Position Summary:  The CERT Malicious Code (MC) group is part of the CERT Program in the Software Engineering Institute. This approximately 15-person group: analyzes, reverse engineers, and finds relationships between malicious code; designs, prototypes, and transitions novel malicious code analysis tools and techniques; identifies and studies emerging security trends and threats; builds organic capability in operational organizations, and participates in the broader security community.  The position of technical manager is responsible for all aspects of developing and executing the MC body of work to include setting the technical direction; managing financials; business development; and personnel issues.

Minimum Qualifications and Requirements:

Education/Training: BS in a scientific or technical field with ten (10) years’ experience; MS in a scientific or technical field with eight (8) years’ experience.

Experience:  Experience should include some work in operational security or incident response; software development or analysis; and business development activities and progressive growth in responsibility managing a team of at least ten (10) individuals with commensurate personnel and financial authority.

Skills/Abilities:  Working knowledge of:  operating systems internals (Windows, Linux); static and dynamic code analysis techniques and tools, to include existing gap areas; current malicious code challenges and threats faced by USG intelligence, defense, law enforcement, and civilian organizations; internet protocols, operations, and governance.  Ability to:  foster professional growth and develop technical/professional leadership capabilities in technical staff; set and implement a strategic direction for a technical group; oversee planning and execution of body of work using rigorous project management techniques; sustain a team with business development activity.

Physical Mobility: Primarily sedentary in an office setting with some mobility. Requires travel to various domestic locations within the SEI and CMU community to include the SEI DC office; sponsor sites; conferences; and offsite meetings with routine frequency (2-3 trips a month).

Environmental Conditions: Normal office conditions; close contact with computer display for extended periods of time

Mental: The ability to: envision operational application of fundamental and applied research ideas; elicit technical requirements and direct capability development based on collaborate with executive, non-technical, or domain-expert stakeholders; communicate complex designs or plans to executive staff, sponsors, project managers and technical staff in clear concise language tailored to the audience; meet deadlines while working on multiple tasks often with shifting priorities; and deal collaboratively and successfully with customers, co-workers and other professional colleagues, managers, and staff.

Other: Candidates must be able to pass a background investigation, obtain a DoD TS/SCI security clearance, and be a US citizen.

Preferred Qualifications and Requirements:

Education/Training: PhD in a related technical field with five (5) years’ experience.

Experience:  Experience listed above should include leadership in operational security capability, applied research and development projects, and business development activities.  Prior responsibility in managing a team of 20 individuals with commensurate personnel and financial authority.  Participation in public and closed community security forums through activities such as publication, presentation, collaborative security operations, and collaborative research.  Experience with: multiple, external sponsors and providing operational support to customers in an operational security environment such as incident response, intelligence, or a security operations center; designing and/or developing tools and systems for single-file and large-scale code analysis; supporting the transition of code analysis systems and tools to multiple diverse customers; maintaining relationships to collect external data; designing, managing, and leveraging large databases and large datasets; in IA-32 assembly and higher level languages such as C, C++, C#, Python, Perl, Java, and Javascript.

Skills/Abilities: Working knowledge of all of the following technologies: code analysis tools (e.g., IDA Pro, OllyDbg, WinDBG), run-time environments, virtual machines, relational databases, anti-virus systems, secure systems and network architecture practices. Knowledge of Windows, Linux, and Apple operating systems.  Established and trusted reputation in USG code analysis community.  Knowledge of USG organizational policies and missions areas/owners in cyber security

Accountability:  This position is accountable for the specification and execution of all MC workplans and the MC portion of the SEI operational plan.

Direction:  The individual in this position is expected to act autonomously using CMU, SEI, and NSS, defined policies, practices, and procedures. Additionally, this position will define those set for MC and influence those set for NSS.

Decisions:  The individual in this position is expected to make strategic choices about the direction of the group that will be distilled into a technical agenda funded by a defined set of existing or new customers and implemented by a team hired to support the specifics tasking.

Supervisory Responsibilities:  This position has supervisory responsibility over all staff in MC to include hiring, performance reviews, salary adjustments, work allocation, and setting the tone and culture of the group.

JOB FUNCTIONS OR RESPONSIBILITIES:

30%  Manages group to effectively implement the SEI and task order work plans. Sets goals and objectives and manages operational and functional business activities. Develops, implements and tracks short and long term operational plans (financial, staffing, infrastructure, project)

30% Provides guidance to and monitors the success of team leads in meeting strategic and operational goals. Assesses performance of direct reports and makes salary recommendations for all staff within areas of responsibility. Provides oversight of team leads and their supervisory responsibilities of technical staff and conducting performance reviews. Responsible for recruitment, hiring, development and retention of all technical and support staff.

20% Sets technical direction for MC. Leads planning process and contribute to the development the CERT strategic plan. Ensures regular update of MC plan; reviews feasibility of plan, identifies risks and defines risk mitigation strategy. Articulates vision for internal and external audiences.

10% Identifies opportunities for new technical projects and manages start-up of new, high-priority technical areas of work. Works with Technical Director of CTVA to develop and implement a funding and transition plan for new work areas.

10% Directs organizational effectiveness and staff learning and development plans. Identifies operational success measures and process improvements. Leads corrective action.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  Program Director, CERT < CERT Threat and Vulnerability (CTVA) Technical Director < Malicious Code Technical Manager

Position Summary: The Senior Member of the Technical Staff of the Civil & Defense Agency Team will be responsible for enabling the Civil & Defense Agency and other organizations to enhance the predictable performance and mission assurance in the acquisition, evolution and operations of software-reliant systems. Key activities include understanding requirements and key challenge problem; working in teams to advise customers in the use of architecture practices to identify and solve large-scale development problems, applying, adapting, integrating, verifying and transitioning the SEI body of knowledge and other bodies of knowledge to maximize impact; creating, applying and codifying new approaches to support customer needs and advance the software engineering and architecture state of the practice; and maintaining situational awareness in technical and DoD domains. The candidate will coordinate closely with technical staff in ASP and other SEI programs to deliver architecture and software engineering technical expertise throughout the lifecycle. The technical staff member will be able to lead and participate in multi-disciplinary teams in support of the ASP vision and mission.


Minimum Qualifications and Requirements:

Education/Training:  Bachelor's degree in computer science, information systems, systems engineering, software engineering, or equivalent combination of experience and training

Experience: The candidate must have at least ten (10) years’ experience in software engineering, development or management and/or systems engineering.  Must be knowledgeable of the software engineering, architecture and system engineering disciplines as well as understanding the DoD, Intelligence Community or Civilian Agency acquisition processes.   The candidate should have experience building, leading, managing and participating on cross-functional, high technology teams, should be able to operate effectively with all organizations within the software and acquisition communities and be able to interact diplomatically with partners, customers and sponsors.   

Skills/Abilities:  Detailed knowledge of software engineering including architecture and design of IT systems.

Experience in five or more of the following:  Civilian Agency or DoD software-reliant systems acquisition or development on large-scale systems (For the purposes of this announcement, the definition of major is at least 100K SLOC of custom developed code, and/or significant integration of COTS/GOTS products);  Solid technical breadth and understanding of all aspects of the end-to-end software lifecycle (e.g. requirements, design, implementation, testing etc.) and to effectively leverage architecture concepts in these activities; Enteprise Architecture (e.g. Federal Enterprise Archtiecture Framework [FEAF], DoD Architecture Framework [DoDAF]); Software architecture development and evaluation including quality attributes;  Architectural and design patterns(e.g. service oriented architectures) and concepts (e.g. cloud computing);  Information Assurance / Resilience; Systems engineering of software-reliant systems and systems of systems; Requirements development and management; Software integration and test and software/hardware integration; COTS product integration;  IT architectures;  Deployment and sustainment of software-reliant systems, including legacy system migration;  knowledge of modern software development languages and platforms.

Strong written and verbal communications skills and the ability to present to high visibility stakeholders internal and external to the organization.  Program and project management skills including Interfacing with clients, developing proposals, and establishing relationships with new DoD and/or government clients and programmatic skills (e.g., ability to develop project plans, scope and track deliverables, manage risks, perform financial management).  Ability to lead and participate in multidisciplinary teams
     
Mobility:  Will be required to travel on overnight assignments.

Environmental Conditions: Usual office setting with extended use of CRT.

Other:   Successful candidate must be able to pass a background investigation, be a US citizen and be eligible for a Top Secret SCI security clearance.


Preferred Qualifications and Requirements:

Education/Training:  Master's degree in Computer Science, Information Systems, systems engineering, or software engineering, or acquisition management with eight (8) years’ experience.

Licenses: Certified Software Architect or Enterprise Architect.

Skills/Abilities:  Experience in organizational change management.  Completion of DoD acquisition accreditation levels (SPRDE, Program Management, and/or Test) and attendance at DAU courses.


Accountability:  The member will be directly accountable for understanding DoD acquisition needs, applying new technologies, and establishing delivery capabilities to meet the needs of the sponsoring organization and the acquisition community.

Direction: As a technical staff member, he/she will be expected operate with minimum supervision using CMU and SEI defined practice, policies and procedures, in concert with the SEI mission.

Decisions: Will be required to work with government organizations to identify strengths and weaknesses within the acquisition/sustainment program and their contractor base and build solutions to address the weaknesses and recognize and encourage the strengths.

Supervisory Responsibilities:  May supervise others.


JOB FUNCTIONS or RESPONSIBILITIES:

85%    Participate as a leader or member of technical teams in support of government acquisition program offices or participate as a member of a technical team performing research.  Identify and support the implementation strategies for the capture and application of learning and knowledge transfer from assignments (e.g. dissemination of research results, case studies, guides, reports, presentations, articles, workshops, courses, and blog entries).

10%    Other duties as assigned by the Acquisition Support Program Executive Director, Deputy Director, Associate Director,  Chief Engineer or their designee.

5%    Serve in an advisory capacity to other SEI technical programs on technical or acquisition issues.

100%     Total Effort
 
ORGANIZATIONAL CHART: SEI Director's Office > Executive Director-Interagency, Acquisition and Cyber > Associate Director, Interagency < Senior Engineer / Architect - Civil and Defense Agencies
 

Position Summary:  This position can be located in Pittsburgh, PA or Arlington, VA.

The mission of the SEI is to improve the practice of software engineering worldwide. One of the areas that the Research, Technology, and System Solutions (RTSS) Program focuses on is creating and applying practices that support the cost-effective use of architecture to develop and evolve systems at all scales.

The successful candidate will be a member of the Architecture Practices team and will contribute to the development of software, system, and system of system architecture practices and their application in real-world settings.  Individual responsibilities include: working in teams to advise customers in the use of architecture practices to identify and solve large-scale development problems; analyzing customer needs throughout the development lifecycle and recommending courses of action; contributing to the development and improvement of architecture practices; using customer experiences to inform and advance an architectural research agenda; and contributing to the technical community through publications and presentations.

The successful candidate will analyze DoD and commercial needs to formulate and prosecute a technical agenda that addresses these needs and will interact extensively with DoD and commercial stakeholders. He or she will have the opportunity to have a seminal and lasting influence on an emerging body of technical research and practice.
 

Minimum Qualifications and Requirements:

Education/Training: MS degree in software engineering, computer science, or information systems or an equivalent combination of training and experience.

Experience: Five years of experience in software and systems development of substantial DoD, government, or industrial systems.

Skills/Abilities: Experience architecting software-intensive systems that includes managing quality attribute concerns (e.g., performance, modifiability, and scalability). Ability to assist with activities across the development lifecycle (including requirements, design, integration, and testing activities) and to effectively leverage architecture concepts in these activities. Ability to analyze customer problems, determine needs, and recommend a course of action. Ability to quickly learn and adapt to new technologies, platforms, and environments. Knowledge of modern software development languages and platforms. Ability to work effectively with team members, customers, and collaborators. Effective written and oral communication skills.

Physical Mobility: The ability and willingness to travel is required.

Environmental Conditions: Usual office setting, including extended work at a computer screen.

Mental: Ability to meet deadlines and function productively as a team member.

Other: US citizenship required; successful candidate must be able to pass background investigation for a DoD security clearance.

Preferred Qualifications and Requirements:

Education/Training: PhD degree in software engineering, computer science, or information systems or an equivalent combination of training and experience.

Experience: Experience as listed above, plus: knowledge of SEI architecture work such as the Architecture Trade-off Analysis Method, Quality Attribute Workshop, and documentation with the Views and Beyond Approach; experience with the design and development of software-intensive systems, systems of systems, or mission-critical systems; and experience working with industry and DoD stakeholders.

Accountability: Estimation and tracking of time for technical tasks.

Direction:  Expected to act independently, with little day-to-day guidance. Expected to also work collaboratively in teams with minimal needed outside facilitation.

Decisions:  Determine architecture-centric solution techniques for practical system development problems.  Determine and recommend appropriate technology to use at a customer site in order to solve specific problems. Determine appropriate technical content for published report.

Supervisory Responsibilities:  Direct support activities to enable technical work. May direct the activities of work study or graduate student. Lead or co-lead customer efforts or transition project teams.

JOB FUNCTIONS OR RESPONSIBILITIES:

55%     Participate on teams for customer specific efforts in architecture-centric life cycle practices.

20%     Contribute to development of architecture practices.
  
20%     Author publication-quality technical reports and deliver presentations as part of the defined technical work plan.

5%       As a member of the RTSS Program, provide input to the program goals, strategies, and technical direction.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  RTSS Director > Architecture Practices manager > this position

Position Summary:  This position will be responsible for leading research projects in the Software Engineering Measurement and Analysis (SEMA) area, participating in research and product development project with other technology groups within the SEI, providing consulting in software measurement to SEI collaborators, and delivering training. When working with SEI technology groups the focus will generally be on providing quantitative and empirical expertise with respect to the development of their technology and to help them measure the transition and impact of their technologies.

Minimum Qualifications and Requirements:

Education/Training: MS in a discipline involving quantitative analysis such as a social science or an MS in a software engineering related discipline such as software engineering, computer science, or information systems.

Experience:   Eight (8) years of applicable experience in empirical research related to software engineering. Three years experience developing software and working on software project teams. Publications and/or presentations in high-quality, peer-reviewed venues.

Skills/Abilities:  Excellent/outstanding written and verbal communication skills; ability to work with and lead teams of professionals; consulting skills; ability to design, plan and conduct empirical studies and investigations including; quasi-experimental designs; ability to use advanced statistics including multivariate techniques; understanding of quality management and process improvement; understanding of software development and maintenance processes and technologies; ability to work meticulously with careful attention to detail; ability to grasp the big picture, direction, and goals of an effort; skilled in using the following tools:  Microsoft Excel, Microsoft Word, Microsoft PowerPoint. Windows OS, at least one statistical analysis package (e.g., Systat, SPSS, JMP).

Physical Mobility: Regular travel required, averaging 10-20%.

Environmental Conditions: Typical office setting with extended work at a computer screen.

Mental:  Ability to work under pressure, meet deadlines, deal collaboratively and diplomatically with customers, SEI team members, managers, and other internal SEI groups. Ability to provide critical comments in a constructive manner. Ability to thrive in a dynamically changing environment (priorities, organization, customer contacts, etc.)

Other:  US citizenship and background investigation required. Willingness to work to evolve existing results, approaches, and courses, rather than inventing new ones.

Preferred Qualifications and Requirements:

Education/Training:  Ph.D. and five (5) years of experience in one of the above disciplines or related fields.

Licenses:  DOD clearance at Secret or above.  Senior level membership or higher in a relevant professional society.

Experience:  Five years or more years of experience in implementing software process improvements and/or software management.   Two or more years of experience in an internal/external consulting role in software engineering. Two or more years of experience acquiring software intensive systems and/or contracting for software services.  Two or more years conducting research involving mining software repositories.  Experience working in a team environment on collaborative projects.

 
Skills/Abilities:  In addition to the above:  conduct of experiments, validation studies, and impact studies on software engineering practices and innovations; knowledge of design of experiments and statistical process control technique; expertise in data mining and machine learning tools and techniques.
   
Accountability:  This position is accountable for work content, quality, schedule and budget adherence.  This position is responsible for planning and tracking product development, delivery, or customer support tasks.  In such cases, the incumbent will be accountable for meeting commitments and for customer satisfaction with the work.  On occasion, the incumbent of this position will work in a matrix environment with other SEI teams and be responsible to the leader of these other teams.  In other instances, the incumbent may lead work with external SEI collaborators and be accountable for performance of the work provided to the collaborators.

Direction:  Operates under general and technical direction from SEMA initiative leader and other relevant team leaders.  Conducts complex technical work with limited supervision and little day-to-day guidance.

Decisions:  Uses analytical techniques and judgment to identify causes of problems and resolves the problems using appropriate procedures and techniques. Also, may decide on design and approach for conducting research.  It is expected that the candidate will have deep expertise in a few techniques and procedures and a familiarity with a broader set. It is also expected that the candidate will collaborate on and contribute to the design and development of novel solutions.  The candidate will replan effort and schedules to accommodate contingencies as they arise.  They will also have direct impact on objectives and approach to own technical work.

Supervisory Responsibilities:  May function as a team leader for specific task or activity.  In this capacity, employee would plan, coordinate, supervise, and execute agreed upon tasks; is supported by administrative support personnel.

JOB FUNCTIONS OR RESPONSIBILITIES:

75%     Design and conduct research and empirical studies of software technologies to demonstrate their impacts and benefits, develop benchmarks, or to develop and test new techniques and methods.  This will include using case study, survey and experimental methods and performing statistical analyses. This work will also focus on empirical validation of new and existing development methods.

25%     Transition measurement technology into practice with other SEI initiatives and customers.  This includes delivering courses and workshops as well as working directly customer defined tasks.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  SEPM Program Director < SEMA Initiative Manager < Senior Member of the Technical Staff

Position Summary:  The Big Data Analytics Developer will join CERT/CC engineering group to develop a new generation of analytics capabilities based on large scale data analytics. CERT/CC is developing a system which will combine various types of network data along with other data types to develop new insights into network activity. The system will require both retrospective analytic capabilities doing large scale analytics as well as network speed response based on small query activity.  The ideal candidate will have experience in large scale data analysis systems using both NoSQL technologies such as Hadoop, as well as various SQL type data analytics capabilities such as traditional database systems (PostgreSQL, Oracle) as well as newer data analytics SQL systems (Netezza, Vertica, Greenplum, ParAccel, MonetDB, InfiDB, Infobright) including hybrid and split systems.

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science, Information Science, Human-Computer Interface Design or equivalent with eight (8)  years of applicable experience, MS in Computer Science, Information Science, Computer Engineering or equivalent with five (5) years of applicable experience, or Ph.D. in Computer Science, Information Science, or equivalent with two (2) years of applicable experience.

Experience:  Must possess: demonstrated experience in Hadoop; knowledge of system integration strategies with large scale data; understanding of bulk loading / streaming loading tradeoffs; ETL technologies; understanding of distributed transaction systems; knowledge of security programming practices to create secure software; experience in documenting and designing large software systems, e.g. UML & patterns; experience in programming in at least one of C, C++, or Java.

Skills/Abilities: Ability to effectively manage multiple projects and priorities.  Strong problem solving skills.  Excellent oral and written communications skills.   Ability to work both independently and with teams.  Ability to elicit technical requirements from management and staff and sponsors.

Physical Mobility:  Primarily sedentary, long periods of sitting, may have to travel to other campus locations, as well as, travel to customer sites, some bending, stretching and lifting up to 50 lbs above head. Moving and setting up computer equipment. Flexibility to travel to various locations within the SEI and CMU community, sponsor sites, conferences, and offsite meetings potentially with routine frequency.

Environmental Conditions:  Normal office conditions; however close contact with CRT for prolonged periods of time. Occasional work in machine room (loud and extreme office temperatures 55F-90F).

Mental:  Ability to work under pressure and meet deadlines; ability to prioritize tasks; strong learning capability; ability to assist users of varying competency; ability to interact effectively with vendors, managers, and technical staff. Good technical problem-solving skills; strong information organization skills; good oral and written communication skills. Maintain confidentiality of sensitive information.

Other: Candidate must pass a background investigation and obtain a United States DoD Top Secret Clearance and must be a U.S. citizen.

Preferred Qualifications and Requirements:

Experience:  Must have experience with: building large data analysis systems using a horizontally scaling system; structuring data sharding and query planning for horizontally scaling systems; applying ETL technologies to large scale data problems, for both streaming and bulk loading applications; programming experience in Python, Perl, Lua, Bash, or other scripting languages; experience using OWASP, PCI-DSS, DiACAP, CERT Secure Coding Standards, or equivalent; experience developing software in a well defined software process: TSP, Agile, Kanban, etc.; experience developing secure and robust software tools using static analysis tools, e.g. Securify, Coverity, Compass/ROSE, etc.

Skills/Abilities:  Fluent in a language other than English.

Accountability:  Responsible for translating business requirements coming from sponsors and management into technical requirements, technical guidance, designs, and working systems.

Direction:  The person in this position will work within the CERT/CC Development organization across multiple development teams in multiple development efforts to improve user experience across all projects.

Decisions:  The person in this position will make design and implementation choices for CERT/CC projects.

Supervisory Responsibilities:  This position provides expert guidance and design across a wide spectrum of software development implementation.

JOB FUNCTIONS OR RESPONSIBILITIES:

65%  Work with the internal development teams to design, document, and develop large scale data processing systems from data ingest, processing, and analysis.

10% Travel to and interact with various sponsors understanding workflow and user experience needs.

10% Support production applications with functional and integration testing and test planning.

10% Support development of software engineering process with code review, design review, code development.

5% Participate in the broader security community through collaboration, papers, and presentations.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  SEI Director < CERT Program, Director  < CERT Coordination Center, Technical Director < CERT/CC Engineering, Technical Manager < CERT/CC Eng Ops, Big Data Analytics Developer

Position Summary:  Provides administrative support and data analysis in connection with SEI ethics and compliance initiatives and programs.  Primary responsibilities will include development and maintenance of electronic tracking, including SharePoint sites and various categories of compliance documentation.  Assist with compliance programs and processes, as well as documentation organization and maintenance.  Administrative responsibilities including data entry and file organization. 

Minimum Qualifications and Requirements:

Education/Training:  High School Diploma or equivalent.

Experience:  Three (3) or more years of work experience in an office setting, legal-related experience is a plus. 

Skills/Abilities:  Proficiency with the Microsoft Office Suite and Sharepoint.   Ability to interact professionally with all levels of SEI staff and external customers from administrative to executive staff.   Must have strong leadership skills and possess the ability to generate motivation and commitment.  Excellent interpersonal and organizational skills, including the ability to prioritize work and handle multiple tasks with critical deadlines simultaneously; analytical reasoning and problem solving skills; excellent verbal and written communication skills. Must have initiative and ability to follow-through on projects from initiation to completion.  

Physical Mobility: Normally sedentary with some mobility (able to travel to other campus location; may require some bending and lifting. 

Other:  Successful candidate must be able to pass a background investigation and have the ability to obtain a secret security clearance

Preferred Qualifications and Requirements:

Education/Training:  Paralegal Certification; Microsoft Office Certified

Accountability:  Accountable for providing support and data analysis in connection with SEI ethics and compliance initiatives and programs.  This individual will be responsible for the development and maintenance of electronic tracking, including SharePoint sites and various categories of compliance documentation. 

Direction:  Performs under moderate supervision, supervisor checks progress and results of work. 

Decisions:  Makes decisions based on knowledge and understanding of established practices and procedures.  Recognizes the opportunity for process improvement and participates in the implementation of such activities.   

Supervisory Responsibilities:  Does not supervise others. 

JOB FUNCTIONS OR RESPONSIBILITIES:
 
80%     Support and  data analysis - Develop Sharepoint sites, use  Microsoft  Office Suite to prepare spreadsheets and analyze data.  Maintain and organize compliance records and files.

10%     Track and Analyze compliance program and processes such as fundamental research, conflict of interest, disclosure of information and export control.

10%     Administrative-scheduling meetings, travel arrangements, processing expense reports, effort reports, etc.  

100% TOTAL EFFORT

ORGANIZATIONAL CHART: Director, FABS < Ethics and Compliance Officer < Ethics and Compliance Manager < Ethics and Compliance Administrator

Position Summary:  This is a full-time, temporary position expected to last four months in durations.  The successful candidate will provide a range of administrative support services required for the successful operation of the CERT Coordination Center (CERT/CC) Technical Directorate.  Duties include, but are not limited to:  preparing paperwork and making reservations for domestic and foreign travel and expenses and overseeing distribution of reimbursement funds; scheduling meetings and calendar management; developing reports and presentations based on content provided by the technical staff; entering efforts into the Oracle Labor Distribution system; completing and tracking purchase requests. Able to complete special projects as necessary.  Other duties as required.   Work requires knowledge and understanding of the CERT/SEI/CMU practices, policies, procedures, as well as outstanding ability in specialized office skills, i.e., handling confidential correspondence, etc. 

Minimum Qualifications and Requirements:

Education/Training:  High School Diploma or equivalent combination of training and experience.

Experience:  Four (4) years office and administrative experience.

Skills/Abilities:  Must have strong organizational, communication, reasoning, interpersonal and problem-solving skills; ability to deal with confidential data; ability to use spreadsheets, databases and other software packages (i.e., Word, Excel, Access, PowerPoint) to produce necessary reports; ability to operate standard office equipment; ability to maintain accurate and detailed records; ability to understand and follow directions; ability to compose letters, memos, presentation materials and other correspondence.  A willingness to assume responsibility and to exercise good judgment. This position will require knowledge of various CMU and SEI policies such as travel (domestic and international) and purchasing.

Physical Mobility:  Normally sedentary position with some mobility; i.e., able to travel to other campus locations; may require some bending, stretching, pushing as well as lifting.

Environmental Conditions:  Usual office setting; close contact with CRT for long periods of time.

Mental: Ability to pay close attention to detail, meet inflexible deadlines, remain calm and composed when dealing with difficult situations, work under pressure in a faced paced environment with  frequent interruptions.

Other:  Candidate must have the ability to pass a background investigation, obtain a top secret security clearance and be a U.S. citizen.

Preferred Qualifications and Requirements:

Education/Training:  Associates degree or equivalent combination of training and experience.

Experience: Experience with applications commonly used at CMU and SEI: Oracle, Outlook; experience in an academic setting.

Accountability:  Providing assistance with reports and presentations; maintaining calendars; composing, editing and typing correspondence and other materials; scheduling and coordinating meetings; attending team meetings and scribing minutes; making travel arrangements and preparing reimbursements; collecting/entering efforts; responsible for maintaining several tracking systems; providing assistance to other support staff as required. 

 
Direction:  Expected to work independently in most instances, referring to the supervisor for difficult or unique situations; to be able to perform administrative and clerical duties with little supervision.

Decisions:  Makes decisions based on knowledge and understanding of the practices, policies, and procedures. Answers questions or inquires directly or routes to the most appropriate person. Allocate time to multiple people and projects.

