and/or Certified Information Systems Auditor (CISA)

Experience:

  • Expert experience in risk and cybersecurity assessment methods
  • Advanced knowledge of network security architectures
  • Expert knowledge in cybersecurity laws, regulations, and standards
  • Expert experience in data analytics and cybersecurity metrics
  • Experience with common penetration testing toolsets (Metasploit framework, vulnerability scanners, web application scanners, Nmap
  • Experience with common penetration testing methodologies and tactics (PTES, OWASP testing guide, etc.)

Skills/Abilities: Strong presentation/platform skills and excellent writing skills.

Accountability: The individual will implement and participate in the planning and execution of projects leading to technical results. The individual will also contribute to project, department, or program objectives and planning document development. The individual will keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution.

Direction: The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual must make sound technical decisions with little supervision. The individual must accurately represent the program in interactions with customers, sponsors, and the public. The individual is expected to perform analysis on-site at customer locations and immediately assess potential vulnerabilities requiring further investigation.

Supervisory Responsibilities: This position could involve the training and oversight of the work of other staff members, graduate students, resident affiliates, visiting scientists, and independent contractors. Depending on research project or customer work plan, position may involve task leadership.

Job Functions or Responsibilities:

60% Participate in cybersecurity assessments operating in a technical leadership role; analyze assessment data to identify risk areas and propose mitigation alternatives.

15% Participate in research into innovative and cutting-edge tools, techniques, and methods to improve cybersecurity and operational resilience; transition research into applied knowledge for customers.

10% Deliver courses in operational resilience management, cybersecurity management, and information security risk management

5% Contribute to conferences and meetings; participate in marketing calls and technical exchanges with clients; give talks and lectures as appropriate; participate on working groups for subjects of interest.

5% Contribute to and review the literature in cyber security, resilience, and software engineering.

5% Provide assistance and input to other teams and projects within the SEI.

100% Total Effort

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

#seijob

30 May
2017
Compiler Researcher - 2005656
Pittsburgh, PA

Position Summary: We are looking for someone familiar with compilers (particularly dataflow analysis or other forms of static analysis) to work on projects developing techniques for automatically repairing source code to remove certain common classes of vulnerabilities.

Software vulnerabilities constitute a major threat to many of our nation’s mission-critical systems. Static analysis tools help identify these bugs, but they typically are used late in the development process and produce an enormous number of warnings, overwhelming the ability of the development team to fix the code. Automated code repair holds the potential to eliminate security vulnerabilities much faster and at a much lower cost than manual repair.

The Secure Coding team of the world-renowned CERT division of the Software Engineering Institute is a pioneer of the identification and development of secure coding and secure software development practices. Joining the Secure Coding team, you will work with world-class cyber security experts to help software developers and software development organizations reduce vulnerabilities resulting from coding errors before they are deployed. We identify common programming errors that lead to software vulnerabilities, establish standard secure coding standards, educate software developers, and advance the state of the practice in secure coding that leads to secure software systems.

The successful candidate will participate in research and engineering projects related to developing secure software systems, write reports and deliver presentations that explain the findings of their work, and work directly with customers to help transition our work into practice.

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science or Software Engineering with 3 years of applicable experience, or equivalent knowledge and ability. Familiarity with compilers at least to the level of an undergrad compilers course, especially dataflow analysis. Firm grasp of data structures and algorithms.

Skills/Abilities:

Successful candidates will have the ability to:

  • Develop and analyze source code in C and C++
  • Build and configure various software build environments, and build custom tools to integrate and automate the use of software building and analysis tools
  • Analyze data from multiple sources, generate defensible results, and represent them in reporting products and interactions with customers, sponsors, and the public
  • Contribute in a team environment with other team members with varying skills, experience and locations
  • Recognize and deal appropriately with confidential and sensitive information such as source code and software weaknesses and vulnerabilities
  • Develop and explain technical decisions and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements
  • Work meticulously with careful attention to detail required to identify defects and weaknesses in source code of large software systems, and to identify opportunities for improvements to the development process.
  • Be self-motivated and capable of self-learning to maintain a working knowledge of the ever-changing software development landscape.

Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI and Carnegie Mellon community, customer sites, conferences, and offsite meetings with some frequency.

Environmental Conditions: Normal office conditions, close contact with computer for prolonged periods of time.