Supervisory Responsibilities:  This position does not supervise others.

JOB FUNCTIONS OR RESPONSIBILITIES:

20% Coordinates travel reservations, prepares paperwork for reimbursements and oversees distribution of reimbursement funds.  Serves as liaison with various SEI departments including Business Services, Human Resources, and Events.  Coordinates arrangements (agendas, travel, catering) for meetings, conferences, and workshops.  Monitors meeting progress.

20% Updates monthly effort reporting  application with data provided by manager, generates reports, and obtains signature approvals for final submission. Enters monthly effort reports into the Oracle Labor Distribution System. Takes detailed notes during meetings and turns these into draft documents for distribution. 

20% Provides general office management; initiating and processing purchase orders, setting up and maintaining filing systems.  Frequently required to respond directly to inquiries and requests.

5% Maintains calendars and coordinate meetings.

35% Performs related duties as assigned.

100% EFFORT 
 

ORGANIZATIONAL CHART:  CTVA, Technical Director < CTVA Administrator < Temporary Administrative Assistant

Position Summary:  This is a temporary position exptected to last twelve (12) months in duration.  The Architecture Practice (AP) group at the Software Engineering Institute, part of Carnegie Mellon University, is searching for a talented Java distributed system developer. AP bridges the gap between academic and government researchers in order to bring cutting edge ideas to government organizations. The candidate will be responsible for developing and maintaining applications using both relational and NoSQL data store technology to support research in system architectures for healthcare applications. The candidate will interact with SEI team members and organizations sponsoring this research.

Minimum Qualifications and Requirements:

Education: Bachelor's degree in information systems or computer science and knowledge of research techniques or equivalent combination of training and experience.

Experience: Two (2) years of server-side Java development of distributed, data-centric systems. Some experience developing applications using one or more NoSQL database systems (Cassandra, HBase, CouchDB, MongoDB, etc.).

Skills/Abilities: Able to design, develop, test, analyze, document, and demonstrate software. Understanding of distributed systems concepts, including CAP tradeoffs, data replication and sharding, and consistency/consensus. Able to quickly learn about new and evolving NoSQL and big data technology, and apply that knowledge to develop prototypes and perform benchmarking and other empirical analyses. Excellent problem solving skill and organizational skills, work successfully in small-team environment with minimal supervision, and communicate results to team members and external collaborators. Able to define and setup software development environment (tool selection and configuration, source control management, build procedures, etc.).

Physical Mobility: Normally sedentary position with some mobility; i.e., able to travel to other campus locations; may require some bending, stretching, pushing as well as lifting of several reams of paper, etc.

Environmental Conditions: Usual office setting, including extended work at a computer screen.

Mental: Ability to pay close attention to detail, meet inflexible deadlines, balance multiple tasks, remain calm during difficult situations, work under pressure, and work with frequent interruptions.

Other: Candidate must be able to pass a background investigation and be a US citizen.

Preferred Qualifications and Requirements:

Experience: Five (5) years of server-side Java development of distributed, data-centric systems. Applied experience developing applications using one or more NoSQL database systems (Cassandra, HBase, CouchDB, MongoDB, etc.). Experience with enterprise-level Oracle, IBM, or MySQL database deployments. Experience developing systems for the healthcare domain, especially related to electronic health records.

Accountability:  Completes project tasks from ranging from routine to highly complex; is accountable for meeting established deadlines and project milestones with a commitment to decisions that have been made.

Direction:  Expected to perform under general supervision. Most normal duties and responsibilities are handled independently with the use of established research protocol and departmental and university procedures and policies. Difficult or unique situations are referred to the supervisor.

Decisions:  Suggests possible solutions in cases where project constraints will not be satisfied.

Supervisory Responsibilities:  May assist or supervise student researchers with projects.

JOB FUNCTIONS OR RESPONSIBILITIES:

70% Designs and implements software applications and database specifications (often in a team setting) or modifies existing software packages to meet specific research needs. Documents new designs, codes and modifications.

15% Attends meetings and submits work progress reports to supervisor as required.

15% Performs related duties as assigned.

100% Total Effort

ORGANIZATIONAL CHART: RTSS Director > AP Initiative Lead > Temporary Research Programmer

Position Summary:  This position is with the CERT Coordination Center (CERT/CC) at the Software Engineering Institute (SEI) of Carnegie Mellon University. The CERT/CC provides neutral, unbiased expert analysis and opinion on technical issues involving cyber security, and has played a key role in internet security since 1988. The location for the position will be at or near the SEI office in Arlington Virginia. As a Computer Security Information Analyst, the successful candidate will work closely with cyber security analysts in the public and private sectors to effectuate cyber information and analysis capability sharing to support risk management, incident analysis, and response activities. You will often collaborate with these entities to analyze incident and threat information, develop technical mitigations, and produce reporting to disseminate this information to designated stakeholders. This position will also work with analysts from across the CERT/CC to explore new and innovative ways in which SEI's technical competencies and capabilities can be applied to current and future technical challenges faced by the critical infrastructure.  This position is located in Arlington, VA. 

Minimum Qualification and Requirements:  Education/Training: BS in Computer Science Information Science, Information Systems Management with three (3) years applicable experience; or MS with one (1) year of experience.

Experience: Successful candidates will have the following experience: conducting computer security incident handling or analysis experience (at least four years); reviewing, analyzing and correlating threat data from available sources.

Skills/Abilities: Successful candidates will have a working knowledge of: forensics, network, and malware analysis methodologies, and related best practice tools; security vulnerabilities and the impact that they can have on information systems; system management practices on Windows and Unix/Linux; assessing and managing risk in large enterprise infrastructure; mitigation strategies to defend systems from attack; common attack techniques and tactics. Successful candidates will have the ability to: analyze data from multiple sources, generate defensible results, and represent them in reporting products and interactions with customers, sponsors, and the public; contribute in a team environment with other team members with varying skills, experience and locations; recognize and deal appropriately with confidential and sensitive information; develop and explain technical decisions to varying audiences; interact effectively with technical and non-technical audiences with verbal and written communications; acting in a customer service role to internal and external stakeholders; work meticulously with careful attention to detail and priority of work; learn new procedures, techniques, and approaches; and as appropriate define them for others.

Physical Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI and Carnegie Mellon community, customer sites, conferences, and offsite meetings with some frequency.

Environmental Conditions: Normal office conditions, close contact with computer for prolonged periods of time.

Mental: Ability to work under pressure and changing priorities; pay attention to detail; meet inflexible deadlines; deal with difficult individuals while maintaining composure.

Other: Candidate must be able to pass a background investigation, obtain a TS/SCI security clearance, be a US citizen, and work full-time at a customer site in the Northern Virginia metro area. Candidate will be required to travel on overnight assignments.

Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science Information Science, Information Systems Management with one (1) years applicable experience.

Licenses: Information systems security, incident response and analysis, and other similar certifications are desired (e.g. SANS GIAC Level 2 courses, CCNP, CCIE Security).

Experience: Ideal candidates will have experience in some of the following areas: acting in the role of a technical analyst in an intelligence, counterintelligence or law enforcement role; drafting and formatting technical threat intelligence reports and conduct correlating research using multiple formatted and unformatted data sources; performing the security aspects of system and/or network administration in a U.S. government agency or U.S. Defense Contractor environment; developing and implementing information security policies and standard operating procedures.

Skills/Abilities: Ideal candidates will have knowledge of some of the following areas advanced forensic, digital media, or software reverse engineering analysis; advanced network
analysis.

Accountability: Contributes to program objectives and plans development. Maintains confidentiality of sensitive information such as security and vulnerability information.

Direction: Performs under minimal supervision, independent judgment is encouraged. Most normal duties and responsibilities are handled independently with the use of established procedures and policies. Difficult or unique situations are referred to the supervisor. Ability to work directly on-site at a customer location with minimal direct supervision from direct supervisor.

Decisions: Must accurately analyze data from multiple sources, generate defensible results, and represent them in reporting products and interactions with customers, sponsors, and the public. Participate in conferences and workshops where security related issues are discussed as required.

Supervisory Responsibilities:  This position has no supervisory responsibilities.

JOB FUNCTIONS OR RESPONSIBILITIES:

65% Perform duties as a technical cyber information and fusion analyst, incident analyst and technical liaison. Review, analyze and correlate threat data from various sources. Create innovative reporting products based on available information and capabilities. Mentor others in conducting effective analysis. Produce standardized reports, metrics, threat, activity, and mitigation information products. Coordinate and collaborate on cyber threat tracking with partner and counterpart organizations. Deliver reports, briefings, and assessments to leadership, facilitating understanding of cyber threat entities and environments. Support information assurance and cyber threat mitigation decision-making.

20% Work to build collaborative relationships and foster information sharing among partner entities in the interest of improving cyber situational awareness and response capabilities.

10% Work directly with SEI staff supporting the community with incident, vulnerability, network, or malicious code analysis work.

5% Develop knowledge and understanding of SEI capabilities; learning how SEI capabilities can be applied to customer problems.

100% Effort

Organizational Chart: NSS Program Director < CERT/CC Technical Director < CERT/CC Incident Analysis Technical Manager < Computer Security Information Analyst

Position Summary:  This position reports to the SEI’s Director of Financial and Business Services (FABS) and is responsible for providing all administrative support to both the Director and the Deputy Director. This position serves as a point of contact to the Director and Deputy Director. This position will act on behalf of the Director and Deputy Director to request information from the FABS management Team, other SEI Director’s and programs, campus, and external contacts. This position will be a key point of interaction with the SEI’s Director’s Office. This position will be responsible for the direct supervision and management of an Administrative Assistant to be placed within the FABS’s Director’s Office. Duties include: oversight of the FABS internal web site; coordinating the annual performance review, salary review and quarterly salary equity review processes within FABS; review all legal invoices for the SEI; review all Business Class travel requests, review foreign tax treaty submittals; draft and edit correspondence, e-mail and announcements for the Director and Deputy Director and approve all other FABS communications and postings; serve as PCMM Unit Coordinator for FABS overseeing the activities of 2 other FABS staff in Coordinator roles; manage budgets and planning for all FABS events; engage with FABS management Team to coordinate FABS Internal Reviews presentations; and attend critical meeting with FABS Director and be responsive to all follow-up actions.

Minimum Qualifications and Requirements:

Education/Training: Bachelor degree or equivalent experience.

Experience:  Five (5) years experience supporting a senior executive is required, as is the demonstrated ability to take initiative, be flexible, remain calm and thrive in a fast-paced environment.

Skills/Abilities: Strong administrative skills with particular emphasis on outstanding interpersonal and communication skills.  Maintain superb spelling and grammar skills in all spoken and written communication. Candidate must possess excellent organizational, analytical, reasoning and problem solving skills; and excellent time management and calendar management skills.  Ability to maintain accurate and detailed records, to work autonomously, handle multiple tasks, meet inflexible deadlines and handle confidential information.  Must be able to follow-up on action items and take an active role and participate on committees and teams, sometimes in the leadership role. Must be proactive and anticipate needs, acquire information and follow through on tasks independently.  Candidate must have the ability to interact effectively with staff, senior level management, the campus community and external customers. Requires the ability to recognize areas for improvement and provide recommendations.  Maintain the ability to acquire in-depth knowledge about SEI and FABS operations that relate to this position’s responsibilities (e.g., policy and procedural requirements).  Candidate must have strong PC skills and knowledge of MS Office applications.

Mobility: Primarily sedentary; however, it is necessary to be able to go to various offices throughout the SEI and campus.  Periodic travel may be required.

Environmental Conditions: Normal office setting.  Close contact with CRT for long periods of time.

Mental:  Ability to work with inflexible deadlines and changing priorities, pay close attention to detail.   Candidate must have the ability to work independently and determine priorities and procedures to follow as well as be able to function in a team environment.  Excellent judgment and the ability to multi-task and shift priorities quickly.  Possess strong problem-solving and analytical skills.

Other:  Candidate must be a US citizen and successfully pass a reference check and background investigation; and ability to obtain a DoD Security Clearance at Secret Level. Candidate must possess strong work ethic, demonstrated ability to assume responsibility, high energy level, be self-directed, and have a willingness to work long hours including some weekends or remotely as needed; and be able to maintain the highest level of confidentiality and be able to exercise professional discretion. 

 
Preferred Qualifications and Requirements:

Experience:  Familiarity with web authoring tool (i.e., Dreamweaver), VPN remote access tools and the Oracle Financial System also desired; supervisory experience.

Accountability:  Provide advice and recommendations regarding projects, policies, procedures, software and equipment to the Director and Deputy Director.  Act as a liaison for the Director and Deputy Director when working with the SEI staff, University departments, and external customers.  Serve as point of contact for inquiries, including sensitive and highly confidential information.  Has frequent contact with high-level executives both internally and externally.  Compile management reports containing highly confidential compensation and facility information for presentation to the SEI Director’s Office.  Draft e-mail and announcements for the Director and Deputy Director to send to the SEI Management Team, SEI community and other key customers.  Proof read all FABS posts accuracy and correctness prior to distribution. Draft, edit and distribute selected meeting minutes, presentations and reports as required.  Ownership of FABS internal web site; ability to update and make change as required. Support the SEI’s Work Force Practices as the PCMM Unit Coordinator for FABS overseeing the activities of 2 other FABS staff in Coordinator roles.

Direction:  The individual is:  expected to complete tasks independently with very limited input from the Director or Deputy Director; expected to act on behalf of Director and Deputy to request information from direct reports, other SEI programs, campus or external contacts; expected to act independently in the monitoring and review of documentation and supporting evidence for the SEI’s Work Force Practices for PCMM; expected to independently follow-up on Business Class travel requests to ensure compliance to SEI travel policy and make approval/reject recommendation to Director; expected to act independently in the review and processing of all legal invoices for the SEI; expected to act independently in the monitoring, review and updating of the FABS internal SEI website; expected to act independently in the monitoring and updating of the capital project status reports; expected to act independently in the processing of foreign tax treaty submittals.

Decisions:  Determine priorities and procedures to follow to meet performance objectives and established goals. Identify required changes and updates to the FABS internal web site, obtain concurrence from the content owners and implement changes.  Prepare and manage budgets for various FABS sponsored events.

Supervisory Responsibilities:  Supervisor and manage an Administrative Assistant to be placed within the FABS’s Director’s Office.  Supervise work-study; student or temporary personnel.

JOB FUNCTIONS OR RESPONSIBILITIES:

40% Act as point of contact for the FABS Director’s Office and as liaison for the Director and Deputy Director when working with the SEI staff, University departments and external customers.  Act on behalf of Director and Deputy Director to request information from direct reports, other SEI programs, and campus or external contacts, sometimes of a highly confidential nature. Function in a proactive manner to maintain knowledge of current projects and gathering input from direct reports to update the Director and Deputy Director. Write and edit correspondence, e-mail and announcements for the Director and Deputy Director, to send to the SEI Management Team and SEI community. Attend critical meeting with/or in-place of FABS Director and/or Deputy Director and be responsive to all follow-up actions. Draft, edit and distribute selected meeting minutes as needed.

35% Manage and lead projects including updating the FABS internal web site; manage the Goals & Objectives, performance review, annual salary review and quarterly equity salary review processes ensuring the completion and submission of all required reviews in a timely, accurate and complete manner. Perform research for Director and Deputy Director on various FABS-related topics; review and processing of all legal invoices for the SEI; review all Business Class travel request; review and process foreign tax treaty submittals.

25% Supervise the performance and activities of an Administrative Assisting to be placed in the FABS Director’s Office; oversee the complex scheduling of the Director and Deputy Director’s time ensuring that each is kept on schedule and appropriately briefed for meetings. Prioritize and coordinate meetings, disseminate meeting material, screen phone calls, oversee the filing system. Prepare travel arrangements and travel reimbursements, process effort reports and prepare purchase request as required.

100%      TOTAL EFFORT

ORGANIZATIONAL CHART:  Director of FABS < FABS Administrator

ADDITIONAL INFORMATION:  This position also provides similar support for the Deputy Director of FABS.

Position Summary:  This position reports to the manager of Educational Services in the Professional Development Center (PDC) of the Software Engineering Institute (SEI). The Instructional Developer position is responsible for the design, development, implementation and maintenance of SEI eLearning training content. The individual must have experience in instructional design methodology and technique required for the development of effective online training and the technical skill required to implement course content. The Instructional Developer works closely with Subject Matter Experts within the SEI, as directed by the Educational Services manager. The candidate must have excellent interpersonal, communication and organizational skills and be able to work both independently and as part of a team in a fast-pasted, global environment.  Major duties include using instructional design knowledge and experience to create clear and engaging educational materials that effectively meet the training needs of our learners, in accordance with the SEI’s mission to transition new technology; collaborating with subject matter experts within the Institute to translate complex information and concepts into easy-to-understand learning materials that are technically accurate and culturally appropriate; participate in all aspects of training development including the definition of learning outcomes, organization of content and creation of materials, including the following: develop online course content using CERTPOINT Content Creator©, Camtasia©, SnagIt©, Adobe Presenter©, and other content authoring applications as needed:  develop learning assessments and online exams; develop alternate assets to accommodate accessibility needs; test online products for conformance to SEI eLearning quality standards.  Additionally, this position provides works closely with Professional Development Center learning management system administrators and course administrators to assist with online learner support as needed; trains new developers/implementers in SEI content implementation; may lead and direct the work of others on project teams as assigned by manager.

Minimum Qualifications and Requirements:

Education/Training: Bachelor’s degree in the area of Instructional Design, Education Technology or related field.

Experience: Two to three (2-3) years of experience developing creative and engaging asynchronous training content employing interactive animation, audio, and video elements; experience working with learning management systems/student recordkeeping systems.

Skills/Abilities: Comprehensive knowledge of current instructional theories and principles applicable to both web-based and instructor-led learning programs; strong eLearning content/storyboarding development experience; ability to collaborate with subject matter experts and interpret learner needs; excellent verbal, written and interpersonal communication skills; strong writing, editing and visual design skills; project planning and time management skills essential; enterprising, diplomatic and proactive problem solver; ability to meet deadlines and function successfully in a stressful, competitive environment.

Software Skills: Proficient in Camtasia, Captivate, Flash or equivalent elearning tools; experienced with audio, video, and screen capture tools; proficient in Microsoft suite particularly Word and PowerPoint; knowledge of HTML5 a plus.

Physical Mobility: Usually sedentary but requires some travel between offices and outside of the University.

Environmental Conditions: Work is usually performed in an office setting. There may be close contact with a computer for long periods of time.

Mental: Ability to pay close attention to detail, use problem solving skills, critically evaluate work product, meet inflexible deadlines, remain calm during difficult situation, work under pressure, work with frequent interruptions, and communicate effectively with others.

Other: Evening and weekend hours may occasionally be required depending on deadlines. Travel within the United States and outside of the United States may occasionally be necessary depending up customer needs. Successful candidate must pass a background investigation.

Preferred Qualifications and Requirements:

Education/Training: Bachelor’s Degree in Education, Instructional Design, Communications, or related area.

Experience: Five (5) years of experience developing executive level professional development content.

Skills/Abilities: Proficiency in CERTPOINT Systems Content Creator©; HTML5; facilitating synchronous training sessions.

Mental: Ability to work effectively with minimal supervision.

Accountability:  Manages project assignments to meet the SEI, Carnegie Mellon, and internal and external customer requirements for SEI eLearning education and training products. Works with SEI Subject Matter Experts as directed by the manager of Educational Services. Focuses on the design and development of SEI online training products and product components in order to expand SEI eLearning product offerings and enhance the quality of SEI training supporting the status of the SEI as a provider of choice for continuing professional development. Responsible for acting in the best interest of the SEI when interacting with eLearning vendors, outside Subject Matter Experts, SEI Partners, and learners. Responsible for product testing and maintenance to insure product quality consistent with SEI quality standards.

Direction:  Reports directly to the Educational Services manager. Performs under minimal supervision. All normal duties and responsibilities are handled independently. Only the most difficult or unique situations are referred to the supervisor. Represents the PDC and PDC customer interests on cross-functional project teams. Independently documents work processes and recommends best practices for adoption.

Decisions:  Decides on the priority and scheduling of work based upon PDC targeted release dates. Decides on how to implement product components given design requirements. Decides on product quality acceptability for release.

Supervisory Responsibilities:  May have responsibility for distributing work and supervising others on cross-functional project teams; may oversee work processes and products in order to ensure that projects are completed according to specification, on time and within budget.

JOB FUNCTIONS OR RESPONSIBILITIES:

25%        Design online, web-based training components in collaboration with SEI Subject Matter Experts. Work with SEI technical programs to create new SEI eLearning products including courses, job aids, study guides, online assessments and exams, and executive overviews.

50%        Develop training components of SEI eLearning products using CERTPOINT Content Creator©, Camtasia©, Adobe Presenter©, and other content authoring software applications as needed. Test developed products for quality consistent with SEI eLearning product standards.

10%       Consult with SEI technical programs on potential eLearning product development based upon potential reuse of existing artifacts.

10%       Monitor and insure the quality of SEI eLearning training products.

5%          Determine and document SEI eLearning design and development best practices.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  Manager, Professional Development Center < Manager, Education Services < Industrial Designer and Developer

Position Summary:  The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT® Program engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems. The CERT Network Situational Awareness (NetSA) group supports government customers by developing cutting-edge, network analysis tools and techniques for operational use in high-impact environments. The Senior Security Solutions Engineer position is a member of the CERT NetSA team and based in the SEI Ballston office (in the Washington DC area). This position will provide technical leadership to enterprise network security projects or ongoing security operations. This support would include system requirements development, technology evaluation, prototyping, tool development, and deployment guidance.

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science, Mathematics, Information Systems, Information Systems Management or related field with eight (8) years experience, or equivalent; or MS with five (5) years experience.

Experience: Professional experience should include five (5) or more years of experience supporting technical decision-making, acquisition and management of large-scale enterprise network security or middleware system. Experience with full life-cycle management, from costing, design, deployment, operation, maintenance, and retirement for enterprise scale systems is desired.

Skills/Abilities: Ability to function in the role of a consultant; planning and organizational skills; strong problem solving skills; excellent oral and written communication skills; ability to work both independently and with teams; proven ability to research, compare, test and evaluate alternative technical solutions, and communicate the results; broad understanding of network, host and application security issues; expertise in enterprise level systems in network security; experience in enterprise level transaction systems; experience in enterprise scale storage with a focus on performance; familiarity with various Internet protocols (e.g., TCP/IP, DNS, SMTP, BGP, TLS).

Physical Mobility: Primarily sedentary in an office setting with some mobility. Flexibility to travel to sites in Northern VA (Tysons Corner, Arlington) and Southern Maryland (Fort Meade); locations within the SEI and CMU community, sponsor sites, conferences, and offsite meetings with routine frequency.

Environmental Conditions: Normal office conditions; close contact with computer display for extended periods of time.

Mental: The ability to: work meticulously with careful attention to detail; meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort; develop and communicate innovative ideas; take leadership role in technical projects; and quickly learn new procedures, techniques, and approaches.

Other:  Candidates must be able to pass a background investigation, obtain a DoD TS/SCI security clearance, and be a US citizen.

Preferred Qualifications and Requirements:

Education/Training: PhD with two (2) years experience.

Experience: Practical network security training (e.g. SANS GIAC Level 2 courses, CCNP, CCIE Security).

Skills/Abilities:  Experience working with the government, or within a critical infrastructure sector; experience developing briefing materials for senior leadership within government or industry; history of contributions to the broader industry or research community; experience deploying or supporting large-scale network security monitoring infrastructures; experience in a variety of network security areas; C/Java/Python development experience in the Unix environment with the ability to apply sound software engineering practices (e.g., documenting code; version control and configuration management; code reviews; and testing); experience in conducting studies analyzing event streams including quantitative and visual approaches.

Accountability:  The individual is accountable for capturing the requirements of network security analysts at customer sites, technical papers and non-technical papers for potential customers and technology transition.

Direction:  The individual is expected to act independently using CMU, SEI, NSS, and NetSA defined policies, practices, and procedures – within the scope of assigned work.

Decisions:  The individual is expected to participate in the decision-making and problem-solving processes of designing, building, and operating systems for network security; suggesting and implementing policies and procedures to support these activities; and creating prototype implementations of tools and approaches for situational awareness.

Supervisory Responsibilities:  This position does not formally supervise others. However, the individual will act in a technical leadership or project lead role in regard to specific work products and activities both at CMU and at the customer site.

JOB FUNCTIONS OR RESPONSIBILITIES:

75% Provide direct support to the customer program office in the areas of strategy; process/policies; requirements elicitation; design and architecture; operations; outreach; and training.

15% Enable the transition and appropriate focus of NetSA analysis approaches and tools into operational environments.

10% Design, prototype, and transition tactical analysis studies and tools appropriate for operational use in situational awareness.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  Program Director, CERT < Technical Director, CTVA < Network Situational Awareness (NetSA) Technical Manager < NetSA Security Solutions Engineer

Position Summary:  The CERT Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. CERT engages in cutting-edge research and development in computer security. The CERT Network Situational Awareness (NetSA) group helps large network operators; and security organizations in the USG distill actionable insights from networks of interest through strategic analysis; and tool and system development.

As a member of the Deployment Team in the CERT NetSA group, the selected candidate will be responsible for assisting users install, operate, and accredit NetSA technology in their environment. The selected candidate will participate in software testing, packaging, and release management. Additionally, the selected candidate will participate and support the development of software tools by developing system level packaging, tests, and documentation. Further, the individual will assist in the management of sponsor related test labs and prototype environments. The candidate will assist in the infrastructure management for these environments and interact with the sponsor to transition projects in and out, and provide project related support as needed.

Minimum Qualifications and Requirements:

Education/Training: BS in computer science, software engineering, or a related quantitative field of study with eight (8) years of applicable experience.

Experience: Applicable experience in the design and implementation of complex, secure, mission critical systems, including experience with; Unix system administration tasks; Unix software packaging systems (e.g. RPM, DEB) and deployment and management of software using Unix software packaging systems; scripting in Unix Shell, especially for automating system administration and software testing tasks; experience with relational database management systems such as Oracle, Postgres or MySQL; experience managing switches, firewalls, and router; xperience managing network security systems; experience providing remote or on-site technical support to external customers.

Skills/Abilities:  Deep familiarity with general Unix operating system concepts, tools, etc.; ability to author technical documentation; ability to apply sound software engineering practices to software quality assurance; excellent written and verbal communication skills; excellent reasoning and problem-solving skills; and ability to work effectively without close supervision.
 
Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel up to 30% to customer sites.

Environmental Conditions: Close contact with computer for extended periods of time.

Mental: Ability to work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort; ability to quickly learn new procedures, techniques, approaches, etc.

Other: Candidate must be able to pass a background investigation, obtain a TS/SCI security clearance, and be a US citizen.