Mental: Ability to work under pressure and changing priorities; pay attention to detail; meet inflexible deadlines; deal with difficult individuals while maintaining composure.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science or Software Engineering, with 1 year of applicable experience.

Skills/Abilities: Thorough knowledge of the C programming language. Basic familiarity with x86 assembly language. Ability to read and write code in Python. Ability to write an analysis pass for LLVM. Ability to develop software that exhibits desired security properties. Ability to evaluate software for desired security properties.

Accountability: Contributes to program objectives and plans development.

Direction: Performs under minimal supervision, independent judgment is encouraged. Most normal duties and responsibilities are handled independently with the use of established procedures and policies. Difficult or unique situations are referred to the supervisor. Ability to work directly on-site at a customer location with minimal direct supervision from direct supervisor.

Decisions: Participate in conferences and workshops where security-related issues are discussed as required.

Job Functions or Responsibilities:

40% Contribute to internally funded research projects, developing experimentation environments, evaluating secure software development practices, and communicating results internally and externally in reports and presentations.

30% Directly support customer work in secure coding, verification and validation techniques, and technical training. Tailor our current offerings to provide value to customers by evaluating their software, software development, and software acquisition/procurement practices, and providing improvement recommendations. Communicate the findings of such evaluations through reports and presentations. Build new tools and capabilities that improve our ability to meet customer needs.

15% Codify knowledge that has been gained through customer and research projects to expand and update knowledge transfer materials, such as Secure Coding guidelines, training materials, and tools.

15% Develop knowledge and understanding of SEI capabilities; learn how SEI capabilities can be applied to customer problems; work directly with SEI staff supporting the community with disciplines related to secure coding and secure development.

100% TOTAL EFFORT

Organizational Chart: CERT Director < CERT/CSF Technical Director < CERT/Secure Coding Technical Manager < Associate Software Engineer.

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

#seijob

16 Mar
2017
Network Defense Analyst - 2005075
Pittsburgh, PA

Who We Are: You will work within the Monitoring & Response Directorate of the CERT Division of the Software Engineering Institute (SEI). The SEI is a federally funded research and development center on the campus of Carnegie Mellon University in Pittsburgh. CERT engages with the US Government, mainly the defense and intelligence sectors, to research, develop, apply and transition complex cybersecurity solutions. CERT generates some of the highest level of original research and tackles many of the most complex problems facing cybersecurity for the US Government. You will be part of a team that is thoughtfully engaged with its clients involved in emerging technology gaps and aggressively solving problems to migrate solutions to our clients.

What We Do:The CERT Situational Awareness group works with government customers to help them protect and defend their networks. We pioneer innovative ways to monitor and safeguard networked systems. We develop new approaches for identifying and investigating network anomalies. We observe real-world security operations teams and help them improve how they do their jobs. Our work ranges in scope from the close-up investigation and examination of security data to the assessment of large, enterprise-wide networks.

About You:

  • You want to make an impact beyond your organization.
  • You want to be involved with worldwide thought leaders.
  • Your strengths are curiosity, love of learning, deep interest in cybersecurity, and a desire to innovate.

Position Summary: As a Network Defense Analyst, you will participate in and lead technical efforts which include developing and prototyping new security analysis techniques, tools, and platforms. You will prepare analytic reports and contribute to research publications. You will serve as a domain expert for customers, commercial vendors, and the Internet community as a whole. We expect you to contribute to and advance the state of art of cybersecurity analytics. Are you interested in helping us to achieve this mission?

Requirements:

  • BS in Computer Science or a related discipline with eight (8) years experience in security operations, network operations, or security research; MS in Computer Science or a related discipline with five (5) years experience in security operations, network operations, or security research; PhD in Computer Science or related discipline with two (2) years experience in security operations, network operations, or security research; or equivalent combination of education and experience.
  • Travel to various locations within the SEI and CMU community, including sponsor sites, conferences, and meetings. (expected 10-25%)
  • You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance.