Preferred Qualifications and Requirements:

Education/Training: MS in computer science, software engineering, or a related quantitative field of study with five (5) years of applicable experience.

Experience:  Knowledge of Sourcefire IDS, Arcsight, Bivio, and Cloudshield technologies; experience with automated software testing tools; experience with automated software build management tools; experience with scripting in Python, Perl or equivalent scripting environment; experience developing in C; experience with website administration; experience administering security software; experience conducting certification and accreditations for US Government systes; experience with development tools such as: gcc, gdb, automake, autoconf and subversion.

Accountability:  The individual is accountable for the testing and release of software produced by the engineering team, the packaging of that software for deployment at NetSA customer sites, and support of the deployment of that software at NetSA customer sites.

Direction:  The individual is expected to act independently using CMU, SEI, and NSS defined policies, practices, and procedures – within the scope of assigned work.

Decisions:  The individual is expected to participate in the decision-making and problem-solving processes of software testing and supporting the deployment of NetSA software and systems deployed at sponsor sites.

Supervisory Responsibilities:  This position does not formally supervise others. However, the individual may will act in a technical leadership (non-supervisory) role in regard to specific work products and activities, or in regard to student interns, etc.

JOB FUNCTIONS OR RESPONSIBILITIES:

15%    Design, implement, and execute of tests of NetSA software and systems prior to their release; Create and maintain hardware and software platforms to support this activity.

20%    Package and deliver NetSA software and systems to sponsors to include authoring of additional document; building platform-specific packages; and operating of the NetSA tools website.

35%    Assisting the users with the installation; configuration; troubleshooting; provisioning; accreditation; and operation of NetSA technologies to include on-site support; and developing documentation and integration solutions for specific environments.

20%    Provide support to NetSA managed prototype and test lab environments. Interact with sponsor to maintain environment and transition projects in and our of the lab(s). Assist with lab related project work as needed.

5%      Contribute to the broader security community.

5%      Support to SEI IT in managing NetSA production systems.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  Director, Networked Systems Survivability Program < Technical Director, Cyber Threat and Vulnerability Analysis <  NetSA Technical Manager < Network Security Deployment Engineer

Position Summary:  The CERT Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. CERT engages in cutting-edge research and development in computer security. The CERT Network Situational Awareness (NetSA) group helps large network operators; and security organizations in the USG distill actionable insights from networks of interest through strategic analysis; and tool and system development. As a member of the Deployment Team in the CERT NetSA group, the selected candidate will be responsible for defining, provisioning, operating, and using a network security test-bed. The selected candidate must be capable of administering commodity systems as well as operating specialized networking equipment and hardware. As required, the candidate will support operational users and developers by using the test-bed to verify engineering scenarios, prepare data-sets, and creating automation infrastructure for testing the network analysis tools.

Minimum Qualifications and Requirements:

Education/Training: BS in computer science, software engineering, computer engineering, or a related quantitative field of study with eight (8) years of applicable experience.

Experience: Applicable experience in the design and implementation of complex testing and networking, including experience in: Unix Shell Scripting in Unix Shell; system administration in Unix/Linux; nagios, system patching and other administration tools; managing switches, firewalls and routers; managing firewalls, traffic generators and VPNs.

Skills/Abilities: Deep familiarity with general Unix/Linux operating system concepts, tools, etc. and understanding of carrier level communications.  Ability to execute test plans and report results, entry/exit documentation. Excellent written and verbal communication skills.  Excellent reasoning and problem-solving skills.  Ability to work effectively without close supervision and the ability to attend customer meetings and respond to customer requirements.

Physical Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel up to 20% to customer sites.

Environmental Conditions: Close contact with computer for extended periods.

Mental: Ability to work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort; ability to quickly learn new procedures, techniques, approaches, etc.

Other:  Candidate must be able to pass a background investigation, obtain a TS/SCI security clearance, and be a US citizen.

Preferred Qualifications and Requirements:

Education/Training: MS in computer science, software engineering, or a related quantitative field of study with five (5) years of applicable experience.

Experience: Knowledge of Sourcefire IDS, Arcsight, Bivio, and Cloudshield technologies.   Experience with:  working in production networking environment; building a database system with both web and command line access; operating and maintaining Unix, and networking infrastructure; scripting multiple pieces of network equipment simultaneously; high speed network monitoring; commercial high speed network monitoring equipment; using Spirent network test equipment; carrier grade network equipment and protocols (OC/10Gbe); scripting in Python, Perl or equivalent scripting environment; PHP/MySQL.   Familiarity with network load generators.

Accountability:  The individual is accountable for the definition, creation, maintenance and technical support of: A high speed networking prototype test-bed Automated test and reporting systems. Other products and customer deliverables including material for technical presentations and reports to customers, training material, and technical documentation.

Direction: The individual is expected to act independently using CMU, SEI, and NSS defined policies, practices, and procedures – within the scope of assigned work.

Decisions:  The individual is expected to participate in the decision-making and problem-solving processes of operating, maintaining and implementing a multi-protocol multi-carrier prototype network environment.

Supervisory Responsibilities:  This position does not formally supervise others. However, the individual may will act in a technical leadership (non-supervisory) role in regard to specific work products and activities, or in regard to student interns, etc.

JOB FUNCTIONS OR RESPONSIBILITIES:

45% Manage the hardware and software of a prototype network security test-bed to include all appropriate system administration tasks and processes; provision for new requirements and growth.

30% Define and execute tests in the network security test-bed on behalf of internal and external users.

20% Build appropriate scenarios, profiles, and data-sets in support of internal and external users using the network security test-bed.

5% Contribute to the broader security community.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  Director, Networked Systems Survivability Program < Technical Director, Cyber Threat and Vulnerability Analysis < NetSA Technical Manager < Network Security Test Engineer

Position Summary:  The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Program engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.

The CERT Network Situational Awareness (NetSA) group supports internal and external government customers by developing cutting-edge analysis techniques and tools for operational use in high-impact environments. This position will help drive customer architecture and system engineering efforts, including system requirements development, system engineering approaches, technology evaluation, prototyping, tool development, deployment guidance and other support to customer network security initiatives. The candidate should have experience providing strategic technical guidance in a network security technology area.

Minimum Qualifications and Requirements:

Education/Training: Bachelor of Science in Information Systems, Information Systems Management or related field with ten (10) years experience, or equivalent; Masters Degree in Information Systems, Information Systems Management or related field with eight (8) years experience, or equivalent.

Experience: Professional experience should include supporting technical decision-making, acquisition and management of large-scale enterprise deployment of network security technologies, including two (2) or more years experience in a technical leadership role. This experience should also include hands-on technical experience as a system administrator, operational security analyst, systems integrator or related role.

Skills/Abilities:  Ability to function in the role of a consultant; planning and organizational skills; strong problem solving skills; excellent oral and written communication skills; ability to work both independently and with teams ; proven ability to research, compare, test and evaluate alternative technical solutions, and communicate the results; broad understanding of network, host and application security issues; expertise in one major network security or network engineering areas: incident handling, network traffic analysis, forensics, vulnerability assessment, network auditing, capacity planning, network architecture, etc; theoretical knowledge of and practical experience with various Internet protocols (e.g., TCP/IP, DNS, SMTP, BGP, TLS); user or implementation level experience with a subset of the following classes of technologies: IDS (e.g., Snort, RealSecure), Networking Monitoring, IPS, SIM/SEM (e.g, ArcSight, eSecurity), network mapping, vulnerability scanners (e.g., Nessus), firewalls, and routers (Cisco).

Mobility: Primarily sedentary in an office setting with some mobility. Flexibility to travel to various locations within the SEI and CMU community, sponsor sites, conferences, and offsite meetings potentially with routine frequency.

Environmental Conditions: Normal office conditions; close contact with computer display for extended periods of time.

Mental: The ability to: work meticulously with careful attention to detail; meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort; develop and communicate innovative ideas; take leadership role in technical projects; and quickly learn new procedures, techniques, and approaches.

Other:  Candidates must be able to pass a background investigation, obtain a DoD TS/SCI security clearance, and be a US citizen.

Preferred Qualifications and Requirements:

Education/Training: Masters Degree in Information Systems, Information Systems Management or related field with eight (8) years experience, or equivalent.

Experience: Practical network security training (e.g. SANS GIAC Level 2 courses, CCNP, CCIE Security).

Skills/Abilities:  Experience working with the government, or within a critical infrastructure sector; experience developing briefing materials for senior leadership within government or industry; history of contributions to the broader information security community; experience deploying or supporting large-scale network security monitoring infrastructures; experience in a variety of network security areas; C/Java/Python development experience in the Unix environment with the ability to apply sound software engineering practices (e.g., documenting code; version control and configuration management; code reviews; and testing); experience in conducting studies analyzing network event streams including quantitative and visual approaches; user and implementation level experience with all of the following classes of technologies: IDS (e.g., Snort, RealSecure), IPS, SIM/SEM (e.g, ArcSight, eSecurity), network mapping, vulnerability scanners (e.g., Nessus), firewalls, and routers (Cisco).

Accountability:  The individual is accountable for capturing the requirements of network security analysts at customer sites, technical papers and non-technical papers for potential customers and technology transition.

Direction:  The individual is expected to act independently using CMU, SEI, NSS, and NetSA defined policies, practices, and procedures – within the scope of assigned work.

Decisions:  The individual is expected to participate in the decision-making and problem-solving processes of designing, building, and operating systems for network security; suggesting and implementing policies and procedures to support these activities; and creating prototype implementations of tools and approaches for situational awareness.

Supervisory Responsibilities:  This position does not formally supervise others. However, the individual will act in a technical leadership or project lead role in regard to specific work products and activities both at CMU and at the customer site.

JOB FUNCTIONS OR RESPONSIBILITIES:

65% Provide direct support to the customer program office in the areas of strategy; process/policies; requirements elicitation; design and architecture; operations; outreach; and training.

20% Enable the transition and appropriate focus of NetSA analysis approaches and tools into operational environments.

15% Design, prototype, and transition tactical analysis studies and tools appropriate for operational use in situational awareness.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  Program Director, CERT < Technical Director, CTVA < Network Situational Awareness (NetSA) Technical Manager < NetSA Senior Security Solutions Engineer

Position Summary:  This position is part of the Infrastructure Engineering team in the SEI IT Network and Infrastructure Engineering (NIE) group and is responsible for the administration and evolution of enterprise storage and backup systems including large-scale SAN components (iSCSI and Fiber Channel), direct-attached storage arrays, enterprise backup systems, and tape libraries. It also operates and maintains the storage components of the enterprise virtualization infrastructure. SEI IT NIE members play a critical role in the evolution of enterprise information technology services for the entire Institute in collaboration with other groups within IT.

Minimum Qualifications and Requirements:

Education/Training:  BS in Computer Science, Information Science, Information Technology. Candidates with a degree in other technical fields (e.g., engineering) and/or years of relevant experience as described above will be considered as well.

Experience: One to three (1-3) years of experience as a storage administrator, storage engineer, or as systems administrator with significant experience in the deployment and operation of enterprise-level SAN components; Experience as a backup administrator or a systems administrator operating an enterprise-level backup system.

Skills/Abilities: Skill with iSCSI-based SAN environments is required. Ability to collaborate with system architects and other stakeholders in the design, implementation, tuning, and troubleshooting of data storage system attached to enterprise systems is required. Skill with the operation and administration of an enterprise-level backup system (e.g., IBM Tivoli Storage Manager, CA ArcServe, CommVault) that performs a disaster recovery function is needed. Ability to work with systems architects and other stakeholders to determine the proper way to backup and recover application data is needed, including application-specific methods. Basic operational knowledge of Ethernet and TCP/IP-based networks is necessary for this position.

Physical Mobility:  Daily foot travel between buildings in and around the CMU campus. Infrequent business travel required, usually to the SEI offices in Arlington, VA (approx. 2 times/year). Computer hardware installation and configuration required on a periodic basis, sometimes involving transport of heavy objects (typically under 100 lbs.) short distances using assistance devices, use of hand tools, et cetera. Carrying of light objects (< 20 lbs.) for longer distances (intra-campus; 2-3 city blocks) may also be required.

Environmental Conditions: Ability to use a computer keyboard and display for extended periods of time; periodic work in a computer datacenter or wiring closet environment.

Mental:  Ability to work under pressure and meet deadlines; ability to prioritize tasks; strong learning capability; ability to interact effectively with others of varying technical competency, vendors, managers, and other technical research staff; ability to work effectively with other groups within the SEI and Carnegie Mellon. Good technical problem-solving skills. Strong information organization skills as well as good oral and written communication skills are required.

Other:  Ability to provide technical support on a 24x7 basis is required, including weekends. There is a rotating on-call component to this position. Candidate must respond to outage events via remote access (in appropriate circumstances) within 30 minutes.  Some situations in this role will demand an on-site response; on-site response to the local SEI facility must be achieved within 60 minutes barring extreme adverse weather conditions.  Selected candidate must be a US citizen, pass a background investigation, meet eligibility requirements to obtain a United States DoD Top Secret clearance (10 year scope) and maintain that clearance as a condition of employment.

Preferred Qualifications and Requirements:

Experience:  Experience operating enterprise-level SAN components that serve a VMware vSphere-based virtualized infrastructure.

Skills/Abilities:  Operation and administration of Dell Equallogic, Dell MD and Sun StorageTek SAN components. Operation and administration of Brocade fiber channel switches. Administration and operation of large IBM Tivoli Storage Manager backup systems.

Other: Clearances: United States DoD Top Secret or equivalent that is transferrable to the SEI.

Accountability:  Employee is accountable for describing, implementing and/or maintaining an efficient, reliable and secure configuration of computing services in support of the SEI initiatives and/or a sponsor/client.  Employee may be responsible for the proper handling/destruction of confidential, sensitive, and classified information.

Direction:  Employee will be expected to work under minimum supervision within the defined scope of authority and in accordance with SEI ITS operating guidelines.

Decisions:  Under management direction, the employee will decide the appropriate configuration for production computing services. Employee will determine how best to allocate and/or acquire resources necessary to implement and evolve information services.  Employee will determine the cause of computing problems and take corrective action in a timely fashion when a system/service fails or becomes unavailable.  Employee will describe the appropriate procedures to configure and maintain a particular computing system to support one or more critical business functions in a secure manner.

Supervisory Responsibilities:  Employee may, at the manager or team leader’s discretion, task/supervise other employees in completion of specific tasks.  Employee will provide assistance to staff members / clients in the proper configuration/use of computer hardware and software services and tools.

JOB FUNCTIONS OR RESPONSIBILITIES:

50%   Maintenance and evolution of the enterprise data storage infrastructure.

30%   Operation, monitoring and administration of other systems and services.

5%   Develop documentation on the proper configuration/use of services.

10%   Support other SEI services and projects.

5%   Maintaining awareness of evolving trends in storage, backups, and disaster recovery.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  ITS Director < Network and Infrastructure Engineering Manager < Infrastructure Engineering Team Member

Position Summary:  We are staffing a small team that is responsible for developing secure coding practices, techniques, and tools. We work with software developers and software development organizations to eliminate vulnerabilities resulting from coding errors before they are deployed. The individual in this position will be responsible for performing static and dynamic analysis on software systems developed in C, C++, Java, and other popular programming languages. The individual will work directly with customers to: develop and provide training in secure coding practices, evaluate, extend, and use tools to automate source code analysis, and enhance and extend organizational capabilities to produce secure software systems.


Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science or Software Engineering with eight (8) years of applicable experience;  MS in Computer Science or Software Engineering with five (5) years of applicable experience; or PhD in Computer Science or Software Engineering with two (2) years applicable experience.

Experience: Candidates should have at least 3 years of experience in developing C, C++, or Java software analysis techniques in one or more of the following areas:  Static analysis; dynamic analysis; fuzz testing; data flow analysis; compiler development, including understanding the impact of optimization techniques on security issues; computer architecture, including understanding the impact of security techniques on application and system performance for various architectures.

Skills/Abilities: Successful candidates will:  ability to develop and implement advanced analysis techniques; be expert in C++, C, or Java and have extensive knowledge of the second language; interact effectively with customers and teammates; have strong written and verbal communications skills; take a leadership role in technical projects.

Mobility:  Primarily sedentary in an office setting with some mobility.  Ability to travel to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings with some frequency.

Environmental Conditions: Normal office conditions; however, close contact with computer for prolonged periods of time.

Mental:    The ability to work well under pressure of deadlines and with confidential information.

Other:  Candidate must pass a background investigation, be eligible to obtain a United States DoD Secret Clearance, and be a U.S. citizen.


Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science or Software Engineering with five (5) years of applicable experience; or PhD in Computer Science or Software Engineering with two (2) years applicable experience.

Experience: Ideal candidates will have experience in the following areas:  Model checking; abstract interpretation; use of assertions in program code; using mathematical techniques such as denotational semantics, axiomatic semantics, operational semantics, and abstract interpretation; developing and analyzing code for mobile devices.

Skills/Abilities: Preferred candidates will:  possess excellent technical problem-solving skills; learn quickly and have a history of producing creative and innovative solutions; be motivated to tackle challenging problems.

Direction:  Performs under minimal supervision, independent judgment is encouraged.  Most normal duties and responsibilities are handled independently with the use of established procedures and policies.  Difficult or unique situations are referred to the supervisor.

Supervisory Responsibilities:  This position has no supervisory responsibilities, although mentoring of junior staff is expected.


JOB FUNCTIONS OR RESPONSIBILITIES:

30%    Analysis and testing of C, C++, and Java programs developed for Windows, Linux, and Android platforms.

25%    Develop, evaluate, extend, customize, and deploy new analysis into existing enterprise processes.

25%    Directly support customer work in secure coding, verification and validation techniques, and technical training.

20%    Contribute to conferences and meetings; participate in strategy discussions; contribute to customer presentations; stay up to date in analysis methods and tools.

100% TOTAL EFFORT


ORGANIZATIONAL CHART: NSS Director < NSS Deputy Director < NSS Chief Scientist < Technical Director, Secure Software and Systems < Software Security Engineer
 

Position Summary:  The Advanced Mobile Systems (AMS) group at the Software Engineering Institute, part of Carnegie Mellon University, is searching for a talented Android developer. AMS bridges the gap between academic and government researchers in order to bring cutting edge ideas to government organizations.   The candidate will enjoy working with new technologies in a small team environment. He or she must be versed in good software engineering practices and methodologies, including agile development, test-driven development and continuous integration.  The candidate will have experience working as a member of a team to develop and test innovative Android applications that interoperate with back-end data sources.  The ability to work with prominent researchers at CMU and within the government is critical.

Minimum Qualifications and Requirements:

Education/Training:  Bachelor's degree in information systems or computer science and knowledge of research techniques or equivalent combination of training and experience.

Experience:  Three (3) or more years of Java development (professional and/or academic); two (2) or more years of Android development (professional and/or academic); experience using the Android and Eclipse SDKs; experience with Eclipse plug-in development and with Android unit and integration testing frameworks; experience using Lucene search API; experience with version control (Subversion).

Skills/Abilities: Ability to design and develop in Android, Java, C++ and Python to the highest standards; understanding of advanced object oriented programming concepts and object databases, including DB4O; excellent analytical, problem solving and organizational skills; ability to comprehend system related materials, design and maintain applications, work successfully in small team environments, and communicate with prominent researchers.

Mobility:  Normally sedentary position with some mobility; ie., able to travel to other campus locations; may require some bending, stretching, pushing as well as lifting of several reams of paper, etc.
   
Environmental Conditions:  Usual office setting, close contact with CRT for long periods of time. 

Mental: Ability to pay close attention to detail, meet inflexible deadlines, balance multiple tasks, remain calm during difficult situations, work under pressure, and work with frequent interruptions.    

Other:  US citizenship required.

Preferred Qualifications and Requirements:

Education/Training: Additional course work in computer applications.

Experience: Experience in research programming and working in an academic environment; experience working in or developing applications for tactical and emergency response settings; experience developing apps published in the Android Market a plus.

Skills/Abilities: Experience with C# a plus.

Accountability:  Completes project tasks from routine to moderately complex; is accountable for meeting established deadlines and project milestones with a commitment to decisions that have been made.

Direction:  Expected to perform under general supervision.  Most normal duties and responsibilities are handled independently with the use of established research protocol and departmental and university procedures and policies. Difficult or unique situations are referred to the supervisor.

Decisions:  Suggests possible solutions to colleagues and users.   

Supervisory Responsibilities:  May assist or supervise student researchers with projects.

JOB FUNCTIONS OR RESPONSIBILITIES:

70%     Designs and implements software applications and database specifications (often in a team setting) or modifies existing software packages to meet specific research needs. Documents new designs, codes and modifications.

15%     Attends meetings and submits work progress reports to supervisor as required.

15%     Performs related duties as assigned.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  RTSS Director > AMS Initiative Lead > Research Programmer

Position Summary: The CERT Malicious Code (MC) group aims to improve malware analysis capability while addressing active and emerging threats. The successful candidate will reverse engineer malicious code in support of high-impact customers, design and develop new analysis methods and tools, work to identify and address emerging and complex threats, and effectively participate in the broader security community. Responsibilities: Perform in-depth reverse engineering of malicious code, document and transition results in reports, presentations, and technical exchanges; Design, prototype, and transition new analysis methods and tools; Identify and document high-impact, emerging, and complex active security threats; design and pursue solutions; and transition results in tools, reports, presentations, and technical exchanges Participate in the broader security community through collaboration, papers, and presentations.

Minimum Qualifications and Requirements:

Education/Training: Bachelor of Science in Computer Science, Software Engineering, Information Systems, or related field with Eight (8) years’ experience, or equivalent; Master’s Degree in Computer Science, Software Engineering, Information Systems, or related field with five (5) years’ experience.

Experience: Reverse engineering software binaries; Using disassemblers (ie. IDA Pro); using debuggers (ie. OllyDbg, Immunity, gdb, WinDbg); using hex editors and tools (ie. BinDiff); C/C++ development; x86 assembly language; Windows Portable Executable (PE) file format Technical Writing Solid understanding of programming languages and operating system concepts.

Skills/Abilities: Technical writing; analytical and problem solving skills; develop and explain technical decisions; prioritize work; recognize and deal appropriately with confidential and sensitive information; communicate effectively under normal and stressful situations; handle shifting priorities; mentoring/training skills; interact effectively with technical and non-technical audiences both written and verbally; work within a closely coordinated team; work calmly and well under pressure; maintain composure while dealing with difficult people.

Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI and Carnegie Mellon community, customer sites, conferences, and offsite meetings with some frequency.

Environmental Conditions: Normal office conditions, close contact with computer for prolonged periods of time.

Mental: Ability to work under pressure and changing priorities; pay attention to detail; meet inflexible deadlines; deal with difficult individuals while maintaining composure.

Other: Candidate must be able to pass a background investigation, obtain a TS security clearance; be a US citizen. Candidate will be required to travel on overnight assignments

Preferred Qualifications and Requirements:

Experience: YARA; IDAPro plug-in or IDAPython development; other assembly languages (ie. ARM, x86_64); Python or Java development; assembly development; Linker and/or Loader development or analysis Executable and Linker Format (ELF) file format Windows, Linux or Mac OS X; APIs and security models; Internet Protocols; cryptographic algorithms; kernel-level debugging (ie. WinDbg); device driver development; mobile device development; mobile device reverse engineering; oftware vulnerability analysis; VirtualBox or VMWare admin or development Network packet captures (ie. Wireshark, pcap formats).

Accountability: Develop and implement project technical results. Contribute to program objectives and plans development. Keep in confidence sensitive information such as security, vulnerability, and site information.

Direction: The individual is expected to act independently in accordance with Carnegie Mellon, Software Engineering Institute, CERT Program, and CERT MC procedures and policies, such as those involving product development, team interaction, and confidentiality.

Decisions: Must accurately represent the program in interactions with customers, sponsors, and the public. Participate in conferences and workshops where security-related issues are discussed as required.

Supervisory Responsibilities: This position has no supervisory responsibilities.

JOB FUNCTIONS OR RESPONSIBILITIES:

50%  Perform in-depth reverse engineering of malicious code, document and transition results in reports, presentations, and technical exchanges.

20%  Design, prototype, and transition new analysis methods and tools.

20%  Identify and document high-impact, emerging, and complex active security threats; design and pursue solutions; and transition results in tools, reports, presentations, and technical exchanges.

10%  Participate in the broader security community through collaboration, papers, and presentations.

100% TOTAL EFFORT

ORGANIZATIONAL CHART: CERT Program Director < CERT/CC Technical Director < CERT/CC Malicious Code Technical Manager < Malware Reverse Engineer

Position Summary: The CERT Malicious Code (MC) group aims to improve malware analysis capability while addressing active and emerging threats. The successful candidate will reverse engineer malicious code in support of high-impact customers, design and develop new analysis methods and tools, work to identify and address emerging and complex threats, and effectively participate in the broader security community. Responsibilities: Perform in-depth reverse engineering of malicious code, document and transition results in reports, presentations, and technical exchanges; Design, prototype, and transition new analysis methods and tools; Identify and document high-impact, emerging, and complex active security threats; design and pursue solutions; and transition results in tools, reports, presentations, and technical exchanges Participate in the broader security community through collaboration, papers, and presentations.

Minimum Qualifications and Requirements:

Education/Training: Bachelor of Science in Computer Science, Software Engineering, Information Systems, or related field with ten (10) years’ experience, or equivalent; Master’s Degree in Computer Science, Software Engineering, Information Systems, or related field with eight (8) years’ experience.

Experience: Reverse engineering software binaries; using disassemblers (ie. IDA Pro); using debuggers (ie. OllyDbg, Immunity, gdb, WinDbg); using hex editors and tools (ie. BinDiff); C/C++ development; x86 assembly language; Windows Portable Executable (PE) file format Technical Writing Solid understanding of programming languages and operating system concepts.

Skills/Abilities: Successful candidates will: technical writing; analytical and problem solving skills; develop and explain technical decisions; prioritize work; recognize and deal appropriately with confidential and sensitive information; communicate effectively under normal and stressful situations; handle shifting priorities; mentoring/training skills; interact effectively with technical and non-technical audiences both written and verbally; work within a closely coordinated team; work calmly and well under pressure; maintain composure while dealing with difficult people.

Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI and Carnegie Mellon community, customer sites, conferences, and offsite meetings with some frequency.

Environmental Conditions: Normal office conditions, close contact with computer for prolonged periods of time.

Mental: Ability to work under pressure and changing priorities; pay attention to detail; meet inflexible deadlines; deal with difficult individuals while maintaining composure.

Other: Candidate must be able to pass a background investigation, obtain a TS security clearance; be a US citizen. Candidate will be required to travel on overnight assignments.

Preferred Qualifications and Requirements:

Experience:  YARA; IDAPro plug-in or IDAPython development; other assembly languages (ie. ARM, x86_64); Python or Java development; assembly development; Linker and/or Loader development or analysis Executable and Linker Format (ELF) file format Windows, Linux or Mac OS X; APIs and security models; Internet Protocols; cryptographic algorithms; kernel-level debugging (ie. WinDbg); device driver development; mobile device development; mobile device reverse engineering; software vulnerability analysis; VirtualBox or VMWare admin or development Network packet captures (ie. Wireshark, pcap formats).

Accountability: Develop and implement project technical results. Contribute to program objectives and plans development. Keep in confidence sensitive information such as security, vulnerability, and site information.

Direction: The individual is expected to act independently in accordance with Carnegie Mellon, Software Engineering Institute, CERT Program, and CERT MC procedures and policies, such as those involving product development, team interaction, and confidentiality.

Decisions: Must accurately represent the program in interactions with customers, sponsors, and the public. Participate in conferences and workshops where security-related issues are discussed as required.

Supervisory Responsibilities: This position has no supervisory responsibilities.

JOB FUNCTIONS OR RESPONSIBILITIES:

50%  Perform in-depth reverse engineering of malicious code, document and transition results in reports, presentations, and technical exchanges.

20%  Design, prototype, and transition new analysis methods and tools.

20% Identify and document high-impact, emerging, and complex active security threats; design and pursue solutions; and transition results in tools, reports, presentations, and technical exchanges.

10% Participate in the broader security community through collaboration, papers, and presentations.

100% TOTAL EFFORT

ORGANIZATIONAL CHART: CERT Program Director < CERT/CC Technical Director < CERT/CC Malicious Code Technical Manager < Senior  Malware Reverse Engineer

Position Summary: The CERT Malicious Code (MC) group aims to improve malware analysis capability while addressing active and emerging threats. The successful candidate will transition and evangelize MC methods and tools, liaise with MC customers and stakeholders to assess needs, participate in malware-related standards development, produce and collaborate in analysis studies. Responsibilities: Represent MC to its customers in the areas of strategy; process/policies; standards development and adoption; needs assessment; design and architecture; operations; outreach; and training. Enable the transition and appropriate focus of CERT MC analysis approaches and tools into operational environments. Design, prototype, and transition tactical analysis studies and tools appropriate for operational use in situational awareness Participate in the broader security community through collaboration, papers, and presentations.

Minimum Qualifications and Requirements:

Education/Training: Bachelor of Science in Computer Science, Software Engineering, Information Systems, or related field with ten (10) years’ experience, or equivalent; Master’s Degree in Computer Science, Software Engineering, Information Systems, or related field with eight (8) years’ experience.

Experience: Malware analysis; USG and/or DoD cyber-security engagement; C/C++ development; using disassemblers (ie. IDA Pro); using debuggers (ie. OllyDbg, Immunity, gdb, WinDbg); using hex editors and tools (ie. BinDiff).

Skills/Abilities: Technical writing; analytical and problem solving skills; develop and explain technical decisions; prioritize work; interact effectively with technical and non-technical audiences both written and verbally; work within a closely; ordinated team; work calmly and well under pressure; maintain composure while dealing with difficult people; recognize and deal appropriately with confidential and sensitive information; communicate effectively under normal and stressful situations; handle shifting priorities; mentoring/training skills.

Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI and Carnegie Mellon community, customer sites, conferences, and offsite meetings with some frequency.

Environmental Conditions: Normal office conditions, close contact with computer for prolonged periods of time.

Mental: Ability to work under pressure and changing priorities; pay attention to detail; meet inflexible deadlines; deal with difficult individuals while maintaining composure.

Other: Candidate must be able to pass a background investigation, obtain a TS security clearance; be a US citizen. Candidate will be required to travel on overnight assignments.

Preferred Qualifications and Requirements:

Experience: Solid understanding of programming languages and operating system concepts; reverse engineering software binaries; using disassemblers (ie. IDA Pro); x86 assembly language; Windows Portable Executable (PE) file format; YARA; IDAPro plug-in or IDAPython development; other assembly languages (ie. ARM, x86_64); Python or Java development; assembly development; Linker and/or Loader development or analysis; Executable and Linker Format (ELF) file format; Windows, Linux or Mac OS X; APIs and security models; Internet Protocols; cryptographic algorithms; kernel-level debugging (ie. WinDbg); device driver development mobile device development; mobile device reverse engineering; sSoftware vulnerability analysis; VirtualBox or VMWare admin or development; network packet captures (ie. Wireshark, pcap formats).

Accountability: Develop and implement project technical results. Contribute to program objectives and plans development. Keep in confidence sensitive information such as security, vulnerability, and site information.

Direction: The individual is expected to act independently in accordance with Carnegie Mellon, Software Engineering Institute, CERT Program, and CERT MC procedures and policies, such as those involving product development, team interaction, and confidentiality.

Decisions: Must accurately represent the program in interactions with customers, sponsors, and the public. Participate in conferences and workshops where security-related issues are discussed as required.

Supervisory Responsibilities: This position has no supervisory responsibilities.

JOB FUNCTIONS OR RESPONSIBILITIES:

60% Provide direct support to the customer program office in the areas of strategy; process/policies; standards development and adoption; requirements elicitation; design and architecture; operations; outreach; and training.

20% Enable the transition and appropriate focus of CERT MC analysis approaches and tools into operational environments.

10% Design, prototype, and transition tactical analysis studies and tools appropriate for operational use in situational awareness.

10%  Participate in the broader security community through collaboration, papers, and presentations.

100% TOTAL EFFORT

ORGANIZATIONAL CHART: CERT/CC Technical Director < CERT/CC Malicious Code Technical Manager < Senior Malware Solutions Engineer

Position Summary:  The CERT Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. CERT engages in cutting-edge research and development in computer security. The CERT Digital Investigation and Intelligence Directorate (DIID) group help forensic incidents; develop tools and techniques and supply training for law enforcement community. As a member of DIID team, the selected candidate will taking ideas from concept to production code, working closely with project leaders and sponsors (customers) as well as middle-tier software developers. This role facilitate design and interface discussions, develop themes and concepts, evaluate proposals for usability concerns, construct mock-up and wireframes, and implement user-interface level requirements to working production code.

Minimum Qualifications and Requirements:

Education/Training: BS in Human/Computer Interaction or Information Science or related degree with three (3) years’ applicable experience or equivalent experience.

Experience:  At least three, or more, years' (3+) relevant experience in a position that requires a combination of design and technical skills (including frontend application development, user experience design, or academic research).  Strong user interview skills or experience in user experience research.  Demonstrated experience in wire framing / UI mockup and iteration. Understanding of the differences between, and experience designing web-based, desktop, and mobile application UIs. Proven ability to design user experience across multiple systems and platforms.  Hands-on experience working as part of a software development team throughout the software development lifecycle.  Responsibilities include: Understand and interpret research to inform design solutions; organize and structure complex information systems to make them intuitive and accessible; organize and structure project content into multiple deliverables for various audiences; articulate needs, issues and solutions, verbally, visually and in writing.

Skills/Abilities: Prioritize workload and complete deliverables on time; have strong problem-solving skills, analytical and information organization skills, and oral and written communication skills; hands-on experience on creating CSS, coding HTML, JSP or similar markup language; proficient in JavaScript programming and comfortable integrating frontend components with the application layer; experience with modern frontend development tools such as JQuery, Twitter Bootstrap, CSS3, etc.; proficiency in Adobe Photoshop, Illustrator, and InDesign, and in Microsoft Office products; solid knowledge of typography, color, images, and layout; familiarity with user research methods; ability to multi-task and work effectively with multiple project teams and sponsors/customers.

Physical Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites.

Environmental Conditions: Close contact with computer for long periods of time.

Mental: Ability to pay close attention to detail, meet deadlines, work under pressure, and communicate effectively.

Other: Candidate must be able to pass a background investigation, obtain a security clearance, and be a US citizen.

Preferred Qualifications and Requirements:

Education/Training: MS in Human/Computer Interaction or Information Science with one (1) year experience or equivalent experience.

Experience: Proficiency with a variety of design tools, programming experience, and technical experience with large networks and telecommunications.

Skills/Abilities: Strong presentation/platform skills and excellent writing skills.

Accountability:  The incumbent is accountable for the definition, creation, and maintenance of final deliverables and products.

Direction:  The incumbent is expected to act independently using CMU and SEI defined policies, practices, and procedures.

Decisions:  Required to design, develop, pilot and deliver products.  Required to accurately represent NSS and its technical work in interactions with customers, sponsors, and the public.

Supervisory Responsibilities:  This position does not supervise others.

JOB FUNCTIONS OR RESPONSIBILITIES:

85%  Work in collaborative environment to improve interface design and function of digital forensic and media exploitation tools.

5%  Develop training materials, workshops, presentations, technical documents and instructional materials.

5%  Mentor, guide and interact with team and other staff.

5%  Contribute to transition planning and strategy.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  Director, Networked Systems Survivability Program < Technical Director, DIID < Technical Manager, DIID< Team Lead, DIID < Front-End Software Developer

Position Summary:  The CERT Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. CERT engages in cutting-edge research and development in computer security. The CERT Digital Investigation and Intelligence Directorate (DIID) group help forensic incidents; develop tools and techniques and supply training for law enforcement community. As a member of DIID team, the selected candidate will be responsible for designing, developing, and deploying software applications and systems to enhance the capabilities of DIID customers. The candidate will participate in all phases of the software development lifecycle, and will be involved in key decisions regarding software design and technology selection.

Minimum Qualifications and Requirements:

Education/Training: BS in computer science, software engineering, computer engineering, or a related quantitative field of study with ten (10) years of applicable experience.

Experience: Experience as a software developer working on web and desktop applications in a professional environment required. At least three of the five years relevant experience working on database-driven web applications. Working knowledge of web frameworks/architecture, both front- and back-end . Hands-on experience and knowledge in secure web development and design. Experience writing applications in Java/ Python/C# or other object-oriented programming language; Knowledge of other commonly used languages such as HTML, CSS, JavaScript, PHP, Perl, Ruby; Experience with using and writing web services and APIs, particularly RESTful; familiarity with software development tools including IDEs (Visual Studio, Eclipse, IntelliJ), version control systems ( Git, Mercurial, SVN, or similar.) and issue tracking systems (e.g., Fogbugz, Jira ); working knowledge and experience in participating in agile software development practices and team design sessions.

Skills/Abilities:  Ability to function as a leader and technical contributor within a development team. Willingness to learn new skills, programming languages, and technologies as necessary. Desire to solve challenging problems through technical innovation. Ability to work on all levels of the application stack. Understanding of and ability to apply software architecture principles and design patterns. Ability to analyze customer requirements and provide novel solutions. Ability and willingness to provide accurate estimates of development time and risk. Excellent written and verbal communication skills. Ability to work effectively without close supervision. Capable of attending customer meetings and responding to customer requirements.

Physical Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel up to 10% to customer sites.

Environmental Conditions: Close contact with computer for extended periods of time.

Mental: Ability to work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort; ability to quickly learn new procedures, techniques, approaches, etc.

Other: Candidate must be able to pass a background investigation, obtain a security clearance, and be a US citizen.

Preferred Qualifications and Requirements:

Education/Training: MS in computer science, software engineering, computer engineering, or a related quantitative field of study with three (3) years of applicable experience.

Experience: Experience with common front-end tools like JQuery. Experience with MVC frameworks, such as Python/Django, Java/Spring MVC, , Ruby on Rails, etc. Experience with relational databases such as PostgreSQL, MySQL etc and experience with ORMs (Hibernate, ActiveRecord, Django ORM, etc). Strong understanding and experience with web and application servers, e.g. Apache HTTP/IIS, Tomcat/WSGI. Experience writing web services and coding at the servlet layer. Experience designing and deploying secure web applications.

Skills/Abilities: Ability to multitask, troubleshoot and work end users.

Accountability:  Develop and implement project technical results. Contribute to program objectives and plans development. Keep in confidence sensitive information such as security, and site-specific information.

Direction:  Regular interaction with supervisor. Expected to act in accordance with SEI and NSS program procedures and policies, such as those involving product development, team interaction, and confidentiality.

Decisions:  Must accurately represent the program in interactions with customers, sponsors, and the public. Participate in conferences and workshops where security-related issues are discussed as required.

Supervisory Responsibilities:  This position does not formally supervise others. However, the individual may will act in a technical leadership (non-supervisory) role in regard to specific work products and activities, or in regard to student interns, etc.

JOB FUNCTIONS OR RESPONSIBILITIES:

90%     Design and implement of software requirements and integrate with other software tools or relational Databases.
 
5%       Contribute to conferences and meetings; participate in marketing calls on clients; give technical talks as appropriate.

5%       Contribute to the broader software engineering and security community.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  Manager, Networked Systems Survivability Program < Technical Director, DIID < Technical Manager < Team Lead < Senior Software Web Developer

Position Summary:  The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Program engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.
The individual in this position will work part time at 60% as a member of the Cyber Resilience Center within the Networked Systems Survivability Program. The CRC team develops solutions (in the form of frameworks, models, tools, policies, practices, technical guidance, and training) that allow organizations to identify, analyze, and manage organizational, operational, and technical risks to mission-critical assets, processes, systems, and infrastructures. The individual will conduct applied research and perform assessments, diagnostics, and analysis techniques to better understand and mitigate risks to cyber environments and the organizational processes that depend on them. Activities will include close work with customers from a variety of organizations, including DoD, government agencies, and commercial organizations.

Minimum Qualifications and Requirements:

Education/Training:  BS in computer science, software engineering, information systems, or a related scientific/technical field with ten(10) years experience.

Experience:  Professional experience as a system or network administrator, software engineer, information systems analyst, database administrator or similarly technical occupation. Experience with and applied knowledge in:  Information technology and telecommunications systems; Cyber security, survivability, and resilience concepts and issues; Software and systems engineering; Building and maintaining DoD customer relationships; Data Analytics and quantitative measures; Strategic Planning and requirements definition; Process Improvement; Program planning, budgeting, and management.

Skills/Abilities:  Must exhibit the following skills and abilities:  understanding of information technology and telecommunications systems; working knowledge of network interoperability, cyber security, and survivability issues, including cyber security best practices and standards; working knowledge of DHS critical infrastructure sectors and related security and resilience issues; working knowledge of the DoD and Agency resilience needs and cyber security roadmaps; development and delivery of information and infrastructure security risk and vulnerability evaluations; ability to conduct analytical studies and investigations; reasoning and problem-solving skills; ability to work independently with limited supervision; ability to interact effectively with diverse constituencies internally and externally; ability to work well as a member of a cooperative team; ability to work in a matrix organizational structure; ability to recognize and deal appropriately with confidential and sensitive information; ability to implement project plans, monitor project budgets, and identify and mitigate project risks; leadership and mentoring skills; excellent written and oral communication skills; ability to contribute to technical research white papers and reports; ability to prepare papers and deliver presentations to technical and non-technical audiences; ability to contribute to customer technical exchanges and marketing presentations; ability to work on customer sites with high-ranking members of the Federal Government and US Military to define customer requirements; participation in professional society activities, particularly IEEE and ACM.

Physical/Mobility:  Primarily sedentary in an office setting with some mobility. Ability to travel frequently to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings.

Environmental Conditions:  Close contact with computer for extended periods of time.

Mental: Strong interest in the human, managerial, and technical aspects of cyber security is critical for this position as are these abilities:  take or share leadership role in technical projects; work meticulously with careful attention to detail; meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to understand the big picture, direction, and goals of an effort; ability to develop and communicate innovative ideas; ability to demonstrate initiative and to quickly learn new procedures, techniques, approaches, etc.

Other: Strong interest in cyber security and critical infrastructure protection analysis basis research, applied research, and development.   Ability to pass a background investigation, obtain a security clearance, and be a US citizen.

Preferred Qualifications and Requirements:

Education/Training:  MS in computer science, software engineering, information systems, or a related scientific/technical field with eight (8) years’ experience.  PhD in computer science, software engineering, information systems, or a related scientific/technical field with five (5) years’ experience.

Licenses:  CISSP, CISM, GIAC, or similar; certifications from the audit discipline (such as CISA) are also acceptable

Experience:  In addition to the minimum experience above, preferred experience includes:  experience in both physical and cyber aspects of security; familiarity with resilience concepts; familiarity with process improvement models such as CMMI or SixSigma, TQM, ISO9000, CERT-RMM; familiarity with standards for measurement (including ISO 15939); familiarity with NIST 800-series standards for information security; familiarity with the DoD DIACAP standard for information assurance certification and accreditation; familiarity with standards for security (ISO 27000), business continuity (BS 25999), and IT operations (ISO 20000); working in a team environment on collaborative projects in critical infrastructure sectors involving network, system or data security. Experience employing software engineering techniques in designing and developing distributed, secure software, and experience with / knowledge of any of the following:  system administration; networking; firewalls, intrusion detection systems, and other security technologies; application development/programming; relational databases.

Skills/Abilities:  In addition to the minimum skills/abilities above, preferred skills/abilities include:  ability to lead work teams as needed; consulting skills; demonstrated ability to deliver coursework and trainin.

Accountability:  The individual will implement and participate in the planning and execution of projects leading to technical results. The individual will also contribute to project, department, or program objectives and planning document development. The individual will keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution.

Direction:  The individual is expected to act independently using CMU, SEI, and NSS defined policies, practices, and procedures – within the scope of assigned work.

Decisions:  The individual must make sound technical decisions with little supervision.  The individual must accurately represent the program in interactions with customers, sponsors, and the public.  The individual is expected to perform analysis on-site at customer locations and immediately assess potential vulnerabilities requiring further investigation.

Supervisory Responsibilities:  This position could involve the training and oversight of the work of other staff members, graduate students, resident affiliates, visiting scientists, and independent contractors. Depending on research project or customer workplan, position may involve task leadership.

JOB FUNCTIONS OR RESPONSIBILITIES:

30% Participate in the examination, analysis, and documentation of assessments, diagnostics, and analysis techniques for information and infrastructure security; examine data on cyber security and technology risks to identify problem areas and propose mitigation alternatives.

25% Participate in the delivery of existing NSS cyber security, resilience, and risk assessment and analysis approaches with customers and partners; participate in research, analysis, and documentation of cyber security issues, concerns, and risks at customer locations.

20% Participate in research into innovative and cutting-edge tools, techniques, and methods to improve cyber security and resilience; transition research into applied knowledge for customers.

10% Deliver courses in operational resilience management, cyber security management, and information security risk management.
 
5% Contribute to conferences and meetings; participate in marketing calls and technical exchanges with clients; give talks and lectures as appropriate; participate on working groups for subjects of interest.

5% Contribute to and review the literature in cyber security, resilience, and software engineering.

5% Provide assistance and input to other teams and projects within the SEI.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  Director, Networked Systems Survivability Program < Technical Director, Cyber Enterprise and Workforce Management Directorate < Technical Manager, Cyber Resilience Center < Engineer

Position Summary:  This position is located in Arlington, Virginia. The mission of the SEI IAP is to assist government organizations in successfully addressing the complex technical and policy software assurance (SWA) challenges of acquiring and sustaining software-reliant systems that enable mission- and business-critical process outcomes. The IAP portfolio spans the intelligence community, federal and state agencies, OSD, and defense agencies. This position will report directly to the Associate Director, IAP and work collaboratively with the SEI Chief Technology Officer to orchestrate a range of SWA technical assistance to IAP clients to include SWA bodies of knowledge, practices, tools, and research. The Senior SWA Engineer will be responsible for representing and transitioning cutting-edge SWA developments and practices to IAP clients with mission needs at the individual program level, in the systems-of-systems context, and at the enterprise level throughout the life cycle. In addition to technical depth, this position requires the successful applicant have the demonstrated interpersonal, representation, and communications experience to interact with senior government agency executives, staffs, and working group activities. The specific responsibilities of this position include: maintain currency in evolving government SWA policies and guidance, participate in development of DoD (CIO and USD (AT&L)) and other agency SWA strategy, policy, and guidance; create approaches and frameworks for the continuous identification and assessment of SWA practices, methods, and tools appropriate to client needs; infuse leading-edge SWA practices into SEI bodies of work; identify critical SWA research needs and propose research projects to advance solutions to current and emerging client problems; work in a collaborative environment on teams to provide technical assistance at all levels; the ability to plan and conduct analyses, synthesize findings and recommendations, and effectively communicate verbally, in written reports, and presentations appropriate for the executive level.

Minimum Qualifications and Requirements:

Education/Training: MS degree with eight (8) years’ experience in software engineering, computer science, information systems or an equivalent combination of training and experience.

Experience: Ten plus (10+) years of progressive responsibility in technology, development, or research based organizations with hands-on experience in addressing SWA issues associated with software engineering involving complex systems such as enterprise information systems and networks, business systems, C4ISR, and major weapon systems. Five (5) years’ of experience in complex software and systems development within government or industry settings. 

Skills/Abilities: Experience in planning and leading SWA projects and staff in major programs across the life cycle of development, test and evaluation, deployment, and life cycle sustainment; knowledge and use of SWA tools and methods at the program and enterprise level for custom and COTS products;  ability to analyze customer problems, determine needs, and recommend a course of action to address SWA issues; quickly learn and adapt to new technologies, platforms, and environments; work effectively with team members, customers, and collaborators in industry and DoD; demonstrated written and oral communication skills.

Mobility: The ability and willingness to travel is required.

Environmental Conditions: Usual office setting, including extended work at a computer screen.

Mental: Ability to meet deadlines and function productively as a team member.

Other:  US citizenship required; successful candidate must be able to pass background investigation for a DoD security clearance.

Preferred Qualifications and Requirements:

Education/Training: PhD with five (5) years’ experience preferred.

Other: Knowledge of SEI bodies of knowledge and experience.

Accountability: The most significant responsibilities of this position are (1) the planning and execution of client technical assistance projects in excess of $5M and the (2) total administrative and project management of projects that deliver solutions to customers.

Direction: The person in this position will be expected to act independently under the broad guidance of the Associate Director for Interagency Programs and the CTO executing the assigned responsibilities of this senior position. For example, this person will take actions consistent SEI and ASP policies regarding administration of plans of work, line funded research projects, and financial management of client funded work. 

Decisions: This person will make decisions that include determine the technical approach and solutions to address customer needs, the nature of SEI engagement with senior DoD and government officials, and decisions about proposed research projects.

Supervisory Responsibilities: The person in this position will serve in the roles of project and technical lead with responsibility for forming and supervising teams, distributing work, evaluating individual team member performance, and serve as manager for designated staff.  

JOB FUNCTIONS OR RESPONSIBILITIES:

40%  Performs direct customer work spanning the range of planning and execution requiring the use of  automated tool and capabilities to perform analyses, prepare reports and memos, create and present presentations, and participate in face to face settings with customers.

20% Performs a range of client engagement and outreach activities. 

20% Performs on-going management and oversight of funded customer projects to include interacting with SEI administrative, financial, contract, and project management systems. 

20% Serves as member of the ASP leadership team interacting with senior staff across the SEI to advance progress on SEI’s strategic goals.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  Associate Director of Interagency Programs < Chief Engineer: Civil & Defense Agency Portfolio < Senior Software Assurance Engineer
 

Position Summary: The goal of the Enterprise Threat and Vulnerability Management (ETVM) team is to assist organizations in improving their security posture and incident response capability by researching technical threat areas; developing information security assessment methods and techniques; and providing information, solutions and training for preventing, detecting, and responding to illicit activity. ETVM team members are domain experts in insider threat and incident response, and team capabilities include threat analysis and modeling; development of security metrics and assessment methodologies; and creation and delivery of training, courses, and workshops. The selected individual will work on a wide variety of projects, an manage small teams of engineers to develop technical solutions for SEI customers and partners. Primary duties of the position include performing in depth research into current and near term enterprise technologies to establish reference architectures and implementations for the deployment of those technologies into the Federal and commercial enterprise, according to existing Federal, State, Local, and corporate guidance and policy. In addition to the development of reference architectures, the selected individual will work with a wide range of Federal departments and agencies to provide gap analysis for security assessment capabilities, data storage and analysis methodologies, and expert level host and network based security analysis.

Minimum Qualifications and Requirements:

Education/Training: BS in computer science, software engineering, computer engineering, or a related technical field with ten (10) years’ experience or equivalent or a MS in computer science, software engineering, computer engineering, or a related technical field with eight (8) years of experience.

Experience: Proven work experience as well as demonstrated success in designing and documenting enterprise level information system architectures, with a strong focus on the security components. Expert level knowledge in cybersecurity practices, with a solid foundation in Information Assurance, and extensive practical experience in the construction and deployment of cybersecurity controls Must be capable of providing and documenting expert advice and guidance on cybersecurity and enterprise architectures to government agencies. Must be capable of creating, designing, implementing, and documenting own custom security related programs and scripts for use by federal agencies. . The ideal candidate will have experience with the management of small teams of individuals, and is capable of working on multiple projects simultaneously.

Skills/Abilities: Expert level knowledge of cybersecurity and Information Assurance; Expert level knowledge in computer networking and network security; working knowledge of scientific research and design methodologies; working knowledge of corporate information system design and implementation; working knowledge of database design and data schema creation; expert level knowledge of one of C, C++ (including .NET versions), Java; working knowledge of at least two of Python, Perl, Ruby; working knowledge of HTML, CSS, and other web technologies; broad working knowledge of information systems and telecommunications technologies; working knowledge survivability / resiliency issues in information technology; ability to apply reasoning and problem-solving skills to conduct analytical studies and investigations; outstanding written and oral communication skills; demonstrated ability to prepare papers and presentations for technical and non-technical audiences; ability to work independently with limited supervision; ability to recognize and deal appropriately with confidential and sensitive information; ability to speak effectively and persuasively in public and participate in conferences and meetings; ability to contribute to customer presentations and technology transfer activities; strong interest in information assurance R&D.

Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites & various critical infrastructure sites.

Environmental Conditions: Close contact with CRT for extended periods of time.

Mental: Ability and interest in addressing security issues in a holistic manner, addressing both organizational and technical policies and practices; as well as behavioral and organizational issues; ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff.

Other: Candidate must be a US citizen, have the ability to pass a background investigation, and obtain a Top Secret / SCI security clearance.

Preferred Qualifications and Requirements:

Education/Training: MS in computer science, software engineering, computer engineering, or a related technical field with eight (8) years of experience preferred.

Experience: Experience working in or with the DOD, intelligence community, or law enforcement in a classified environment; experience in both physical and cyber security; experience in auditing or conducting assessments; working in a team environment on collaborative projects in critical infrastructure sectors involving network, system or data security; experience designing and deploying large scale data centers, including HVAC, power, and EM shielding considerations; significant experience in applications development, with a focus on the collection of user requirements.

Skills/Abilities: Demonstrated ability to prepare papers and presentations for technical and non-technical audiences; knowledge of and experience with sound software engineering practices and best practices for information security; project management experience; leadership and mentoring skills; experience in research and development in one or more cybersecurity related fields.