Knowledge, Skills and Abilities:

  • Capable of conducting and supporting analytical studies and investigations of network security data.
  • Significant understanding of and practical experience with various Internet protocols and applications (e.g., TCP/IP, HTTP/HTTPS, DNS, SMTP, FTP, routing protocols).
  • Understanding of network, host, and operating system security issues.
  • Operational knowledge and significant understanding of network security devices such as Intrusion Detection Systems, Firewalls, Security Information Managers, Network Vulnerability Scanners.
  • Operational knowledge and understanding of routing and switching protocols, including Internet routing.
  • Ability to function in the role of a consultant with some mentorship from senior staff members.
  • Excellent planning and organizational skills.
  • Strong analytical skills.
  • Excellent oral and written communication skills.
  • Ability to work well with minimal direction and with teams.
  • Ability to discuss security topics with both technical and nontechnical audiences, and to communicate with customers at various levels of leadership.
  • Ability to work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities.
  • Ability to participate in conversations collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff.
  • Ability to develop and communicate new ideas; ability to quickly learn new procedures, techniques, and approaches.

Desired Experience:

  • Experience working in a collaborative environment with team members who have diverse skills.
  • Participation in the public forum of the broader information security community.
  • Prior experience working directly with customers from government and/or industry.
  • Experience with data visualization.
  • Skilled at working with specialized technologies such as data mining, clustering, machine learning, neural networks, distributed computing and/or big data platforms.
  • Strong statistics background.
  • Scripting and/or programming in a high level language, including participation in sound software engineering (e.g. version control, documentation).

Job Functions Breakdown:

60% Participate in studies of data from operational networks, and advise network operators in written reports and presentations on security improvements based on those studies.

35% Participate in the development of novel approaches to network security analysis, and build prototype tool implementations.

5% Speak publicly and to customers on work performed.

100% total effort

Benefits: Our benefits philosophy encompasses three driving priorities: Choice, Control, and Well-being. Learn more at https://www.cmu.edu/jobs/benefits-at-a-glance/. You can join an institution that inspires innovations that change the world.

Carnegie Mellon University is a welcoming workplace that considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

#seijob

09 Feb
2017
Cyber Security Engineer - 2004923
Pittsburgh, PA or Arlington, VA

Position Summary: The CERT Division is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Division engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.

The individual in this position will work as a member of the Cybersecurity Assurance (CA) Team within the CERT Division. The CA team develops solutions (in the form of frameworks, models, tools, policies, practices, technical guidance, and training) that allow organizations to assess, analyze, and manage organizational, operational, and technical risks to mission-critical assets, processes, systems, and infrastructures.

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science (or other technical field) with eight (8) years’ experience, or equivalent combination of training and experience.

Certifications: Certified Information Systems Security Professional (CISSP), and/or Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA) and/or Certified Ethical Hacker (CEH)

Experience: Professional experience as an information security engineer, network security architect, information systems auditor, information systems analyst, or similarly technical occupation.

Experience with and applied knowledge in:

  • Common risk and cybersecurity assessment methods
  • Data analytics and cybersecurity metrics
  • Cybersecurity laws, regulations, and standards
  • Common network security architectures
  • Common networking protocols and services
  • Cyber security, survivability, and resilience concepts and issues
  • Software and systems engineering
  • Building and maintaining customer relationships
  • Strategic Planning and requirements definition
  • Process improvement
  • Program planning, budgeting, and management

Skills/Abilities: Must exhibit the following skills and abilities:

  • Understanding of information technology, security assessment methods, and telecommunications systems
  • Working knowledge of network interoperability, cyber security, and survivability issues, including cyber security best practices and standards
  • Working knowledge of DHS critical infrastructure sectors and related security and resilience issues
  • Working knowledge of the DoD and federal agency resilience needs and cyber security roadmaps
  • Development and delivery of information and infrastructure security risk and vulnerability evaluations
  • Ability to conduct analytical studies and investigations
  • Reasoning and problem-solving skills
  • Ability to work independently with limited supervision
  • Ability to interact effectively with diverse constituencies internally and externally
  • Ability to work well as a member of a cooperative team; ability to work in a matrix organizational structure
  • Ability to recognize and deal appropriately with confidential and sensitive information
  • Ability to implement project plans, monitor project budgets, and identify and mitigate project risks
  • Leadership and mentoring skills
  • Excellent written and oral communication skills; ability to contribute to technical research white papers and reports; ability to prepare papers and deliver presentations to technical and non-technical audiences; ability to contribute to customer technical exchanges and marketing presentations
  • Ability to work on customer sites with high-ranking members of federal agencies and DoD
  • Participation in professional society activities, particularly IEEE and ACM

Physical/Mobility: Primarily sedentary in an office setting with some mobility. Ability to travel frequently to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings.

Environmental Conditions: Close contact with computer for extended periods of time.