Accountability: The individual will implement and participate in the planning and execution of projects leading to technical results (this may include the detailed examination and analysis of government, law enforcement or classified casefiles and incidents). The individual will also contribute to project, department, or program objectives and planning document development. The individual will keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution.

Direction: The individual is expected to act independently using CMU, SEI, and NSS defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual must make sound technical decisions with little supervision. The individual must accurately represent the program in interactions with customers, sponsors, and the public.

Supervisory Responsibilities: This position could involve the training and supervision of graduate students.

JOB FUNCTIONS OR RESPONSIBILITIES:

50% Participate in the creation and delivery of information technology based reference architectures for DHS and associated partners. Make on site visits, gather requirements, construct documentation, and implement prototype architectures as required.

20% Conduct studies of cybersecurity resources at DHS and construct tools and methods for filling those gaps. Coordinate with DHS tool development staff and Continuous Monitoring staff to identify areas of weakness and propose / construct solutions for those areas.

20% Work with SEI teams and SEI customers to determine requirements for data storage and retrieval in support of analytical tasks. Construct database schemas for the storage of information for analysis, and create custom tools for importing, accessing, and analyzing the data.

10% Contribute to conferences and meetings; participate in marketing calls on clients; give talks, lectures and workshops as appropriate

100% TOTAL EFFORT

ORGANIZATIONAL CHART: Networked Systems Survivability Program, Director < Cybersecurity Enterprise Workforce Management Technical Director < Enterprise Threat & Vulnerability Management, Technical Manager < Technical Team Lead – Technical Solutions

Position Summary: The SEI Innovation Center is a focused on matching state-of-the-art software research and emerging technologies with critical U.S. Government (USG) needs. This position will support the Center's mission by building and maintaining our technological infrastructure including our one teraflop cluster. Technical Staff in the Center work on leading edge software and hardware technologies and apply them to important and challenging problems. It is a dynamic, flexible and collaborative development environment with constant opportunities to develop new skills, learn new programming methods and techniques, work on emerging architectures and systems, and make a difference. This position provides an opportunity for highly motivated individuals to contribute to cutting edge technological development. The person in this position is responsible for defining conventions, implementing standards, and communicating best practices for staff that access the Center's Hardware.  Duties include: Take hands-on role on team of Software Developers, Technical Analysts and Intelligence Analysts to design, build and maintain infrastructure solutions that support providing needed capabilities to the USG building on state-of-the-art research in analytics, data architectures, software assurance, security, and human information interaction; Daily collaboration with the team to understand, plan and implement infrastructure practices and changes. Manage and evolve the HHPC cluster. Contribute technical knowledge and experience as available to projects including big data, data intensive scalable computing, and high performance computing.

Minimum Qualifications and Requirements:

Education/Training: BS in Information Technology field or a related quantitative field of study with three (3) years of applicable experience.

Experience: Strong Linux System Administration Experience. RHEL preferred. Experience as a network/system administrator for a networked Linux infrastructure in a professional environment required. Experience maintaining and evolving an enterprise or research-oriented computer network. Hands on experiences on switches, firewalls routers, network storage and virtualized environments. Experience with high-performance computing technologies a plus.

Skills/Abilities: Ability to deal with software and network systems integration at various levels. Strong hands-on knowledge in the configuration, securing, and troubleshooting of network devices, LAN switching technologies, firewalls, VPNs, routing protocols, Linux/UNIX based network services, network storage and monitoring/maintaining all of these to ensure their continued secure operation is required. Abilities to build software from source, and create packages. Familiar with principles software configuration management (SCM). Excellent written and verbal communication skills. Ability to work effectively without close supervision. Able to support a dynamic and changing research environment. Able to interface with corporate IT.

Mobility: Primarily sedentary in an office setting with some mobility. Flexible to travel to various locations within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Travel outside of Pittsburgh limited to no more than 5 working days a month.

Environmental Conditions: Normal office conditions; close contact with computer screen for extended periods of time.

Mental: Ability to work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks - sometimes under pressure and with shifting priorities; ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort; ability to quickly learn new procedures, techniques, approaches, etc.

Other: Candidates must be able to pass a background investigation, obtain a DoD TS/SCI security clearance, and be a US citizen.

Job Functions or Responsibilities:

60%  Build, document and maintain the SEI Innovation Center technological infrastructure.

15%  Interface with the SEI IT community, the CMU campus community and the broader High Performance Computing community to bring best practices into the SEI Innovation Center.

15%  Actively participate in agile team software development activities and team brainstorming, innovations, and design sessions.

10%  Participate in the broader SEI software research community through collaboration, papers, and presentations.

100% TOTAL EFFORT

ORGANIZATIONAL CHART: SEI Innovation Center Director < SEI Innovation Center Chief Architect < Infrastructure Engineer

Position Summary: We are staffing a small team that is responsible for developing secure coding practices, techniques, and tools. We work with software developers and software development organizations to eliminate vulnerabilities resulting from coding errors before they are deployed. The individual in this position will be responsible for developing analyzable secure coding rules for C, C++, Java, and other programming languages.  The individual will be researching and developing advanced software static and dynamic analysis techniques and methods for mobile platforms including Android.  The individual will work directly with customers to: develop and provide training in secure coding practices, develop source code analysis, and enhance and extend organizational capabilities to produce secure software systems. 

Minimum Qualifications and Requirements:

Education/Training: PhD in Computer Science or Software Engineering with five (5) years applicable experience.

Experience: Candidates should have at least five (5) years of experience in developing Java software analysis techniques in one or more of the following areas; static analysis; dynamic analysis; data flow analysis; compiler development, including understanding the impact of optimization techniques on security issues; knowledge of analysis techniques that may be useful in security analysis but might not have been applied to security yet; computer architecture, including understanding the impact of security techniques on application and system performance for various architectures.

Skills/Abilities: Successful candidates will: ability to develop and implement advanced analysis techniques; be expert in Java and have extensive knowledge of the second language; be expert in Android platform development; interact effectively with customers and teammates; have strong written and verbal communications skills; take a leadership role in technical projects.

Mobility: Primarily sedentary in an office setting with some mobility. Ability to travel to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings with some frequency.

Environmental Conditions: Normal office conditions; however, close contact with computer for prolonged periods of time.

Mental: The ability to work well under pressure of deadlines and with confidential information.

Other: Candidate must have the ability to successfully complete a background investigation.

Preferred Qualifications and Requirements:

Education/Training: PhD in Computer Science or Software Engineering with five (5) years applicable experience.

Experience: Ideal candidates will have experience in the following areas: model checking; abstract interpretation; use of assertions in program code; using mathematical techniques such as denotational semantics, axiomatic semantics, operational semantics, and abstract interpretation.

Skills/Abilities: Preferred candidates will: possess excellent technical problem-solving skills; learn quickly and have a history of producing creative and innovative solutions; be motivated to tackle challenging problems.

Direction: Performs under minimal supervision, independent judgment is encouraged. Most normal duties and responsibilities are handled independently with the use of established procedures and policies. Difficult or unique situations are referred to the supervisor.

Supervisory Responsibilities: This position has no supervisory responsibilities, although mentoring of junior staff is expected.

JOB FUNCTIONS OR RESPONSIBILITIES:

25%  Research and development of software analysis techniques for validating compliance of source code with The CERT Oracle Secure Coding Standard for Java.

25% Directly support customer work in secure coding, verification and validation techniques, and technical training.

30% Develop analyzable secure coding rules Android apps.

20% Contribute to conferences and meetings; participate in international standards development; participate in strategy discussions; contribute to customer presentations; stay up to date in analysis methods and tools.

100% TOTAL EFFORT

ORGANIZATIONAL CHART: NSS Program Director > SSS Technical Director > Secure Coding Team Lead > Senior Software Security Engineer
 

Position Summary:  The individual in this position will work as a member of the CERT Program’s Digital Intelligence and Investigation (DII) Directorate to conduct analysis of various software tools. This analysis will be composed of observing the run-time characteristics, as well as examination of the tools code. Upon completion, the candidate will write a report outlining the findings of the analysis The candidate will be expected to work well in a collaborative team environment and to communicate effectively with others. Activities will include close work with customers from a variety of organizations, including government agencies and critical infrastructures.


Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science (or other technical field) with three (3) years’ experience or equivalent experience.

Experience: At least four (4) years of relevant experience in a position that requires advanced technical skills in one of more of the following areas: software engineering, development, and/or testing and analysis.  Able to demonstrate substantial knowledge in the many of the following areas: software runtime analysis, debugging, security testing techniques, and reverse engineering; cryptographic principles and common cryptographic protocols; network protocols and traffic analysis; basic systems administration; and one or more of the following languages: C/C++, Python, or Perl. Familiarity with software vulnerability research and database principles.  Experience working in the field of software and network security is a plus.

Skills/Abilities: Candidate must be able to prioritize workload and complete deliverables on time, have good technical problem-solving skills, have strong analytical and information organization skills, have excellent oral and written communication skills, and strong technical teaching skills. Candidate must be skilled in instructional design, course development, and evaluation techniques. Candidate must be able to multi-task and work effectively with multiple project teams and sponsors/customers.  Technical proficiency with operating systems and detailed knowledge of network protocols are required.

Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites.

Environmental Conditions: Close contact with computer for long periods of time.

Mental: Ability to pay close attention to detail, meet deadlines, work under pressure, and communicate effectively.

Other:  Candidate must be able to pass a background investigation, obtain a security clearance, and be a US citizen.


Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science (or other technical field) with one (1) year experience or equivalent experience.

Experience: Proficiency with a variety of software analysis tools, programming experience, and reverse engineering.

Skills/Abilities: Strong presentation/platform skills and excellent writing skills.
 
        
Accountability:  The incumbent is accountable for the definition, creation, and maintenance of final deliverables and products.

Direction:  The incumbent is expected to act independently using CMU and SEI defined policies, practices, and procedures.

Decisions:  Required to design, develop, pilot and deliver products.  Required to accurately represent NSS and its technical work in interactions with customers, sponsors, and the public.

Supervisory Responsibilities:  Supervises graduate student interns.


JOB FUNCTIONS OR RESPONSIBILITIES:
 
45%     Work in collaborative environment to improve function and design of network analysis and digital forensic tools.

15%     Develop training materials, workshops, presentations, technical documents and instructional materials.

10%     Deliver technical and management training to customers.

10%     Mentor, guide and interact with team and other staff.

10%     Contribute to transition planning and strategy.

10%     Provide technical and analytic support to customer agencies.   
                    
100% TOTAL EFFORT


ORGANIZATIONAL CHART:  Director, Networked Systems Survivability Program < Technical Director, DII < Technical Manager, Operational Support and Outreach < Software Vulnerability Analyst
 

Position Summary:  The DC Site Administrator is a cross-functional role within the Information Technology and Security (ITS) function of the Software Engineering Institute (SEI) in our office located in Arlington, VA supporting the local IT operations as well as certain Security / Information Assurance functions in concert with ITS staff at the main office in Pittsburgh, PA. This is an opportunity to deal not only with IT server and user issues, but also to assist with routine activities of a Facility and Information Systems Security Officer (FSO and ISSO).

Minimum Qualifications and Requirements:

Education/Training: Bachelor’s degree in Computer Science, Information Technology, or related field, or equivalent combination of training and experience. 

Experience: At least three (3) years of systems administration experience.  Three or more (3+) years of end-user support, problem identification, problem resolution, and consulting experience. One or more (1+) years of experience in the maintenance and repair of computer systems and associated peripherals.  Experience working independently on projects with limited supervision. 

Skills/Abilities: Problem solving skills. Able to participate on technical teams; contribute to the improvement of products and services; advanced technical knowledge of desktop operating systems, systems administration, office productivity software, and web browsers; general understanding of technical environments such as networking, enterprise applications infrastructure services, and other technical areas.

Physical Mobility: Some infrequent business travel required. Periodic travel to Pittsburgh office, at least quarterly. Computer hardware installation and configuration required on a regular basis, sometimes involving transport of heavy objects (typically under 100 lbs.) short distances, use of hand tools, et cetera. Carrying of light objects (< 20 lbs.) between buildings may also be required.

Environmental Conditions: Ability to use a computer keyboard and display for extended periods of time; periodic work in a computer machine room or wiring closet environment.

Mental: Able to work under pressure; meet inflexible deadlines; deal with difficult individuals while maintaining composure.  Must have strong customer service orientation. Able to identify, isolate, and resolve systems problems. Must be able to learn from procedural documents and training and then integrate that knowledge into workplace activities.

Other:  Candidate must pass a background investigation, be a U.S citizen and be able to obtain a United States DoD Top Secret clearance (10 year scope) and maintain that clearance as a condition of employment.  Additional work hours (weekend and evening hours) may be required on an infrequent basis. May be required to stay at or return to work during incidents and/or emergencies to perform duties as requested.

Preferred Qualifications and Requirements:

Licenses:  Microsoft Certifies System Administrator (MCSA),  Microsoft Certifies System Engineer (MCSE), CompTIA A+, CompTIA Network +, CompTIA Security +, Dell Certified Technician; Defense Security Service (DSS) Facility Security Officer (FSO) and/or Information Systems Security Officer (ISSO) certification.
 
Experience:  Experience in implementing new services and products; leading technical projects; performing advanced technical support; creating new operational and technical processes and procedures. Experience working in compliance with governmental accreditation requirements for operating IT environments and networks, such as NISPOM, DCID and STIG. Prior experience as a FSO or ISSO.

Other:  Candidates with active DOD Top Secret clearance with a current (within the past 5 years) Single Scope Background Investigation (SSBI) are highly desirable.

Accountability:  Responsible for insuring technical problems for the DC office are resolved to satisfaction of users, providing audio and video support, maintaining and supporting VTC, and administering the telephone systems. Expected to gather information on requirements of users and train users as needed. Acts as a contact person to coordinate with other IT groups on problem resolution and software releases impacting the DC office. This position will report computing needs and trends of the DC office to the IT managers and will ensure that DoD Industrial Security Practices and SEI security practices are followed with respect to access of restricted areas and handling of classified documents.

Direction:  Employee will be expected to work under minimum supervision within the defined scope of authority and in accordance with SEI ITS operating guidelines.  Primary tasking and performance management will come from the USHS manager. Guidance and oversight for IA and Security matters will come from a security expert  (e.g., ISSM, FSO) or the manager of Security as appropriate.

Decisions:  Must be able to identify user and IT systems issues and resolve issues independently. Information Security issues and complex operational problems are handled in concert with the IAO and IT engineering groups. Makes routine decisions based upon knowledge and understanding of the policies, practices and procedures of IT and Security; novel / complex matters are referred to the appropriate manager or subject matter expert.  May make recommendations to improve procedures or work flow in the department.

Supervisory Responsibilities:  This position does not supervise others. 

JOB FUNCTIONS OR RESPONSIBILITIES:

35% Provide advanced technical consulting to assist in resolving difficult software and hardware problems.  Assist users in installing and applications and ensuring that these applications meet IT security and infrastructure requirements. Ensure compliance with SEI IT Practices and Procedures and in some cases will be expected to identify and create procedures to comply.

10% Install equipment, set up computers, mobile devices, and phones for new users.  Make repairs to computer hardware, and replace hardware. Provide audio and video support. Maintain and support VTC.   Assist in developing user documentation pertaining to the Arlington office.

10% Works with other members of the ITS staff on projects involving the IT infrastructure or as Programs need ITS assistance in the Arlington offices.

15% Maintain compliance with the NISPOM and other regulatory requirements conducting self-inspections and assisting the FSO from Pittsburgh to prepare for annual DSS inspections of the security program at the Arlington Office.  Acts as a liaison for the Information Assurance office in Pittsburgh to facilitate the resolution of IA matters.

10% Handles building access, assists with obtaining necessary information /paperwork for security clearance requirements and closed areas.

5% Monitors security status of facilities and systems and responds to security incidents. Prepares incident reports and follows through with the Security office in Pittsburgh to ensure all incidents are resolved.

5% Interact with DoD and USG authorities to coordinate activities related to certifications and accreditations under the guidance and direction of IA staff in Pittsburgh.

5% Assist the Pittsburgh-based asset management team in certain duties (e.g., inventory, tagging).

5% Training and professional development to keep current with new technologies and government regulations. May involve periodic travel to the SEI office in Pittsburgh, PA.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  SEI ITS Director < User Services & Hardware Support (USHS) Manager < ITS Site Administrator

Position Summary:  This position will be located in either the Pittsburgh or Arlington office.  The SEI Innovation Center is a focused on matching state-of-the-art software research with critical U.S. Government (USG) needs.  This position will support the Center’s mission by developing, applying, demonstrating, evaluating, and transitioning software capabilities that operationalize research concepts of significant value to the USG.  Software developers in the Center work on leading edge technologies and apply them to important and challenging problems. It is a dynamic and flexible development environment with constant opportunities to develop new skills, to learn new programming methods and techniques, to work on emerging architectures and systems, and to make a difference.  Duties include:  Take hands-on lead role on team of Software Developers; develop and code software solutions that provide needed capabilities to the USG building on state-of-the-art research in analytics, data architectures, software assurance, security, and human information interaction; conduct rapid software prototyping to demonstrate and evaluate technologies in relevant environments; conduct performance, security, and other aspects of evaluating software systems; test software capabilities using novel testing and analysis techniques; document software with an emphasis on architectures, user stories, and interface definitions; practice agile software development methods and actively participate on teams of software developers, researchers, designers, and technical leads; support software development infrastructure and assist in building and configuring computing systems and resources; interface with the research community and the USG to understand challenges, needs, and possible solutions; contribute to improving the overall technical capabilities of the Center by mentoring and teaching others, participating in design (software and otherwise) sessions, and sharing insights and wisdom across the SEI Innovation Center team.

Minimum Qualifications and Requirements:

Education/Training:  Bachelors of Science in Computer Science, Information Systems, or related field with ten (10) years’ experience in hands on software development, or equivalent; Masters of Science in Computer Science, Information Systems, or related field with eight (8) years’ experience in hands on software development, or equivalent; Ph.D. with five (5) years’ experience is a plus.

Experience:  Professional experience listed above to include the following areas:  eight (8) years of production or intensive research software development experience in modern languages such as C/C++ or Java; knowledge of other commonly used language such as Perl, Python, Ruby, JavaScript, etc.; working knowledge of some modern computing paradigms and environments such as NoSQL systems (Hadoop, CouchDB, MapReduce), cloud computing and virtualization, parallel programming, HPC development, network programming, mobile development, and interface development; familiarity with end-to-end software development activities in Linux/Windows/Unix/Web environments; familiarity with software development tools including IDEs (Eclipse, IntelliJ, emacs etc.), version control systems (git, svn, p4 etc.) and bug tracking systems (e.g., bugzilla); working knowledge and experience in participating in agile software development practices and team design sessions; experience as team lead or supervisor; demonstrated problem solving ability with the ability to explore and evaluate many possible solutions to problems; proven contribution to open source development projects is a plus.

Skills/Abilities:  Knowledge of:  Software development in Python, C/C++, Java, and other modern languages; modern computing, data, and storage solutions including advanced web development (HTML5, Adobe Flex, PHP), data processing architectures (MapReduce, Hadoop, BigTable) including cloud computing and virtualization concepts; virtualization, hypervisors, cloud controllers, and other cloud provisioning concepts; algorithm design and analysis including analysis of algorithm complexity; familiarity with of core Internet protocols (e.g., TCP/IP, BGP, UDP, ICMP, DNS, SMTP, HTTP, etc.); software / systems development lifecycle, QA testing, revision control, and change management practices.

Mobility: Primarily sedentary in an office setting with some mobility. Flexible to travel to various locations within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Travel outside of Pittsburgh or Arlington is limited to no more than 5 working days a month.

Environmental Conditions: Normal office conditions; close contact with computer screen for extended periods of time.

Mental: The ability to:  explore and solve complex, ill-defined problems; work meticulously with attention to detail; meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; self-starter willing to take on tasks and initiate constructive activity with little guidance; deal collaboratively, diplomatically, and successfully with customers, co-workers, and other professional colleagues, managers, and staff; grasp the big picture, direction, and goals of an effort; interface with world-class research community; develop and communicate innovative ideas; quickly learn new procedures, techniques, and approaches.

Other:  Candidates must be able to pass a background investigation, obtain a DoD TS/SCI security clearance, and be a US citizen.

Preferred Qualifications and Requirements:

Education/Training:  Ph.D. in Computer Science, Mathematics, Information Systems, or related disciplie with five (5) years’ experience.

Accountability:  This position will be responsible for exploring, defining, developing, demonstrating, and, in some cases, transitioning software capabilities.  This includes working with a team of developers, researchers, designers, and other technical personnel to create solutions.

Direction:  This position is expected to act with minimal supervision in accordance with SEI procedures and policies, such as those involving product development, team interaction, and confidentiality.

Decisions:  This position will explore, develop, and demonstrate software capabilities and make implementation choices for a wide-range of software-intensive problems.

Supervisory Responsibilities:  This position will eventually supervise a team of approximately 2 to 6 developers, and will act in the capacity of a mentor to solutions architects, software developers, and designers.

JOB FUNCTIONS OR RESPONSIBILITIES:

30% Design, develop, test, document, and demonstrate software.

20% Lead, direct, and oversee the activities of a team of developers working on diverse set problems and projects; development and management the development infrastructure and support the development team.

20% Interface with the research community to understand the state of research ideas and the practicality of applying those ideas to real USG problems and challenges.  Interface with USG customers to understand their needs and capabilities and identify possible solutions.

20%  Actively participate in agile team software development activities and team brainstorming, innovations, and design sessions.

10%  Participate in the broader SEI software research community through collaboration, papers, and presentations.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  SEI Innovation Center Director < SEI Innovation Center Chief Architect < Senior Software Developer

Position Summary:  The SEI Innovation Center is a focused on matching state-of-the-art software research with critical U.S. Government (USG) needs.  This position will support the Center’s mission by developing, applying, demonstrating, evaluating, and transitioning software capabilities that operationalize research concepts of significant value to the USG.  Software developers in the Center work on leading edge technologies and apply them to important and challenging problems. It is a dynamic and flexible development environment with constant opportunities to develop new skills, to learn new programming methods and techniques, to work on emerging architectures and systems, and to make a difference.  Duties include:  Take hands-on lead role on team of Software Developers; develop and code software solutions that provide needed capabilities to the USG building on state-of-the-art research in analytics, data architectures, software assurance, security, and human information interaction; conduct rapid software prototyping to demonstrate and evaluate technologies in relevant environments; conduct performance, security, and other aspects of evaluating software systems; test software capabilities using novel testing and analysis techniques; document software with an emphasis on architectures, user stories, and interface definitions; practice agile software development methods and actively participate on teams of software developers, researchers, designers, and technical leads; support software development infrastructure and assist in building and configuring computing systems and resources; interface with the research community and the USG to understand challenges, needs, and possible solutions; contribute to improving the overall technical capabilities of the Center by mentoring and teaching others, participating in design (software and otherwise) sessions, and sharing insights and wisdom across the SEI Innovation Center team.

Minimum Qualifications and Requirements:

Education/Training:  Bachelors of Science in Computer Science, Information Systems, or related field with ten (10) years’ experience in hands on software development, or equivalent; Masters of Science in Computer Science, Information Systems, or related field with eight (8) years’ experience in hands on software development, or equivalent; Ph.D. with five (5) years’ experience is a plus.

Experience:  Professional experience listed above to include the following areas:  eight (8) years of production or intensive research software development experience in modern languages such as C/C++ or Java; knowledge of commonly used languages such as Perl, Python, JavaScript, etc.; working knowledge of some modern computing paradigms and environments such as NoSQL systems (Hadoop, CouchDB, MapReduce), cloud computing and virtualization, parallel programming, HPC development, network programming, mobile development, and interface development; familiarity with end-to-end software development activities in Linux/Unix/Web environments; familiarity with software development tools including version control systems (git, svn, p4 etc.) and bug tracking systems (e.g., bugzilla); working knowledge and experience in participating in agile software development practices and team design sessions; experience as team lead or supervisor; demonstrated problem solving ability with the ability to explore and evaluate many possible solutions to problems; proven contribution to open source development projects is a plus.

Skills/Abilities:  Knowledge of:  Software development in Python, C/C++, Java, and other modern languages; modern computing, data, and storage solutions including data processing architectures (MapReduce, Hadoop, BigTable), cloud computing and virtualization concepts; virtualization, hypervisors, cloud controllers, and other cloud provisioning concepts; algorithm design and analysis including analysis of algorithm complexity; familiarity with of core Internet protocols (e.g., TCP/IP, BGP, UDP, ICMP, DNS, etc.); software / systems development lifecycle, QA testing, revision control, and change management practices.

Mobility: Primarily sedentary in an office setting with some mobility. Flexible to travel to various locations within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Travel outside of Pittsburgh limited to no more than 5 working days a month.

Environmental Conditions: Normal office conditions; close contact with computer screen for extended periods of time.

Mental: The ability to:  explore and solve complex, ill-defined problems; work meticulously with attention to detail; meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; self-starter willing to take on tasks and initiate constructive activity with little guidance; deal collaboratively, diplomatically, and successfully with customers, co-workers, and other professional colleagues, managers, and staff; grasp the big picture, direction, and goals of an effort; interface with world-class research community; develop and communicate innovative ideas; quickly learn new procedures, techniques, and approaches.

Other:  Candidates must be able to pass a background investigation, obtain a DoD TS/SCI security clearance, and be a US citizen.

Preferred Qualifications and Requirements:

Education/Training:  Ph.D. in Computer Science, Mathematics, Information Systems, or related disciplie with five (5) years’ experience.

Accountability:  This position will be responsible for exploring, defining, developing, demonstrating, and, in some cases, transitioning software capabilities.  This includes working with a team of developers, researchers, designers, and other technical personnel to create solutions.

Direction:  This position is expected to act with minimal supervision in accordance with SEI procedures and policies, such as those involving product development, team interaction, and confidentiality.

Decisions:  This position will explore, develop, and demonstrate software capabilities and make implementation choices for a wide-range of software-intensive problems.

Supervisory Responsibilities:  This position will eventually supervise a team of approximately 2 to 6 developers, and will act in the capacity of a mentor to solutions architects, software developers, and designers.

JOB FUNCTIONS OR RESPONSIBILITIES:

30% Design, develop, test, document, and demonstrate software.

20% Lead, direct, and oversee the activities of a team of developers working on diverse set problems and projects; development and management the development infrastructure and support the development team.

20% Interface with the research community to understand the state of research ideas and the practicality of applying those ideas to real USG problems and challenges.  Interface with USG customers to understand their needs and capabilities and identify possible solutions.

20%  Actively participate in agile team software development activities and team brainstorming, innovations, and design sessions.

10%  Participate in the broader SEI software research community through collaboration, papers, and presentations.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  SEI Innovation Center Director < SEI Innovation Center Chief Architect < Senior Software Developer

Position Summary:  The SEI Innovation Center is focused on matching state-of-the-art software research with critical U.S. Government (USG) needs.  This position will support the Center’s mission by developing, applying, demonstrating, evaluating, and transitioning software capabilities that operationalize research concepts of significant value to the USG.  Software developers in the Center work on leading edge technologies and apply them to important and challenging problems. It is a dynamic and flexible development environment with constant opportunities to develop new skills, to learn new programming methods and techniques, to work on emerging architectures and systems, and to make a difference.  Duties include:  Develop and code software solutions that provide needed capabilities to the USG building on state-of-the-art research in analytics, data architectures, software assurance, security, and human information interaction;  conduct rapid software prototyping to demonstrate and evaluate technologies in relevant environments; conduct performance, security, and other aspects of evaluating software systems; test software capabilities using novel testing and analysis techniques; document software with an emphasis on architectures, user stories, and interface definitions; practice agile software development methods and actively participate on teams of software developers, researchers, designers, and technical leads; support software development infrastructure and assist in building and configuring computing systems and resources; interface with the research community and the USG to understand challenges, needs, and possible solutions; contribute to improving the overall technical capabilities of the Center by mentoring and teaching others, participating in design (software and otherwise) sessions, and sharing insights and wisdom across the SEI Innovation Center team.

Minimum Qualifications and Requirements:

Education/Training:  Bachelors of Science in Computer Science, Information Systems, or related field with eight (8) years’ experience in hands on software development, or equivalent; Masters of Science in Computer Science, Information Systems, or related field with five (5) years’ experience in hands on software development, or equivalent; Ph.D. with two (2) years’ experience is a plus.

Experience:  Professional experience listed above to include the following areas:  five (5) years of production or intensive research software development experience in modern languages such as C/C++ or Java; knowledge of commonly used languages such as Perl, Python, JavaScript, etc.; working knowledge of some modern computing paradigms and environments such as NoSQL systems (Hadoop, CouchDB, MapReduce), cloud computing and virtualization, parallel programming, HPC development, network programming, mobile development, and interface development; familiarity with end-to-end software development activities in Linux/Unix/Web environments; familiarity with software development tools including version control systems (git, svn, p4 etc.) and bug tracking systems (e.g., bugzilla); working knowledge and experience in participating in agile software development practices and team design sessions; demonstrated problem solving ability with the ability to explore and evaluate many possible solutions to problems; proven contribution to open source development projects is a plus.

Skills/Abilities:  Knowledge of:  Software development in Python, C/C++, Java, and other modern languages; modern computing, data, and storage solutions including data processing architectures (MapReduce, Hadoop, BigTable), cloud computing and virtualization concepts; virtualization, hypervisors, cloud controllers, and other cloud provisioning concepts; algorithm design and analysis including analysis of algorithm complexity; familiarity with of core Internet protocols (e.g., TCP/IP, BGP, UDP, ICMP, DNS, etc.); software / systems development lifecycle, QA testing, revision control, and change management practices.

Mobility: Primarily sedentary in an office setting with some mobility. Flexible to travel to various locations within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Travel outside of Pittsburgh limited to no more than 5 working days a month.

Environmental Conditions: Normal office conditions; close contact with computer screen for extended periods of time.

Mental: The ability to:  explore and solve complex, ill-defined problems; work meticulously with attention to detail; meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; self-starter willing to take on tasks and initiate constructive activity with little guidance; deal collaboratively, diplomatically, and successfully with customers, co-workers, and other professional colleagues, managers, and staff; grasp the big picture, direction, and goals of an effort; interface with world-class research community; develop and communicate innovative ideas; quickly learn new procedures, techniques, and approaches.

Other:  Candidates must be able to pass a background investigation, obtain a DoD TS/SCI security clearance, and be a US citizen.

Accountability:  This position will be responsible for exploring, defining, developing, demonstrating, and, in some cases, transitioning software capabilities.  This includes working with a team of developers, researchers, designers, and other technical personnel to create solutions.

Direction:  This position is expected to act with minimal supervision in accordance with SEI procedures and policies, such as those involving product development, team interaction, and confidentiality.

Decisions:  This position will explore, develop, and demonstrate software capabilities and make implementation choices for a wide-range of software-intensive problems.

Supervisory Responsibilities:  This position does not supervise others, but may provide technical leadership to projects and act in the capacity of a mentor to solutions architects, software developers, and designers.

JOB FUNCTIONS OR RESPONSIBILITIES:

60% Design, develop, test, document, and demonstrate software.

15% Interface with the research community to understand the state of research ideas and the practicality of applying those ideas to real USG problems and challenges.  Interface with USG customers to understand their needs and capabilities and identify possible solutions.

15% Actively participate in agile team software development activities and team brainstorming, innovations, and design sessions.

10% Participate in the broader SEI software research community through collaboration, papers, and presentations.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  SEI Innovation Center Director < SEI Innovation Center Chief Architect < Software Developer

Position Summary: This position will be located in either the Pittsburgh or Arlington office.  The SEI Innovation Center is focused on matching state-of-the-art software research with critical U.S. Government (USG) and Industry needs.  The Center is leading a collection of new initiatives for the SEI, and is seeking creative and hard-working members to join its team.  The Member of the Technical Staff of the Center’s Cyber Intelligence Team will be responsible for enabling the Intelligence Community and Industry to enhance cyber domain awareness, predict disruptions, as well as deter or defend against cyber anomalies and attacks. Key activities include exploring and using state of the art techniques and technologies to conduct analysis; collecting, processing and analyzing data to support project goals; and developing new techniques and technologies to assist private and government entities in identifying cyber threats and mitigating the risk those threats pose. Duties include: conduct research and identify tools that can support data management and data visualization (such as infographics) and create SOPs for using these tools; score data brought back form site interviews and enter results into a database which can be queried by a visualization tool; conduct analysis of cyber domain data derived from multiple industry sources and identify anomalies and trends, if present, in the data; create analytical assessments of anomalies and trends, working with consortium members, CERT, CMU and outside experts as appropriate to determine meaning, and possible means of protection and/or response; support preparation of reports to government customers; participate in project meetings, share insights and wisdom across the Center team.

Minimum Qualifications and Requirements:

Education/Training:  Bachelor's degree in Business Administration, Information Science, Computer Science, Intelligence Analysis, or relevant social science.  Knowledge of network security, information security, or cyber intelligence is a plus.

Experience:  Any professional experience listed above to include the following areas: Cyber domain analyst, preferably within company security teams, network operations centers, or within the government in counter terrorism centers or cyber intelligence environments is a plus.  At least three (3) years' experience in data analytics; relevant academic or work experience in data entry, data management tools, data analysis; knowledge of databases and data management tools; knowledge Rubric creation and scoring (academic or applied); familiarity with data visualization tools or techniques.

Skills/Abilities: Strong written and verbal communications skills and the ability to present to small and large audiences; strong analytic skills; ability to travel approximately 10-25% of time to partner locations throughout the United States; ability to learn data visualization tools and techniques.

Mobility: Primarily sedentary in an office setting with some mobility. Flexible to travel to various locations within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion.

Environmental Conditions: Normal office conditions; close contact with computer screen for extended periods of time.

Mental: The successful candidate will have the ability to explore and solve complex, ill-defined problems; work meticulously with attention to detail; meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; self-starter willing to take on tasks and initiate constructive activity with little guidance; deal collaboratively, diplomatically, and successfully with customers, co-workers, and other professional colleagues, managers, and staff; grasp the big picture, direction, and goals of an effort; interface with world-class research community; develop and communicate innovative ideas; quickly learn new procedures, techniques, and approaches.

Preferred Qualifications and Requirements:

Licenses:  Network +, Certified Ethical Hacker, or other relevant certification.

Experience: Intelligence Community experience; awareness of sourcing, methodology of intelligence analysis, as well as intelligence tools; familiarity with network security tools and appliances including firewalls, intrusion detection/prevention systems, and anti-virus software- Experience conducting risk assessment of an enterprise network or other information technology platform; experience remediating network vulnerabilities, patch management, or familiarity with incident response procedures.

Skills/Abilities: Intelligence report creation, writing, publishing, dissemination, peer review; academic writing and research; understanding of threats, risks, and vulnerabilities in the cyber domain.
 
Other:  Candidates must be able to pass a background investigation, obtain a DoD TS/SCI security clearance, and be a US citizen.

Accountability: This position will be responsible for: coding and entering results of data collection into a database; managing databases to maintain the integrity of the data, so that it is current; conducting analysis of data to identify opportunities to improve intelligence capabilities in support of cyber security; supporting project team’s reports and workshops; working with a team of analysts, developers, researchers, designers, and other technical staff to create solutions.

Direction: This position is expected to act in accordance with SEI procedures and policies, such as those involving product development, team interaction, and confidentiality.

Decisions: This position would be expected to make decision based on duties assigned.                                                                 

Supervisory Responsibilities: This position does not supervise others.

JOB FUNCTIONS OR RESPONSIBILITIES:

45%      Actively participate in project team activities, meetings, brainstorming and innovations.

25%      Data entry, management and analysis sessions.

20%      Support to project team by preparing reports and workshops.

10%       Participate in the broader SEI community through collaboration, papers and presentations.      

100% TOTAL EFFORT

ORGANIZATIONAL CHART: SEI Innovation Center Director > Project Lead Cyber Intelligence Analyst > Cyber Intelligence Analyst

Position Summary:  The SEI Innovation Center is focused on matching state-of-the-art software capabilities with critical U.S. Government (USG) needs.  This position will support the Center’s mission by capturing government needs and identifying, shaping, and guiding research that matches these needs and operationalizing research concepts in a realistic USG environment. If you are a researcher passionate about big data, cloud computing, human information interaction, analytics/machine learning/data mining/knowledge discovery, or scalability, and you are committed to bringing innovation to government and beyond, then this is the position for you.

Duties include:  The SEI Innovation Center Senior Research Scientist will: Work with the Center’s leadership team to plan, develop and implement an overall research strategy, initiate and conduct novel research in-line with the Center’s broad technical focus of “data-intensive scalable computing,” and lead and collaborate with other research and development technical staff in the Center and across the SEI; Directly participate in the formation of a research agenda and assist the SEI Innovation Center in establishing a national agenda in future technology; Develop research ideas in collaboration with sponsors and customers, collaborate with world leaders in the academic community, lead and conduct hands-on research, and direct research staff to advance ideas in support of Center’s current and future customer needs; Work closely with the SEI Innovation Center Director to define near-term and strategic research approach and agenda, as well as lead, conduct, and direct research projects for the Center.
This position will afford the opportunity to participate in strategic planning for the whole of the Center along with an interdisciplinary team of highly talented visionaries. The work requires a deep understanding of technical challenges and emerging trends in computing and information science and awareness of the potential opportunities in industry and government. It also requires effective formulation and presentation of forward looking ideas. While deep technical knowledge in one or more fields is desirable, a demonstrated track record of research contributions across multiple fields is preferred. The SEI Innovation Center and the Center customers are inherently interdisciplinary.

Specific responsibilities include:  Interface directly with USG customers to identify, capture, and articulate critical software-related capability needs, specifically in the domain of data-intensive scalable computing; Identify, shape, and guide research activities directed at filling critical USG computing and information needs; Leverage research ideas to design, document, and oversee the development of solutions relevant to critical government needs; Oversee interdisciplinary development teams from problem definition to solution concept to solution development, test and evaluation, and technology transition; Develop and operationalize novel transition strategies for taking solutions from research concept to operational capability; Promote and practice user-centered design methodologies throughout the solution life-cycle, from research concept to operational capability; Publish and promote Center research to contribute to raising awareness and impact of the Center and the SEI; and Mentor other Center staff and collaborators on research methods, technical areas of expertise, user-centered design concepts, and solution design principles.

Minimum Qualifications and Requirements:

Education/Training: Bachelors of Science in Computer Science, Information Systems, or related field with ten (10) years’ experience, or equivalent Masters of Science in Computer Science, Information Systems, or related field with eight (8) years’ experience, or equivalent.

Experience:  Professional experience listed above to include the following areas:  Leading research and research teams; capturing and documenting user/customer needs and requirements in complex technical areas under uncertainty and changing requirements and priorities; conducting research and applying scientific methods; basic and applied research; facilitating participatory design and innovation sessions for all aspects of software, solutions, and research design concepts; software development in support of research and taking software capabilities from the lab to operations; hands on modeling and simulation, data analysis/analytics, and large-scale computing; proven capabilities in the visual communications of complex ideas and concepts; preparing and delivering technical proposals, papers, and presentations; conducting user-centered design activities including user studies, novel prototyping capabilities, and exploring multiple solution concepts in parallel; design of information architectures for complex human-centered software systems; experience working with DARPA, IARPA, Service Labs, or other government research sponsors is a plus. Ideal candidates have: Three to five years of progressively responsible experience in a technology- or research-based organization in government, industry or higher education; three to five years’ experience in researching, developing, or applying data-intensive scalable computing in a commercial or DoD/government-related environment; experience in building and managing high technology research teams. The candidate should have in-depth knowledge of software and systems engineering.  Demonstrated success in formulating and delivering successful research proposals to the federal government and in leading the resulting projects. Demonstrated record of publications and contributions to the science and technology community. Demonstrated management experience with responsibility for projects, people, budgets and contracts.

Skills/Abilities: Knowledge of:  Software engineering including design, architecture, development, testing, and deployment; human-computer interaction, Human-machine interaction, and Human-information interaction; modern computing, data, and storage solutions, data processing architectures (MapReduce, Hadoop, NoSQL); cloud Computing; analytics, data mining, machine learning, knowledge discovery; knowledge of information analysis, visualization, and manipulation tools and techniques; must be visionary, with strong sense of purpose; prior academic center research experience; a reputation for applied and/or theoretical research with a track record of valuable publications; track record of accomplishment in leading the research agenda for technology-based organizations; reputation for highest level of integrity; high comfort level with ambiguity; success at building consensus within a matrixed organization; excellent oral, written and presentation skills; able to make decisions and recommendations that significantly change important public policies or scientific programs; understanding and appreciation for the interplay between technology and policy; ability to influence, work and manage technical staff; able to respond quickly and effectively to changing priorities; excellent analytical, organizational, supervisory, reasoning and problem solving skills; ability to interact effectively with diverse constituencies internally and externally; excellent verbal and written communication skills.

Mobility: Primarily sedentary in an office setting with some mobility. Flexible to travel to various locations within the SEI and CMU community, sponsor sites, conferences, and offsite meetings potentially with routine frequency.

Environmental Conditions: Normal office conditions; close contact with computer screen for extended periods of time.

Mental: The ability to:  Design and develop detailed problem formulations and research approaches based on requirements elicitation from internal and external stakeholders; communicate with software developers, analyst, and non-technical experts; work meticulously with attention to detail; remain calm during difficult situations; meet inflexible deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities and frequent interruptions; deal collaboratively, diplomatically, and successfully with customers, co-workers, and other professional colleagues, managers, and staff; grasp the big picture, direction, and goals of an effort; interface with world-class research community; develop and communicate innovative ideas; take leadership role in technical projects; oversee the technical activities of teams of 3-4 researchers, developers, and designers; quickly learn new procedures, techniques, and approaches.

Other:  Candidates must be able to pass a background investigation, obtain a DoD TS/SCI security clearance, and be a US citizen.

Preferred Qualifications and Requirements:

Education/Training: Doctor of Philosophy in Computer Science, Engineering, Mathematics, Information Systems, or related field with five (5) years of experience, or equivalent.

Accountability:  This position will be responsible for transforming vague and uncertain customer needs and requirements into clear problem statements and research programs. Research will always be conducted with a solutions and outcome focus. This includes matching problems to research ideas, technology capabilities, and ultimately solutions.

Direction:  This position is expected to act with minimal supervision in accordance with SEI procedures and policies, such as those involving product development, team interaction, and confidentiality.

Decisions:  This position will conduct research, make decisions about research approaches and ideas, explore and specify solutions and designs and make implementation choices for a wide-range of data-intensive scalable computing problems.

Supervisory Responsibilities:  This position may include supervisory responsibilities for a small (2) to medium (10) sized team of researchers or research programmers.

JOB FUNCTIONS OR RESPONSIBILITIES:

60% Serve as the an interface with USG technical and research customers to understand, capture, and translate USG problems to the research community and other SEI staff focused on developing meaningful research problems, conducting research, and developing solutions. Lead, conduct, and facilitate exploration and innovation sessions and workshops to elicit clear definition of USG challenges and concepts. Craft and conduct research in partnership with USG customers, academic partners, SEI staff, and industry collaborators were appropriate.

15%  Serve as a principal advocate for the research portion of the SEI Innovation Center. Formulate and evolve the research strategy and work with Center management to implement that strategy. Assist with formation and growth of the research team and recruiting appropriate talent.

15%  Serve as liaison to internal CMU/SEI functions and programs in active and potential areas of research. Builds external relationships to foster research collaborations. Represents the Center to the S&T community by participation in S&T community events and forums. Work with Center management to identify critical research areas and research opportunities that support the needs of Center’s current and future customers.

10%  Mentor internal solutions architects and software developers; communicate the design of solutions to internal stakeholders; and provide technical guidance on integration and design to external stakeholders.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  SEI Innovation Center Director < Senior Research Scientist

Position Summary:  The SEI Innovation Center is focused on matching state-of-the-art software research with critical U.S. Government (USG) needs.  This senior position will support the Center’s mission by developing, applying, demonstrating, evaluating, and transitioning software capabilities that operationalize research concepts of significant value to the USG.  Software developers in the Center work on leading edge technologies and apply them to important and challenging problems. It is a dynamic and flexible development environment with constant opportunities to develop new skills, learn new programming methods and techniques, work on emerging architectures and systems, and make a difference.  Duties include:  Take hands-on leadership responsibilities for a team of software developers and cyber intelligence analysts; perform  rapid software prototyping to demonstrate and evaluate technologies in relevant environments; conduct performance, security, and other aspects of evaluating software systems; test software capabilities using novel testing and analysis techniques; document systems with an emphasis on architectures, user stories, and interface definitions; practice agile software development methods and actively participate on teams of software developers, researchers, designers, and intelligence analysts; support cyber analytical infrastructure and assist in building and configuring computing systems and resources; interface with the technical community, intelligence analytical community and the USG to understand challenges, needs, and possible solutions; contribute to improving the overall technical capabilities of the Center by mentoring and teaching others, participating in design (software and otherwise) sessions, and sharing insights and wisdom across the SEI Innovation Center team.

Minimum Qualifications and Requirements:

Education/Training:  Bachelor of Science in Computer Science, Information Systems, or related field with ten (10) years’ experience in hands on software development, or equivalent; Masters with eight (8) years’ experience or a Ph.D. with five (5) years’ experience a plus.

Experience:  Professional experience listed above to include the following areas:  ten (10) years of production or intensive research software development experience in modern languages such as C/C++ or Java; knowledge of commonly used languages such as Perl, Python, JavaScript, etc.; working knowledge of modern encryption and security computing topics e.g. Public Key Cryptography, Network security, etc.; familiarity with Operating System concepts in Linux/Windows/Unix environments ; familiarity with some modern computing paradigms and environments such as NoSQL systems (Hadoop, CouchDB, MapReduce), cloud computing and virtualization, parallel programming, HPC development, network programming, mobile development, and interface development; familiarity with end-to-end software development activities in Linux/Unix/Web environments; familiarity with software development tools including version control systems (git, svn, p4 etc.) and bug tracking systems (e.g., bugzilla); working knowledge and experience in participating in agile software development practices and team design sessions; experience as team lead or supervisor; demonstrated problem solving ability with the ability to explore and evaluate many possible solutions to problems; proven contribution to open source development projects is a plus.

Skills/Abilities:  Knowledge of:  Software development in Python, C/C++, Java, and other modern languages; modern computing, data, and storage solutions including data processing architectures (MapReduce, Hadoop, BigTable), cloud computing and virtualization concepts; virtualization, hypervisors, cloud controllers, and other cloud provisioning concepts; algorithm design and analysis including analysis of algorithm complexity; familiarity with of core Internet protocols (e.g., TCP/IP, BGP, UDP, ICMP, DNS, etc); software and network security concepts.

Physical Mobility: Primarily sedentary in an office setting with some mobility. Flexible to travel to various locations within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Travel outside of Pittsburgh limited to no more than 5 working days a month.

Environmental Conditions: Normal office conditions; close contact with computer screen for extended periods of time.

Mental: The ability to:  explore and solve complex, ill-defined problems; work meticulously with attention to detail; meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; self-starter willing to take on tasks and initiate constructive activity with little guidance; deal collaboratively, diplomatically, and successfully with customers, co-workers, and other professional colleagues, managers, and staff; grasp the big picture, direction, and goals of an effort; interface with world-class research community; develop and communicate innovative ideas; quickly learn new procedures, techniques, and approaches.

Other:  Candidates must be able to pass a background investigation, obtain a DoD TS/SCI security clearance, and be a US citizen.

Preferred Qualifications and Requirements:

Education/Training: Masters or Ph.D. in Computer Science, Mathematics, Information Systems, or related discipline with eight (8) years’ experience.

Accountability:  This position will be responsible for exploring, defining, developing, demonstrating, and, in some cases, transitioning software capabilities.  This includes working with a team of developers, researchers, designers, and other technical personnel to create solutions.

Direction:  This position is expected to act with minimal supervision in accordance with SEI procedures and policies, such as those involving product development, team interaction, and confidentiality.

Decisions:  This position will explore, develop, and demonstrate software capabilities and make implementation choices for a wide-range of software-intensive problems.

Supervisory Responsibilities:  This position will eventually supervise a team of approximately 2 to 6 developers, and will act in the capacity of a mentor to solutions architects, software developers, and designers.

JOB FUNCTIONS OR RESPONSIBILITIES:

30% Design, develop, test, document, and demonstrate software.

20% Lead, direct, and oversee the activities of a team of developers working on diverse set problems and projects; development and management the development infrastructure and support the development team.

20% Interface with the research community to understand the state of research ideas and the practicality of applying those ideas to real USG problems and challenges.  Interface with USG customers to understand their needs and capabilities and identify possible solutions.

20% Actively participate in agile team software development activities and team brainstorming, innovations, and design sessions.

10% Participate in the broader SEI software research community through collaboration, papers, and presentations.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  SEI Innovation Center Director < SEI Innovation Center  Chief Architect < Software Solutions Designer

Position Summary:  This position is located at Fort Huachuca, AZ (Sierra Vista). The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Program engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems. As the senior onsite technical representative for the SEI, the candidate will work closely with senior staff and operational units of the US Army Network Enterprise Technology Command (NETCOM) at Ft Huachuca, Arizona. The SEI’s collaboration with NETCOM covers the waterfront of network and systems security, network analytics and cyber operational training. The candidate will work on a daily basis with NETCOM leadership and staff focusing on transitioning a portfolio of technical, process, and work-force development cyber security projects into operations. The candidate will collaborate with analysts from across the SEI to explore new and innovative ways in which SEI's technical competencies and capabilities can be applied to current and future technical challenges faced by the customer. In addition, this candidate will represent the CERT Program to the customer through daily interaction with government sponsors and their FFRDC and contractor personnel. This interaction will include frequent interaction with senior civilian and military leaders, staff officers and engineers, as well as network operations personnel located at the headquarters and associated units.

Minimum Qualifications and Requirements:

Education/Training: Bachelor of Science in Computer Engineering, Information Systems, Information Systems Management or related field with ten (10) years’ experience, or equivalent; Master’s Degree in Information Systems, Information Systems Management or related field with eight (8) years’ experience, or equivalent.

Experience: Professional experience should include supporting technical decision-making, acquisition and management of large-scale enterprise deployment of network security technologies, defining requirements for security technology insertion, military experience in network operations and network defense, including five (5) or more years’ experience in a technical leadership role.

Skills/Abilities: Successful candidates will have the ability to: contribute in a team environment with other team members with varying skills, experience and locations; function independently in the role of a consultant; understand and translate customer technical and program requirements leading to successful integration and future transition of SEI technologies; excellent oral and written communication skills; identify the need for improvements and communicate these requirements; develop and explain technical decisions to varying audiences, including senior government and military leadership and technical staff; interact effectively with technical and non-technical audiences with verbal and written communications; acting in a customer service role to internal and external stakeholders; work meticulously with careful attention to detail and priority of work, especially in an environment that is remote from the home office; understand DOD networks.

Physical: This position is at Fort Huachuca, AZ (Sierra Vista).

Mobility: Primarily sedentary in an office setting with regular travel to the SEI Pittsburgh office and occasional trips to other Army sites. This role could include up to two trips a month of 2-4 days to these locations.

Environmental Conditions: Normal office conditions; close contact with computer display for extended periods of time.

Mental: The ability to: work meticulously with careful attention to detail; meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort; develop and communicate innovative ideas; take leadership role in technical projects; and quickly learn new procedures, techniques, and approaches.

Other: Candidates must be a US Citizen, able to pass a background investigation and obtain a DOD Top Secret clearance.

Preferred Qualifications and Requirements:

Experience: Ideal candidates will have experience in some of the following areas: significant exposure and experience in Army cyber operations; performing the security aspects of system and/or network administration in a U.S. government agency or U.S. Defense Contractor environment; acting in the role of a (technical) cyber analyst; operating or managing risk in a larger enterprise infrastructure; developing materials for senior leadership in government or industry; developing and implementing information security policies and standard operating procedures; acting in the role of a project manager.

Other: A candidate with a current DoD security clearance is preferred.

Accountability: The individual will serve as the SEI’s technical liaison and on-site resource to NETCOM. The individual will also contribute to NETCOM and SEI project, department, or program objectives and planning document development. The individual will keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution. The individual will assist the customer by ensuring that cyber technologies are more rapidly and effectively transitioned, either in-house or to their contracting community, by enhancing their capabilities to select and adopt these technologies.

Direction: The individual is expected to act independently using CMU, SEI and US Army defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual is expected to participate in the decision-making and problem-solving processes of designing, building, and operating systems for network security; suggesting and implementing policies and procedures to support these activities; and creating prototype implementations of tools and approaches for situational awareness. The individual will be required to work independently, and/or provide requisite technical leadership on a team of non-SEI (government, contractor or FFRDC) personnel, augmented by reach-back support from the technical staff in Pittsburgh.

Supervisory Responsibilities: This position does not formally supervise others. However, the individual will act in a technical leadership or project lead role in regard to specific work products and activities both at CMU and at the customer site.

JOB FUNCTIONS OR RESPONSIBILITIES:

50% Support SEI tasking in current NETCOM Work Plan and associated project documents. Provide SME support to NETCOM Futures Directorate as required. Support the portfolio and engagement management of the CERT work with the customer.

50% Enable the transition and appropriate focus of CERT deliverables in the customer’s operational environments. Work with the CERT project teams on requirements definition and act as a liaison on their behalf.