Mental: Strong interest in the human, managerial, and technical aspects of cyber security is critical for this position as are these abilities:

  • Take or share leadership role in technical projects
  • Work meticulously with careful attention to detail
  • Meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities
  • Deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff
  • Ability to understand the direction, and goals of an effort; ability to develop and communicate innovative ideas; ability to demonstrate initiative and to quickly learn new procedures, techniques, approaches, etc.

Other: Strong interest in cyber security and critical infrastructure protection analysis basis research, applied research, and development. Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science (or related technical field) with five (5) years’ experience or equivalent experience.

Certifications: Offensive Security Certified Professional (OSCP), and/or GIAC Penetration Tester (GPEN), and/or Certified Ethical Hacker (CEH), and/or Certified Information Systems Security Professional (CISSP), and/or Certified Information Systems Auditor (CISA)

Experience:

  • Expert experience in risk and cybersecurity assessment methods
  • Advanced knowledge of network security architectures
  • Expert knowledge in cybersecurity laws, regulations, and standards
  • Expert experience in data analytics and cybersecurity metrics
  • Experience with common penetration testing toolsets (Metasploit framework, vulnerability scanners, web application scanners, Nmap
  • Experience with common penetration testing methodologies and tactics (PTES, OWASP testing guide, etc.)

Skills/Abilities: Strong presentation/platform skills and excellent writing skills.

Accountability: The individual will implement and participate in the planning and execution of projects leading to technical results. The individual will also contribute to project, department, or program objectives and planning document development. The individual will keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution.

Direction: The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual must make sound technical decisions with little supervision. The individual must accurately represent the program in interactions with customers, sponsors, and the public. The individual is expected to perform analysis on-site at customer locations and immediately assess potential vulnerabilities requiring further investigation.

Supervisory Responsibilities: This position could involve the training and oversight of the work of other staff members, graduate students, resident affiliates, visiting scientists, and independent contractors. Depending on research project or customer work plan, position may involve task leadership.

Job Functions or Responsibilities:

60% Participate in cybersecurity assessments operating in a technical leadership role; analyze assessment data to identify risk areas and propose mitigation alternatives.

15% Participate in research into innovative and cutting-edge tools, techniques, and methods to improve cybersecurity and operational resilience; transition research into applied knowledge for customers.

10% Deliver courses in operational resilience management, cybersecurity management, and information security risk management

5% Contribute to conferences and meetings; participate in marketing calls and technical exchanges with clients; give talks and lectures as appropriate; participate on working groups for subjects of interest.

5% Contribute to and review the literature in cyber security, resilience, and software engineering.

5% Provide assistance and input to other teams and projects within the SEI.

100% Total Effort

Organizational Chart: Director, CERT Division < Technical Director, Cyber Risk and Resilience< Technical Manager, Cybersecurity Assurance Team < Cyber Security Engineer

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

#seijob

11 Jan
2017
Senior Software Security Engineer - 2004716
Pittsburgh, PA

Position Summary: The Secure Coding Team, of the world renowned CERT division of the Software Engineering Institute, is a pioneer of the identification and development of secure coding and secure software development practices. We are looking for exceptional candidates to help us continue our legacy of ground-breaking improvements for securing software during development. Software has never been more important to our lives and our national security, nor has software insecurity ever been a greater risk.

Joining the Secure Coding team, you will work with world-class cyber security experts to help software developers and software development organizations reduce vulnerabilities resulting from coding errors before they are deployed. We identify common programming errors that lead to software vulnerabilities, establish standard secure coding standards, develop tools to evaluate and improve software, educate software developers, and advance the state of the practice in secure coding that leads to secure software systems.

The successful candidate will lead and participate in research and engineering projects that identify and implement best practices for organizations to develop secure software systems. This will include developing and applying guidelines for writing secure code in C, C++, Java, and other popular languages. It also includes developing and using tools to verify that software is developed securely. The candidate will work directly with customers to: develop and provide training in secure coding practices; evaluate, extend, and use tools to improve and automate source code analysis; review and improve code bases to ensure that best practices are being followed; and enhance the customers’ organizational capabilities to produce secure software systems. The candidate will be expected to write reports and deliver presentations that explain the findings of research and software evaluations, helping customers improve their software to meet the security and privacy needs of their users.

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science, Software Engineering, Information Science, or Information Systems Management with ten (10) years applicable experience.