100% TOTAL EFFORT

ORGANIZATIONAL CHART: Program Director, CERT > Technical Director, CTVA > Program Manager, CTVA > Technical Lead > Senior Engineering Liaison

Position Summary:  The individual in this position will work as a member of the IT Network and Infrastructure Engineering Group and have as their primary responsibility the administration of enterprise information security systems and the analysis, auditing, investigation, and follow-up of the data generated by those systems. Information security systems in the purview of this position include Intrusion Detection Systems (IDS), netflow systems, DNS monitoring, and log/event correlation systems. This position will also aid in the development of security practices and participate in the overall information security mission of the organization, for example advising other administrators during system deployments as to proper security considerations. This position will also collaborate closely with research programs within the SEI that perform cutting-edge research on information security topics to integrate their research into practical enterprise-scale applications.

Minimum Qualifications and Requirements:

Education/Training:  BS in Computer Science, Information Science, Information Technology with up to (3) three years of experience.  Candidates with a degree in other technical fields (e.g., engineering) and/or years of relevant experience as described above will be considered as well.

Experience: At least three (3) years’ experience in at least some the following information security areas, performed as a primary job task: security-related network flow capture and analysis, Snort/Sourcefire IDS administration with signature development, or forensic investigation and analysis of suspect systems using network-related security indicators as part of the investigation. At least some experience with general network administration and administration of services in a Linux-based environment is required.

Skills/Abilities: Strong skills in basic networking; some skill in administering Linux-based services such as IDS or log analysis; skill in operating a Snort/Sourcefire IDS system and the ability to develop, deploy, and manage IDS rulesets; familiarity with investigating systems in a basic forensics capacity to determine if a system is compromised and/or operating maliciously; administration and use of a netflow capture and analysis system; some scripting ability in a common language such as Perl or Python.

Mobility:  Daily foot travel between buildings in and around the CMU campus. Infrequent business travel required, usually to the Washington, DC area (approx. 4 times/year). Computer hardware installation and configuration required on a periodic basis, sometimes involving transport of heavy objects (typically under 100 lbs.) short distances using assistance devices, use of hand tools, et cetera. Carrying of light objects (< 20 lbs.) for longer distances (intra-campus; 2-3 city blocks) may also be required.

Environmental Conditions: Ability to use a computer keyboard and display for extended periods of time; periodic work in a computer datacenter or wiring closet environment.

Mental:  Ability to work under pressure and meet deadlines; ability to prioritize tasks; strong learning capability; ability to interact effectively with others of varying technical competency, vendors, managers, and other technical research staff; ability to work effectively with other groups within the SEI and Carnegie Mellon. Good technical problem-solving skills. Strong information organization skills as well as good oral and written communication skills are required.

Other:  Ability to work on weekends and after-hours as necessary, especially during security incidents and emergencies.  This position will be infrequently called upon outside of business hours as an escalation point for information security-related issues and incidents.  Candidate must pass a background investigation and be able to obtain a United States DoD Top Secret clearance and maintain that clearance as a condition of employment.

Preferred Qualifications and Requirements:

Licenses: CISSP, CISM

Experience:  Use of the SiLK tools, YAF, Analysis Toolkit for netflow analysis.
 
Skills/Abilities:  SiLK tools; YAF; advanced Perl programming; Cisco IOS and ASA-OS; Juniper JunOS, Wireshark or other tools to process PCAP files; SEIM tools such as QRadar, ArcSight or Splunk; Nessus vulnerability scanner.

Other: Clearances: United States DoD Top Secret or equivalent that is transferrable to the SEI.

Accountability:  Employee is accountable for describing, implementing and/or maintaining an efficient, reliable and secure configuration of computing services in support of the SEI initiatives and/or a sponsor/client.  Employee may be responsible for the proper handling/destruction of confidential and sensitive information.

Direction:  Employee will be expected to work under minimum supervision within the defined scope of authority and in accordance with SEI IT operating guidelines.

Decisions:  Under management direction, the employee will decide the appropriate configuration for production computing services. Employee will determine how best to allocate and/or acquire resources necessary to implement and evolve information services.  Employee will determine the cause of computing problems and take corrective action in a timely fashion when a system/service fails or becomes unavailable.  Employee will describe the appropriate procedures to configure and maintain a particular computing system to support one or more critical business functions in a secure manner.

Supervisory Responsibilities:  Employee will provide assistance to staff members / clients in the proper configuration/use of computer hardware and software services and tools.

JOB FUNCTIONS OR RESPONSIBILITIES:

70% Administration of, response to and evolution of the information security systems of the SEI.

15% Collaboration with other IT groups and SEI programs on various information security-related initiatives.

5% Other IT duties as assigned.

10% Maintaining awareness of evolving trends in information security.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  ITS Director < Network and Infrastructure Engineering Manager < Information Security Analyst

Position Summary: The Vulnerability Analysis Team within the CERT Program’s CERT Coordination Center (CERT/CC) is a group of internet security experts that serve as a trusted and neutral coordination body, dedicated to remediating software vulnerabilities and providing practical guidance for customers, system administrators, security researchers, and the global internet security community to reduce the amount of time software systems are vulnerable. The primary roles of the Vulnerability Analysis Team include: software vulnerability analysis including black box testing, source code examination, and attack reproduction; customer, vendor, and reporter correspondence; publication of technical documents and remediation information; tool specification and development.
The individual in this position must be self-motivated and will have the opportunity to serve as a strong contributor and technical leader in the analysis, coordination, and remediation of software vulnerabilities.  The intent is for this position to be primarily located in Pittsburgh, PA with occasional travel to the Washington D.C. area on a monthly basis.

Minimum Qualifications and Requirements:

Education/Training: Bachelor of Science in Computer Science, Information Science, Information Management with three (3) years applicable experience as a system or network administrator, software developer, database administrator or similarly technical occupation; or Master of Science in Computer Science, Information Science or Information or equivalent with one (1) year applicable experience.  We will consider other educational backgrounds in a technical discipline with experience as described.

Experience: Candidates should have at least three years of experience in a Windows and Unix/Linux environment and be able to demonstrate substantial knowledge of at least four of the following: various internet protocols (e.g., TCP/IP, DNS, BGP, SMTP, HTTP); computer system and Internet security issues; various security technologies (e.g., encryption, firewalls, and anti-virus products); software runtime analysis, debugging, and security testing techniques; security auditing practices; underlying software defects that routinely result in security vulnerabilities (e.g., input validation errors); understanding of intruder techniques and software exploitation methods; system, database, and/or network administration; operational details of multiple operating systems; cryptographic principles and common cryptographic protocols; one or more programming languages (e.g., C/C++, Perl, or Java); vulnerability management concepts and tools.

Skills/Abilities: Successful candidates will: have an interest in and have extensive knowledge of network and computer security issues; have the ability to analyze software to discover vulnerabilities; be able to develop and explain technical decisions; be able to separate fact from opinion and speculation; have excellent work prioritization, planning, and organizational skills; interact effectively with vulnerability reporters, system and network administrators, vendors, experts, Internet users, sponsors, policy makers, news reporters, managers and staff (i.e., stakeholders in the vulnerability disclosure process); be able to work with closely coordinated team during emergencies; excellent analytical, reasoning, and creative problem solving skills; excellent written, oral communication skills; recognize and deal appropriately with confidential and sensitive information; be able to work meticulously with careful attention to detail; be able to collaborate effectively and work closely within a coordinated team environment; be able to quickly learn new procedures, techniques, and approaches; maintain composure while dealing with difficult people; communicate and work effectively under normal and stressful situations; meet inflexible deadlines; possess strong leadership and mentoring abilities; be motivated to tackle challenging problems.

Mobility: Primarily sedentary, long periods of sitting. Ability to travel to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings with some frequency.

Environmental Conditions: Normal office conditions; however close contact with computer for prolonged periods of time.

Mental: The ability to work well under pressure of deadlines.

Other:  Candidate must be able to pass a background check, obtain a security clearance, and be a U.S. citizen.

Preferred Qualifications and Requirements:

Education/Training: Master of Science in Computer Science, Information Science or Information or equivalent with one (1) year applicable experience.  We will consider other educational backgrounds in a technical discipline with experience as described.

Experience: Ideal candidates will have substantial experience in two or more of the following areas: industrial/process control systems; web application development; computer and network architecture; reverse engineering; software development; computer and network architecture; network security and survivability issues, to include knowledge of and experience with information security concepts, information security best practices and bodies of knowledge, computer security incident response management.

Other:  Fluent oral and written communication in Spanish or other foreign language.

Accountability: Develop and implement project technical results.  Contribute to program objectives and plans development.  Keep in confidence sensitive information such as security, vulnerability, and site-specific information.

Direction: Regular interaction with supervisor.  Expected to act in accordance with SEI and NSS program procedures and policies, such as those involving product development, team interaction, and confidentiality.

Decisions: Must accurately represent the program in interactions with customers, sponsors, and the public.  Participate in conferences and workshops where security-related issues are discussed as required.

Supervisory Responsibilities: Contributes to hiring decisions of program staff; appraises performance of support staff.

JOB FUNCTIONS OR RESPONSIBILITIES:

40% Analyze vulnerability reports using tools, processes, and techniques designed to provide fact-based analysis to other stakeholders in the vulnerability disclosure process.

20% Research, specify, and develop new tools, processes and techniques to improve vulnerability analysis methodology and to support interaction with stakeholders.

10% Correspond with software vendors, vulnerability researchers, sponsors, and other stakeholders.

10% Communicate analytical results in various technical communities to promote collaboration and shared understanding of vulnerability preconditions and impacts.

5%  Write and publish short to medium-length documents describing vulnerability mitigation strategies and root-cause analyses.

5% Represent CERT/CC in other forums (e.g., conferences, workshops, etc.).

5% Provide assistance and input to other teams and projects within the SEI.

5% Be on call to respond to Internet emergencies (outside of normal business hours).

100% TOTAL EFFORT

ORGANIZATIONAL CHART: Networked Systems Survivability Program, Manager > Cyber Threat and Vulnerability Analysis, Director > CERT Vulnerability Analysis Team, Technical Manager > Vulnerability Analyst
 

Position Summary:  We are building a small team responsible for researching next generation secure mechanisms, approaches, practices, techniques, and tools.  This team will work with current and emerging technologies to research potential improvements in approaches for identifying and/or mitigating security weaknesses in embedded and network based software and systems.  We are seeking an individual with experience in embedded systems security to grow the team, lead the research, and build the technical and research agenda.  The individual in this position will be responsible for planning, proposing and accomplishing research on innovative approaches to securing systems and components based on new approaches to software, hardware, or system composition.  We are seeking candidates with a mix of expertise in computing and systems analysis, design, development and operations to support identification of areas with potential for innovative approaches to improving security.

Minimum Qualifications and Requirements:

Education/Training:   PhD degree in computer science and five (5) years of experience or MS in computer science and eight (8) years of experience.

Experience:  Fifteen plus (15+) years of progressively responsible experience in a technology- or research-based organization in government, industry or higher education.  At least ten years of successful information security operations and/or research experience including hands-on research, research team leadership and project management.  Possesses comprehensive knowledge across the mission area of the SEI and is able to apply that knowledge in new and unusual environments.  Demonstrated success in formulating and delivering successful research programs and projects.  Demonstrated management experience with responsibility for projects, people, budgets and contracts. 

Skills/Abilities: Mastery and broad understanding of computer systems, computer security practices and information security evaluation methods.  Mastery of information security field in order to apply experimental theories and new developments to problems not susceptible to accepted methods.  Ability to manage diverse areas and large, complex projects; ability to influence, work with and manage technical staff; able to respond quickly and effectively to changing priorities; excellent analytical, organizational, supervisory, reasoning and problem solving skills; ability to interact effectively with diverse constituencies internally and externally; excellent verbal and written communication skills. Able to synthesize solutions in new and different domains, cultures, and environments from available technologies, publications, and events.

Mobility: Normally sedentary with some mobility; ie., ability to travel to other locations on and off campus.  May require some bending, stretching, pushing, as well as lifting up to several reams of paper, etc. 

Environmental Conditions: Work is performed in an office setting.  Close contact with CRT for long periods of time. 

Mental: Ability to meet inflexible deadlines, remain calm during difficult situations, work under pressure and work with frequent interruptions.

Other:  Candidate must be able to successfully complete a background check and obtain a Top Secret security clearance.

Preferred Qualifications and Requirements:

Experience: Research management experience in higher education, government, military, and/or Fortune 100 technology-based organizations is preferred.  Embedded computing systems design and security evaluation is desirable. The ideal candidate will have demonstrated successful planning and directing/executing specialized programs of marked difficulty, responsibility, and national significance in information security which has provided leadership and accomplished marked attainments in professional, scientific, or technical research.

Skills/Abilities: Has the ability to bring about strategic change, both within and outside the organization.  Has the ability to establish and organizational vision and to implement it in a continuously changing environment.  Leads people toward meeting the organization’s research vision, mission, and goals.

Accountability:  This position is accountable to the Secure Software and Systems Technical Director for work content, quality, and schedule.

Direction:  Performs under minimal supervision; all normal duties and responsibilities are handled independently.  Functions within broad precedents and policies as defined by the SEI, Carnegie Mellon, the NSS director, and the SSS technical director. 

Decisions:  Plan and carry out research on novel approaches to information security.  Program planning, development of program management strategies, and risk management.  Design and implementation of systems that demonstrate innovative approaches to information security.

Supervisory Responsibilities:  The position will be responsible to lead the creation and direction of a team and their technical and research agenda. Responsibilities will include hiring, appraising performance, distributing work assignments and reviewing results.

JOB FUNCTIONS OR RESPONSIBILITIES:

40% Participating with team and client organizations to research, investigate, demonstrate and mature innovative approaches to improved approaches to cyber security.

30% Writing reports, papers and presentations describing research findings.

30% Working with collaborators and customers.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  CERT Director < Secure Software and Systems Technical Director < Next Generation Security Mechanisms Technical Manger < Secure Software and Systems Senior Researcher

Position Summary:  This position is responsible for supporting users and maintaining software and equipment in the CERT/CC Computing Laboratory. The successful candidate will support high-impact customers by developing, maturing, transitioning, and supporting operational malicious code systems.

Minimum Qualifications and Requirements:

Education/Training: Bachelor of Science in Computer Science, Information Systems or related field with three (3) years of experience, or equivalent; Master Degree in Computer Science, Information Systems, or related field,  with one (1) year of experience , or equivalent.

Experience:  Professional experience listed above to include the following areas:  Windows/Linux systems administration; preparing and delivering technical papers and presentations.

Skills/Abilities: Most of the following skills and abilities:  Software development in PERL, Python, C/C++, PowerShell; windows/Linux systems administration practices; applied understanding of core Internet protocols (e.g., TCP/IP, IP, UDP, ICMP, DNS, SMTP, HTTP, etc); software / systems development lifecycle, QA testing, revision control, and change management practices; proven ability to innovate, develop, implement, and effectively document complex technical systems and approaches; proven ability to deliver concrete, high quality, and timely results while working on multiple projects; planning and organizational skills, ability to work independently and with teams, ability to interact effectively with technical and non-technical audiences both written and verbally; ability to teach and learn from others; fluency in a second language.

Mobility:  Primarily sedentary in an office setting with some mobility. Must be able to lift 50lbs above head. Flexible to travel to various locations within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion.

Environmental Conditions:  Normal office conditions; close contact with computer screen for extended periods of time. Occasional work in machine room (loud and extreme office temperatures 55F-90F).

Mental:  The ability to:  Work meticulously with attention to detail; meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; deal collaboratively, diplomatically, and successfully with customers, coworkers, and other professional colleagues, managers, and staff; grasp the big picture, direction, and goals of an effort; develop and communicate, innovative ideas; take leadership role in technical projects; quickly learn new procedures, techniques, and approaches.

Other:  Candidates must be able to pass a background investigation, obtain a DoD TS/SCI security clearance, and be a US citizen.

Preferred Qualifications and Requirements:

Experience:  Experience using and managing virtual computing environments such as VMWare or VirtualBox. Experience with computer forensics analysis, intrusion detection, and honeypots.

Accountability:  Contribute to technical area goals and objectives development. Keep in confidence sensitive information such as security, vulnerability, and site information.

Direction:  Expect to act with minimal supervision in accordance with SEI and CERT program procedures and policies, such as those involving project development, team interaction, and confidentiality.

Decisions:  Must accurately represent the program in interactions with customers, sponsors, and the public.  Participate in conferences and workshops where security-related issues are discussed as required.

Supervisory Responsibilities:  This position does not supervise others.

JOB FUNCTIONS OR RESPONSIBILITIES:

10% Perform Tier 1 support for Lab services and systems needed for Malicious Code.

10% Test, and evaluate new hardware and software for the lab in consultation with SEI IT and lab users.

15% Work within CERT/CC and SEI IT to develop and/or implement tools and processes for managing and maintaining software and hardware in the lab, including the set-up for experiments.

45% Conduct routine software and hardware maintenance of lab equipment. Install and configure new equipment.

10% Develop procedures and practices for the use and maintenance of the lab.
 
10% Participate in broader security community through collaboration, papers, and presentations.
100% TOTAL EFFORT

ORGANIZATIONAL CHART:  CERT Program, Director < CERT Coordination Center, Technical Director < CERT/CC Engineering, Manager < CERT/CC Engineering Operations, Systems Engineering Lead < CERT/CC Eng Ops, Systems Engineer

Position Summary:  The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Network Situational Awareness (NetSA) group supports government customers by developing cutting-edge, network analysis tools and techniques for operational use in some of the world’s largest networks. NetSA analysts conduct applied research against massive network monitoring grids to solve current real-world problems.  The successful candidate will develop new analysis techniques to solve the hardest network security problems facing our sponsors today. Techniques will leverage real-world, unanonymized traditional network data sets such as flow, intrusion detection, DNS and packet capture. The candidate will support the operational transition of new analytics throughout the lifecycle of development, prototyping, engineering, implementing and transitioning to finally making a concrete improvement in the overall state of network security. Tasks may include software implementation, support for customers in preparing analytic reports and conducting training, prototyping new analysis approaches, and preparing research for publication. The successful candidate will have a combination of academic training and real world network or network security experience.

Minimum Qualifications and Requirements:

Education/Training:  Bachelor’s Degree in Computer Science or scientific/technical field with eight (8) years’ experience. Master’s Degree in Computer Science or scientific/technical field with five (5) years’ experience.

Experience:  Professional experience listed above should be in a combination of network security research and network operations. Applicants should have a record of contribution to the security community such as involvement in open source security tool projects.

Skills/Abilities:  Selected Candidate skills and abilities:  capable of conducting analytical studies and investigations of network security data; capable of performing original research in network security analysis; experience with scripting and/or programming in a high level language, including participation in sound software engineering; in depth understanding of and practical experience with various Internet protocols such as TCP/IP, DNS, HTTP, SMTP, BGP and TLS; in depth knowledge of at least one modern operating system (e.g., Linux, Solaris, Windows 2000/2003/XP/7); understanding of network security issues at all protocol layers; understanding of operating system security issues; thorough understanding of network security tools including IDS, firewalls, security information management systems, network management systems and vulnerability scanners; ability to function in the role of a consultant; planning and organizational skills; strong problem solving skills; oral and written communication skills; ability to work both independently and with teams.

Mobility:  Primarily sedentary in an office setting with some mobility. Flexibility to travel to various locations within the SEI and CMU community, including sponsor sites, conferences, and meetings.

Environmental Conditions: Normal office conditions; loose contact with computer display for extended periods of time.

Mental: Ability to work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort, ability to develop and communicate innovative ideas; ability to quickly learn new procedures, techniques and approaches.

Other: Candidate must have the ability to pass a background check investigation, obtain a DOD TS/SCI security clearance, and be a US citizen.

Preferred Qualifications and Requirements:

Education/Training: Ph.D. in Computer Science or scientific/technical field with two (2) years’ experience.

Experience:  Significant contribution to the security community such as academic publication and research projects:   in a team environment leading collaborative projects with diverse skills and roles; in the public forum of the broader information security community; directly with customers from government and/or industry (multiple critical infrastructure); in exploratory data analysis; in data visualization; in human-computer interface (HCI) design; technical writing.

Skills/Abilities: In addition to the skills listed above:  Capable of leading analytical studies involving multiple team members across different program areas; ability to set strategic direction and agenda for a diverse group of developers and researchers; excellent communications skills; experience with statistics and mathematical programming systems (e.g., Matlab, Mathematica or R).

Accountability:  The individual is accountable for active participation in the overall NetSA R&D effort, producing original publications in network security analysis, mentoring junior analysts and researchers, and participating in public speaking engagements, including at remote locations.

Direction:  The individual is expected to act independently using CMU, SEI, NSS, and NetSA defined policies, practices, and procedures – within the scope of assigned work.

Decisions:  The individual is expected to participate in the decision-making and problem-solving processes of strategic research direction and strategy of transition of research to engineered technology.

Supervisory Responsibilities:  This position does not formally supervise others. However, the individual will act in a technical leadership (non-supervisory) role in regard to specific work products and activities, or in regard to student interns, etc.

JOB FUNCTIONS OR RESPONSIBILITIES:

70% Perform and publish original work in network security analysis, including work leading to academic publications.

10% Contribute to overall strategic direction for a diverse security R&D team.

10% Mentor and guide junior network security analysts.
 
10% Participate in and/or lead presentations to customers, analyst jam sessions, training sessions and public speaking engagements.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  Manager, Networked Systems Survivability Program < Network Situational Awareness Technical Manager < NetSA Analyst

Position Summary:  This position is responsible for supporting users and maintaining software and equipment in the CERT/CC Computing Laboratory. This includes understanding the needs of the teams using the lab, designing and developing lab services to meet those needs, planning equipment acquisitions, overseeing configuration and maintenance of equipment, overseeing set-up and breakdown of equipment for experiments, assisting in experiments as needed.

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science, Information Science, Computer Engineering or equivalent with eight (8) years of applicable experience, MS in Computer Science, Information Science, Computer Engineering or equivalent with five (5) years of applicable experience, or Ph.D. in Computer Science, Information Science, or equivalent with two (2) years of applicable experience.

Experience:  System administrator level of knowledge for both UNIX or Windows operating systems, as well as experience with the selection, configuration and deployment of associated hardware and software . Experience and knowledge in using system administration tools to manage dozens of machines and configurations.  Network administrator knowledge of network technologies including: TCP/IP, UDP, Ethernet, 802.11, routing protocols, DNS, VPN. Experience in network architecture and implementation.

Skills/Abilities:  Ability to manage heavy workload and effectively manage priorities. Strong problem solving skills. Excellent oral and written communications skills.  Ability to work both independently and with teams.  Ability to effectively manage multiple projects.  Ability to elicit technical requirements from management and staff.

Mobility:  Primarily sedentary, long periods of sitting, may have to travel to other campus locations, as well as, travel to customer sites, some bending, stretching and lifting up to 50 lbs above head. Moving and setting up computer equipment.

Environmental Conditions:  Normal office conditions; however close contact with CRT for prolonged periods of time. Also occasional work in machine room (loud and extreme office temperatures 55F-90F).

Mental:  Ability to work under pressure and meet deadlines; ability to prioritize tasks; strong learning capability; ability to assist users of varying competency; ability to interact effectively with vendors, managers, and technical staff. Good technical problem-solving skills; strong information organization skills; good oral and written communication skills. Maintain confidentiality of sensitive information.

Other: Candidates must be able to pass a background investigation, obtain a DoD TS/SCI security clearance, and be a US citizen.

Preferred Qualifications and Requirements:

Experience:  Experience using and managing virtual computing environments such as VMWare or VirtualBox. Experience with computer forensics analysis, intrusion detection, honeypots/honeynets. Project planning, computing equipment and software purchasing experience.

Skills/Abilities:  Ability to define and build tools in various scripting and programming languages. Knowledge of and experience with operating systems other than UNIX or Windows.  Fluent in a language other than English.

Accountability:  Responsible for managing requests from lab users, including high priority requests originating from a sponsor.

Direction:  The person in this position will work closely with the SEI Infrastructure Team on developing processes for managing hardware and software. The person will also work closely with lab users in determining needs and planning experiments.

Decisions:  Example: A user needs to test vulnerability in a specific piece of software. A test environment needs to be developed to allow for testing at the required version/patch level. The equipment needs to be prepared and configured appropriately to provide a suitable test environment.

Supervisory Responsibilities:  This position mentors and provides technical direction to other lab employees.

JOB FUNCTIONS OR RESPONSIBILITIES:

15% Collects user requirements for lab equipment software and services needed for the CERT/CC

15% Test, evaluate, and select new hardware and software for the lab in consultation with the SEI IT and lab users.

15% Work with the CERT/CC and SEI IT staff to develop and/or implement tools and processes for managing and maintaining software and hardware in the lab, including the set-up for experiments.

40% Infrastructure operations and maintenance including: backups, patching, Failure Recovery, log review, security auditing, and other user support.

10% Develop procedures and practices for the use and maintenance of the lab.
 
5%  Participate in the broader security community through collaboration, papers, and presentations.
 

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  CERT Program, Director < CERT Coordination Center, Technical Director < CERT/CC Engineering, Manager < CERT/CC Engineering Operations, Systems Engineering Lead < CERT/CC Eng Ops, Systems Engineer

Position Summary:  The User Experience Expert will have broad responsibility for taking ideas from concept to production code, working closely with project leaders and sponsors (customers) as well as middle-tier software developers. This role facilitate design and interface discussions, develop themes and concepts, evaluate proposals for usability concerns, construct mock-up and wireframes, and implement user-interface level requirements to working production code.

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science, Information Science, Human-Computer Interface Design or equivalent with three (3) years of applicable experience, MS in Computer Science, Information Science, Computer Engineering or equivalent with one (1) year of applicable experience.

Experience:  Demonstrated experience in designing usable human computer interface.   Academic or industry experience in interface design.  Demonstrated experience in wireframing / UI mockup and iteration.  Understanding and experience of UI differences between web-based UI and fat client design.  Proven ability to design user experience across fat client to web-based systems.

Skills/Abilities: Must have the following skills/abilities:  Ability to manage heavy workload and effectively manage priorities; strong problem solving skills; excellent oral and written communications skills; ability to work both independently and with teams; ability to effectively manage multiple projects; ability to elicit technical requirements from management and staff and sponsors.

Mobility:  Primarily sedentary, long periods of sitting, may have to travel to other campus locations, as well as, travel to customer sites, some bending, stretching and lifting up to 50 lbs above head. Moving and setting up computer equipment.

Environmental Conditions:  Normal office conditions; however close contact with CRT for prolonged periods of time. Also occasional work in machine room (loud and extreme office temperatures 55F-90F).

Mental:  Ability to work under pressure and meet deadlines; ability to prioritize tasks; strong learning capability; ability to assist users of varying competency; ability to interact effectively with vendors, managers, and technical staff. Good technical problem-solving skills; strong information organization skills; good oral and written communication skills. Maintain confidentiality of sensitive information.