Skills/Abilities: Successful candidates will have the ability to:

  • Develop and analyze source code in common programming languages such as C, C#, C++, Java, and Python, with a focus on secure coding principles and practices
  • Use static and dynamic analysis tools to evaluate software to find and remove vulnerabilities
  • Build and configure various software build enviornments, and build custom tools to integrate and automate the use of software building and analysis tools
  • Develop and implement novel and advanced software analysis techniques
  • Develop and modify compilers and interpreters, understanding the underlying computer and compiler architectures, algorithms, performance trade-offs, and impact of optimization techniques on security issues
  • Lead projects in a team environment with other team members with varying skills, experience and locations
  • Plan and organize the evaluation approach for projects, including the collection and analysis of data from multiple sources, generate defensible results, and represent them in reporting products and interactions with customers, sponsors, and the public
  • Recognize and deal appropriately with confidential and sensitive information such as source code and software weaknesses and vulnerabilities
  • Develop and explain technical decisions and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements
  • Work meticulously with careful attention to detail required to identify defects and weaknesses in large software systems, and to identify development process improvement opportunities.
  • Be self-motivated and capable of self-learning to maintain a working knowledge of the ever-changing software development landscape.

Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI and Carnegie Mellon community, customer sites, conferences, and offsite meetings with some frequency.

Environmental Conditions: Normal office conditions, close contact with computer for prolonged periods of time.

Mental: Ability to work under pressure and changing priorities; pay attention to detail; meet inflexible deadlines; deal with challenges while maintaining composure; work with sensitive information.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science, Software Engineering, Information Science, or Information Systems Management with eight (8) years applicable experience; or PhD in those disciplines with five (5) years applicable experience.

Skills/Abilities:

  • Work with DoD and other US Government software-intensive systems programs and software maintenance groups, understanding their unique needs, proposing and closing work to meet their needs, and lead projects to develop solutions that address their secure software development and acquisition needs.
  • Representing DoD and US Government program constituency and perspective based on experience to other team members to aid in developing relevant research and development proposals and solutions.
  • Transitioning knowledge, tools, and other work products from research projects to DoD and other US Government partners.
  • Develop approaches to address software assurance in the risk management framework context.
  • Develop and analyze software for specific platforms, such as mobile platforms and embedded systems.
  • Evaluate software assurance using a range of methods, such as dynamic and binary analysis, model checking, assertions, and semantic formalizations.

Accountability: Contributes to program objectives and plans development.

Direction: Performs under minimal supervision, independent judgment is encouraged. Most normal duties and responsibilities are handled independently with the use of established procedures and policies. Difficult or unique situations are referred to the supervisor. Ability to work directly on-site at a customer location with minimal direct supervision from direct supervisor.

Decisions: Participate in conferences and workshops where security-related issues are discussed as required.

Job Functions or Responsibilities:

40% Lead and directly support customer work in secure coding, verification and validation techniques, and technical training. Tailor our current offerings to provide value to customers by evaluating their software, software development, and software acquisition/procurement practices, and providing improvement recommendations. Communicate the findings of such evaluations through reports and presentations. Build new tools and capabilities that improve our ability to meet customer needs.

30% Contribute to internally funded research projects, developing experimentation environments, evaluating secure software development practices, and communicating results internally and externally in reports and presentations.

15% Codify knowledge that has been gained through customer and research projects to expand and update knowledge transfer materials, such as Secure Coding guidelines, training materials, and tools.

15% Develop knowledge and understanding of SEI capabilities; influence new SEI capabilities to be more applicable to customer problems; work directly with other SEI staff supporting the community with disciplines related to secure coding and secure development, sometimes in leadership role.

100% TOTAL EFFORT

Organizational Chart: CERT Director < CERT/CSF Technical Director < CERT/Secure Coding Technical Manager < Senior Software Security Engineer

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

#seijob

Apply for Positions

To apply for open positions visit Careers at the Software Engineering Institute.

Search for Positions

Interested in working with us?

Search positions

Accessibility Needs for Applicants, Students and Visitors

Carnegie Mellon University makes every effort to provide physical and programmatic access individuals with disabilities. If you require an accommodation to participate in any part of the employment process, please contact Disability Resources by emailing access@andrew.cmu.edu or calling 412-268-3930.

Carnegie Mellon University considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

Error in element (see logs)