Other:  Candidate must pass a background investigation and obtain a United States DoD Top Secret Clearance and must be a U.S. citizen.

Preferred Qualifications and Requirements:

Experience:  Ability to program and construct user interfaces in C, C++, Java, or Python. Ability to create user interfaces for the web using common web toolkits. Experience creating user experiences using AJAX, jQuery, and similar technologies.  Ability to create scripts and demonstration mockups quickly.

Skills/Abilities:  Fluent in a language other than English.

Accountability:  Responsible for managing requests from lab users, including high priority requests originating from a sponsor.

Direction:  The person in this position will work within the CERT/CC Development organization across multiple development teams in multiple development efforts to improve user experience across all projects.

Supervisory Responsibilities:  This position provides expert guidance and design across a wide spectrum of software development implementation for user experience design.

JOB FUNCTIONS OR RESPONSIBILITIES:

65%  Work iteratively with internal development staff or sponsor staff to effectively develop and refine user experiences for new and existing systems.

10%  Travel to and interact with various sponsors understanding workflow and user experience needs.

10% Support production applications with functional and integration testing and test planning.

10% Support development of software engineering process with code review, design review, code development.
 
5% Participate in the broader security community through collaboration, papers, and presentations.
100% TOTAL EFFORT

ORGANIZATIONAL CHART:  CERT Program, Director < CERT Coordination Center, Technical Director  < CERT/CC Engineering, Manager < CERT/CC Eng Ops, User Experience Developer

Position Summary: This position provides the management and leadership to build organic academic quality research capabilities in the science of cyber security in the CERT Program. This position will manage staff who focus on developing and applying the science of cyber security for government sponsors with research missions in the area of cyber security (E.g, DARPA, IARPA, NSA, NSF, ASD(R&E), AFRL, AFOSR, etc.).  This position will support the Chief Scientist and the CERT Director’s office to develop business, manage strategy, resources and priorities, and interact with the SEI’s sponsor and CERT’s strategic customers.  This position will provide backup and support for the Chief Scientist’s roles for engaging stakeholders, the research community and customers on research and research policy issues.

Minimum Qualifications and Requirements:

Education/Training: MS degree in a technical field such as computer science, information technology, electrical engineering, or equivalent combination of training or experience with eight (8) years applicable experience.

Experience: Fifteen plus years of progressively responsible experience in a technology- or research- based organization in higher education, industry or the government. At least 10 years’ experience with cyber security software development projects including hands-on development, development team leadership & project management. Demonstrated management experience with responsibility for projects, people, budgets & contracts.

Skills/Abilities: Mastery and broad understanding of computer systems, computer security practices and information security evaluation methods as well as broad understanding of organizational goals, management, etc.; ability to manage diverse areas and large, complex projects; ability to influence, work with and manage technical staff; able to respond quickly and effectively to changing priorities; excellent analytical, organizational, supervisory, reasoning and problem solving skills; ability to interact effectively with diverse constituencies internally and externally; ability to interface directly with executives and other senior representatives of the Federal Government and the private sector; excellent verbal and written communication skills; computer literacy; knowledge of CMU and SEI policies and procedures.

Mobility:  Normally sedentary with some mobility; ie., Ability to travel to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings with some frequency; Ability to travel frequently and to adjust to a work schedule that requires weekend and evening hours.

Environmental Conditions:  Work is performed in an office setting.  Close contact with computer for long periods of time.

Mental: Ability to meet inflexible deadlines, remain calm during difficult situations, work under pressure and work with frequent interruptions.

Other:  Candidate must pass a background investigation, be eligible to obtain a United States DoD Top Secret Clearance, and be a U.S. citizen.

Preferred Qualifications and Requirements:

Education/Training:  PhD in a technical field such as computer science, information technology, electrical engineering, or equivalent combination of training or experience with five (5) years of applicable experience.

Experience:  Management experience in higher education, government, military, and/or Fortune 100 technology-based organizations is preferred.  Post-PhD experience in personally performing and publishing academic quality research.

Skills/Abilities: Ability to create and sustain academic, industrial and international research collaborations.

       
Accountability: Manage the direct reports in the SOCS area of work and the funding/budgeting required to support the direct reports.Supports the CERT Chief Scientist in defining a strategic vision for the CERT’s research plan and articulates this vision to CERT, the SEI, and their constituents.    

Direction: Performs under minimal supervision; all normal duties and responsibilities are handled independently.  Functions within broad precedents and policies as defined by the SEI, Carnegie Mellon and the NSS director. Works with the Chief Scientist and SEI/CMU staff to address impediments.

Decisions: Makes all non-strategic decisions for SOCS work, staff, and resources.  Works with the Chief Scientist for strategic planning and business development in SOCS.

Supervisory Responsibilities: Determines overall staffing needs for areas of responsibility and manages the supervision of both MTS, professional and support staff, including hiring and training new staff employees; conducts performance appraisals; approves recommendations for salary increases and promotions.  Coaches, develop and motivates peers and subordinates.

JOB FUNCTIONS OR RESPONSIBILITIES:

50% Develop and manage the staff, resources, customers, subcontractors and collaborators to build a stable and sustainable cyber security research group of 10-20 staff or more.

25% Develop and grow new research funding sources with customers who have a mission in cyber security research.

15% Support NSS Director’s office and the Chief Scientist in their roles to develop, manage and communicate CERT’s research activities to the SEI’s sponsor, customers, stakeholders and staff.

10% Pursue research and technical work and collaborations, internal and external, in cyber security or an area highly relevant to cyber security, such as software engineering, human factors, data analytics, etc.

100% TOTAL EFFORT

ORGANIZATIONAL CHART: NSS Director < NSS Chief Scientist < Research Manager of Science of Cyber Security

Position Summary:  As a member of CERT’s Workforce Development Program, the candidate will work with other team members in developing cyber-security and cyber-forensics training exercises and simulations—largely for US Government customers. This involves interacting directly with customers, gathering training requirements and objectives, producing and executing creative and engaging exercise scenarios, and building supporting physical and virtualized systems and network topologies. As such, the candidate will work regularly with a wide range of software and hardware technologies within CERT Labs. The candidate will also assist in developing and teaching cyber security and cyber forensics training content to external customers. He/she will be expected to work well in a collaborative team environment, while also being self-directed and motivated in accomplishing tasks and solving problems. Additionally, the position requires the candidate to have effective leadership/management abilities as he/she will oversee and direct the activities of graduate student assistants.

The successful candidate must be self-directed, have an interdisciplinary approach to problem solving, and work well communicating technical information to technical and non-technical users. The candidate must also be able to interact with clients and staff of all levels in a highly professional and competent manner.

Minimum Qualifications and Requirements:

Education/Training:  BS in Computer Science, Information Science, or related discipline with eight (8) years applicable working experience in information technology.

Licenses:  CISSP, Network+, Security+ and/or other industry standard certifications are highly desirable.

Experience:  Successful candidates must possess “hands-on” experience with Computer/Network Security and I.T. system and network administration. Additionally, he/she must have practical experience with Windows server and desktop platforms and Linux/Unix operating systems. The individual must possess knowledge/experience in network design and troubleshooting and have deep knowledge of standard networking protocols. Additionally, demonstrated practical experience working with common commercial and open-source cyber security tools is required. The candidate should have experience teaching technical content to students, peers, and non-technical individuals and must enjoy doing so.

Skills/Abilities: Candidate must be able to prioritize workload and complete deliverables on time, have good technical problem-solving skills, strong analytical and information organization skills, excellent oral and written communication skills, and strong technical teaching skills. Candidate must be able to multitask and work effectively with multiple project teams and sponsors/customers. Experience with virtualization technologies, particularly VMWare ESX server is highly desired. Programming experience in C, C++, C#, and Java is also desirable but not required.

Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites.

Environmental Conditions: Close contact with computer for long periods of time.

Mental: Ability to pay close attention to detail, meet deadlines, work under pressure, and communicate effectively.

Other:  Candidate must be able to pass a background investigation, obtain a security clearance, and be a U.S. citizen.

Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science, Information Science with at least five (5) years of applicable working experience in information technology with emphasis in cyber security.

Experience: Strong teaching or direct delivery training experience; proficiency with a variety of operating systems and detailed technical experience with large networks and telecommunications.

Skills/Abilities: Strong presentation/platform skills and excellent writing skills.

Accountability: The incumbent is accountable for the definition, creation, and maintenance of final deliverables and products.

Direction: The incumbent is expected to act independently using CMU and SEI defined policies, practices, and procedures.

Decisions: Required to design, develop, pilot and deliver products. Required to accurately represent NSS and its technical work in interactions with customers, sponsors, and the public.

Supervisory Responsibilities:  Supervises student interns.

JOB FUNCTIONS OR RESPONSIBILITIES:

35%  Design and develop technical documents and instructional materials.

35%  Install/configure hardware and software including promising new technologies that require examination for information security and assurance research and development.

15%  Deliver technical and management training to customers.

10%  Mentor, guide and interact with team and other staff.

5%    Contribute to transition planning and strategy.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  Manager, Networked Systems Survivability Program > Technical Director, Cyber Enterprise and Workforce Management > Technical Manager, Cyber Workforce Development > Cyber Security Trainer and Exercise Developer

Position Summary: The Vulnerability Analysis Team within the CERT Program’s CERT Coordination Center (CERT/CC) is a group of internet security experts that serve as a trusted and neutral coordination body, dedicated to remediating software vulnerabilities and providing practical guidance for customers, system administrators, security researchers, and the global internet security community to reduce the amount of time software systems are vulnerable. The primary roles of the Vulnerability Analyst Team include: Information Architecture Security Analysis; Identification of design vulnerabilities in proposed system architectures; Recommendation of solutions or strategies to mitigate vulnerabilities; Creation of security test plans for enterprise information systems; Software vulnerability analysis including black box testing, source code examination, and attack reproduction.  The individual in this position will lead the architecture vulnerability analysis projects for the CERT/CC. The successful candidate will also aid the Technical Manager in setting the strategic direction of the team, and driving the associated portfolio of projects.  The individual will be expected to serve as the lead for several projects within the Vulnerability Analysis team to include overseeing the design, execution and documentation of operational work and projects, as well as serve as liaison with customers, potential customers, vendors and the Internet community as a whole.  Additionally, the candidate will work with the Technical Manager and peer team leads to ensure resources are properly aligned with the needs of sponsors.  The successful candidate will have a combination of academic training, publications and hands-on network or internet security leadership experience.  The intent is for this position to be primarily located in Pittsburgh, PA with travel to Washington, D.C. on a regular basis.

Minimum Qualifications and Requirements:

Education/Training: A degree in Computer Science, Information Science, or Information Management and applicable experience as a system or network administrator, software developer, database administrator or similarly technical occupation is required. This position requires a B.S. and eight (8) years of experience, or an M.S. and five (5) years of experience.  We will consider other educational backgrounds in a technical discipline with experience as described.

Experience: Professional experience should include 5 or more years of experience in security assessments of large-scale enterprise information systems.  Experience listed above should have some relation to security operations or research.  Candidates should have at least three years of experience in a Windows and Unix/Linux environment and be able to demonstrate substantial knowledge of at least four of the following: Network design and architecture principles; various internet protocols (e.g., TCP/IP, DNS, BGP, SMTP, HTTP); computer system and Internet security issues; various security technologies (e.g., encryption, firewalls, and anti-virus products); software runtime analysis, debugging, and security testing techniques; security auditing practices; underlying software defects that routinely result in security vulnerabilities (e.g., input validation errors); understanding of intruder techniques and software exploitation methods; system, database, and/or network administration; operational details of multiple operating systems; cryptographic principles and common cryptographic protocols; one or more programming languages (e.g., C/C++, Perl, or Java); vulnerability management concepts and tools.

Skills/Abilities:  Successful candidates will: have planning and organizational skills; strong problem solving skills; excellent oral and written communication skills; have strong leadership and mentoring skills; have proven ability to research, compare, test and evaluate alternative technical solutions, and communicate results; have the ability to set strategic direction for a technical group; be capable of leading and conducting analytical studies and investigations of network security data; have understanding of network analysis techniques, toolsets, and challenge areas; be knowledge of current challenges and threats faced by USG network security and intelligence organizations; have technical project management; have strong problem solving skills; have ability to brief strategic and technical topics to senior management and non-technical audiences; have ability to function in the role of a consultant and project manager; have an interest in and have extensive knowledge of network and computer security issues; have the ability to analyze software to discover vulnerabilities; be able to separate fact from opinion and speculation; have excellent work prioritization, planning, and organizational skills; interact effectively with vulnerability reporters, system and network administrators, vendors, experts, Internet users, sponsors, policy makers, news reporters, managers and staff (i.e., stakeholders in the vulnerability disclosure process); be able to work with closely coordinated team during emergencies; recognize and deal appropriately with confidential and sensitive information; be able to work meticulously with careful attention to detail; be able to collaborate effectively and work closely within a coordinated team environment; be able to quickly learn new procedures, techniques, and approaches; maintain composure while dealing with difficult people; communicate and work effectively under normal and stressful situations; meet inflexible deadlines; be motivated to tackle challenging problems.

Mobility: Primarily sedentary in an office setting with some mobility.  Requires travel to various domestic locations within the SEI and CMU community to include the SEI Pittsburgh office; sponsor sites; conferences; and offsite meetings with routine frequency (2-3 trips a month).

Mental: The ability to work well under pressure of deadlines.

Other:  Candidates must be able to pass a background investigation, obtain a DoD TS/SCI security clearance, and be a US citizen.

Preferred Qualifications and Requirements:

Experience: Participation in broad public forums through activities such as standards, open source development, or publication. Experience publishing research and academic papers. Experience working with the government, or within a critical infrastructure sector.  Ideal candidates will also have substantial experience in two or more of the following areas: industrial/process control systems; web application development; computer and network architecture; reverse engineering; software development; computer and network architecture; network security and survivability issues, to include knowledge of and experience with information security concepts, information security best practices and bodies of knowledge, computer security incident response management.

Accountability: This position is accountable for ensuring that the CERT/CC delivers on the execution of the statement of work for a specific customer.  The individual is accountable for aligning CERT/CC projects and operational work with customer needs and re-prioritizing efforts as appropriate.

Direction: The individual in this position is expected to act autonomously using CMU, SEI, and NSS, defined policies, practices, and procedures.  Additionally, this position will assist in setting CERT/CC direction based on an understanding of customer needs.

Decisions: The individual in this position is expected to participate in the decision-making and problem solving process of designing, building and operating systems for network security; suggesting and implementing policies and procedures to support these activities; and creating prototyping implementations of tools and approaches for situational awareness.  Further, this position will contribute to key design making for the prioritization of efforts for a specific customer.

Supervisory Responsibilities: This position leads a team of analysts and is responsible for work assignments, hiring, performance reviews, and handling regular supervisory functions.

JOB FUNCTIONS OR RESPONSIBILITIES

70% Analyze system architectures and identify possible vulnerabilities within designs. Create detailed reports of findings and mitigation recommendations.

10% Research, specify, and develop new tools, processes and techniques to improve vulnerability analysis methodology and to support interaction with stakeholders.

10% Strategic and tactical planning; working with staff to set goals, evaluate performance, mentor staff.

10% Participate in and/or lead presentations to customers, analyst technical exchanges, training sessions and public speaking engagements.

100% TOTAL EFFORT

ORGANIZATIONAL CHART: Networked Systems Survivability Program, Program Director < CTVA, Technical Director < CERT/CC, Technical Manager < Vulnerability Analyst

Position Summary: The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Program engages in cutting-edge research and development, with an emphasis on and developing and transitioning disciplined approaches for improving networked systems security throughout DoD, federal civilian agencies, and private sector organizations.  The individual in this position will work as a team member, and be able to lead when appropriate, projects within the Cyber Security Engineering (CSE) team within the Secure Software and Systems Directorate. The CSE team addresses research needed to prepare acquirers, managers, developers, and operators of large-scale, complex networked systems to address security and survivability throughout the entire software development and acquisition life cycles. The CSE team members conduct foundational research and produce research documents that support the development of assessments, diagnostics, analysis techniques, and educational curriculum for engineering secure networked systems. CSE team members are domain experts in practices for acquiring, developing, deploying, and sustaining secure networked systems, and team capabilities include security risk analysis and modeling; security requirements engineering; development of security metrics and assessment methodologies; addressing security issues from a holistic perspective; and creation and delivery of training, courses, and workshops. The selected individual will support projects in the examination, analysis, documentation, training, and assessment of complex, networked systems. The individual will develop research papers, conference papers, technical notes, technical reports, and course materials as required to ensure that the body of work developed by the CSE team is documented and published in accordance with the mission of SEI. The individual may work as a member of collaborative project teams across SEI. This position may require close work with and leadership of teams that include customers from a variety of organizations, including government agencies, private sector organizations, and academia.

Minimum Qualifications and Requirements:

Education/Training: Ph.D degree in computer science, software engineering, information systems, or a related technical field and a minimum of five (5) years of experience in industry and academia preferred.
Will consider MS in computer science, software engineering, information systems, or a related technical field with eight (8) years’ experience or a BS in computer science, software engineering, information systems, or a related technical field with ten (10) years’ experience in industry and academia.

Experience: Experience as a software engineer, security analyst, security risk analyst, or similarly technical occupation; understanding of information technology systems; experience developing and documenting assessment methodologies; working knowledge of networked systems security and security/survivability issues; ability to conduct analytical studies and investigations; knowledge of and experience with engineering and best practices for software security; experience with security issues across the acquisition and development life cycles.

Skills/Abilities: Effective written and oral communication skills; demonstrated ability to prepare papers and presentations for technical and non-technical audiences; reasoning and problem-solving skills; ability to work independently with limited supervision; ability to recognize and deal appropriately with confidential and sensitive information; participate in conferences and meetings; contribute to customer presentations and technology transfer activities; strong interest in security analysis research and development; ability to create instructional materials and conduct training; ability and interest in addressing security issues in a holistic manner, addressing both organizational and technical policies and practices; as well as behavioral and organizational issues; ability to meet deadlines while working on multiple tasks - sometimes under pressure and with shifting priorities; ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff.

Mobility: Normally sedentary with some mobility; i.e., ability to travel to other locations on and off campus. May require transporting equipment such as a laptop and some bending, stretching, pushing, as well as lifting up to several reams of paper, etc.

Environmental Conditions: Work is performed in an office setting. Close contact with CRT for long periods of time.

Mental: Ability to meet inflexible deadlines, remains calm during difficult situations, work under pressure, juggle competing priorities, and work with frequent interruptions.

Other: Candidate must have the ability to pass a background investigation, obtain a Top Secret security clearance, and be a US citizen.

Preferred Qualifications and Requirements:

Experience: Experience working in or with DoD, federal civilian agencies, and private sector organizations; experience with security and survivability across the acquisition and development life cycles; experience in auditing or conducting assessments; experience working in a team environment on collaborative projects involving software security; experience employing software engineering techniques in acquiring, developing, deploying, and sustaining distributed, secure software; working knowledge of network security/survivability; knowledge of and experience with sound software engineering practices and best practices for software security; working knowledge of modeling techniques, applications, and tools; experience in developing and publishing technical research journals, papers, notes, and reports, particularly in a peer-reviewed environment; project management experience.

Skills/Abilities: Leadership and mentoring skills.

Accountability: This position is accountable to the CSE Technical Manager for research quality, work content, quality, and schedule. May have responsibility for coordination of one or more charge strings to ensure completion of deliverables within a budgeted effort allocation. The assigned effort for each charge string can be up to $500K.

Direction: This position will get directions and work tasks from team manager. Expected to act independently but keep supervision informed of actions and options. Functions within broad precedents and policies as defined by the SEI, Carnegie Mellon, the NSS director, and administered by the SSS technical director and the CSE Technical Manager.

Decisions: Project planning, development of research and analysis strategies, and risk management customer funded engagements.  Design and implementation of research projects and technology that demonstrate innovative approaches to information security

Supervisory Responsibilities: May lead project teams and allocate work assignments.

JOB FUNCTIONS OR RESPONSIBILITIES:

30% Research and development of analysis tools and techniques to support the developer and acquirer throughout the systems engineering life cycle.

30% Examination, analysis, documentation, training, and assessment of complex, networked systems.

25% Directly support customer work in developing and implementing best practices and applying newly researched analysis tools and techniques relevant to that customer organization.

15% Develop research papers, conference papers, journal articles, technical notes, and technical reports as required to ensure that the body of work developed by the CSE team is documented and published.

100% TOTAL EFFORT

ORGANIZATIONAL CHART: NSS Director < NSS Deputy Director < NSS Chief Scientist < Technical Director, Secure Software and Systems < Software Security Engineer
 

Position Summary:  We are staffing a small team that is responsible for developing secure coding practices, techniques, and tools. We work with software developers and software development organizations to eliminate vulnerabilities resulting from coding errors before they are deployed. The individual in this position will be responsible for performing static and dynamic analysis on software systems developed in C, C++, Java, and other popular programming languages. The individual will work directly with customers to: develop and provide training in secure coding practices, evaluate, extend, and use tools to automate source code analysis, and enhance and extend organizational capabilities to produce secure software systems.


Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science or Software Engineering with three (3) years of applicable experience;  MS in Computer Science or Software Engineering with one (1) year of applicable experience.

Experience: Candidates should have at least 3 years of experience in developing C, C++, or Java software analysis techniques in one or more of the following areas:  Static analysis; dynamic analysis; fuzz testing; data flow analysis; compiler development, including understanding the impact of optimization techniques on security issues; computer architecture, including understanding the impact of security techniques on application and system performance for various architectures.

Skills/Abilities: Successful candidates will:  ability to develop and implement advanced analysis techniques; be expert in C++, C, or Java and have extensive knowledge of the second language; interact effectively with customers and teammates; have strong written and verbal communications skills; take a leadership role in technical projects.

Mobility:  Primarily sedentary in an office setting with some mobility.  Ability to travel to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings with some frequency.

Environmental Conditions: Normal office conditions; however, close contact with computer for prolonged periods of time.

Mental:    The ability to work well under pressure of deadlines and with confidential information.

Other:  Candidate must pass a background investigation, be eligible to obtain a United States DoD Secret Clearance, and be a U.S. citizen.


Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science or Software Engineering with one (1) year of applicable experience.

Experience: Ideal candidates will have experience in the following areas:  Model checking; abstract interpretation; use of assertions in program code; using mathematical techniques such as denotational semantics, axiomatic semantics, operational semantics, and abstract interpretation; developing and analyzing code for mobile devices.

Skills/Abilities: Preferred candidates will:  possess excellent technical problem-solving skills; learn quickly and have a history of producing creative and innovative solutions; be motivated to tackle challenging problems.


Direction:  Performs under minimal supervision, independent judgment is encouraged.  Most normal duties and responsibilities are handled independently with the use of established procedures and policies.  Difficult or unique situations are referred to the supervisor.

Supervisory Responsibilities:  This position has no supervisory responsibilities, although mentoring of junior staff is expected.


JOB FUNCTIONS OR RESPONSIBILITIES:

30%    Analysis and testing of C, C++, and Java programs developed for Windows, Linux, and Android platforms.

25%    Develop, evaluate, extend, customize, and deploy new analysis into existing enterprise processes.

25%    Directly support customer work in secure coding, verification and validation techniques, and technical training.

20%    Contribute to conferences and meetings; participate in strategy discussions; contribute to customer presentations; stay up to date in analysis methods and tools.

100% TOTAL EFFORT


ORGANIZATIONAL CHART: NSS Director < NSS Deputy Director < NSS Chief Scientist < Technical Director, Secure Software and Systems < Software Security Engineer
 

Position Summary:  The successful candidate will be a member of the Research, Technology, and System Solutions (RTSS) Program and will be assigned to the Socio-Adaptive Systems (SocA) Research Project in Pittsburgh. This project conducts research in large-scale systems, specifically in techniques for ensuring that distributed system resources, such as processors and wireless networks, are used efficiently in dynamic settings. Continuous change in the network coupled with changing needs of the mission supported by the system represent one source of challenges. However, the project’s focus on the human element of systems makes it somewhat unique.  Socio-adaptive systems rely on the expressed needs of humans as important input for adapting resource usage to changing mission circumstances. Therefore factors such as human self-interest must be accounted for in system design.  We conduct applied research in how to combine adaptive quality of service techniques with market mechanisms to design large-scale systems.

The SocA project is not only interested in theoretical investigation but also in building prototypes to evaluate the practicality of results and in working with customers to ensure the practical applicability of research results. Our ultimate goal is to transition new techniques and methods for socio-adaptive systems into widespread use.  As a result, we create model problems inspired by the practitioner community and we develop ready-to-use materials including books, reports, courses, software libraries, etc. As a DoD Federally-Funded Research and Development Center we are particularly interested in serving the needs of DoD.
 

Minimum Qualifications and Requirements:

Education/Training: Ph.D. degree in software engineering, computer science, electrical and computer engineering or related discipline with a dissertation in a related topic with five (5) years’ experience.

Experience: Five (5) years of experience in software and systems development (counting research projects).  

Skills/Abilities: Ability to function as a member of a team, conducts publishable research, implement research prototypes, and work with customers. Knowledge of the theory and experience in any (or all) the areas of real-time scheduling, adaptive quality of service, computational mechanism design, wireless network protocols, and DoD tactical systems. Good written, verbal, and presentation skills. Established publication record.

Mobility: The ability and willingness to travel is required.

Environmental Conditions: Usual office setting with extended use of desktop or laptop computers.

Mental: Ability to work under pressure, meet deadlines, and function productively as a team member.

Other:  US citizenship required.  Successful candidates must be able to pass a background investigation for a DoD security clearance.

Preferred Qualifications and Requirements:

Experience: Experience conducting research related to developing DoD-related systems.


Accountability:  This position is accountable to the Technical Manager of the Cyber-Physical and Ultra-Large Scale Systems (CPS/ULS) Initiative for work content, quality, and schedule.

Direction: This position operates within broad guidelines from the Technical Manager and is expected to exercise reasonable discretion on technical solutions.

Decisions: Technical decisions to support research or customer needs. Development of research plans for socio-adaptive systems. Design and development of experiments to validate research hypotheses.

Supervisory Responsibilities:  May lead teams to accomplish specific technical tasks or supervise students on a research project.


JOB FUNCTIONS OR RESPONSIBILITIES:

60%    Defining and executing research projects; and developing prototypes.

20%    Writing and/or presenting research reports and publications.

20%    Working with the professional community and customers.

100% TOTAL EFFORT


ORGANIZATIONAL CHART:  Director of Research, Technology, and System Solutions (RTSS) Program < Technical Manager of Cyber-Physical and Ultra-Large Scale Systems < Principal Researcher
 

Position Summary:  

This position is located in Linthicum, MD.

This position is with the CERT Coordination Center (CERT/CC) at the Software Engineering Institute (SEI) of Carnegie Mellon University. The CERT/CC provides neutral, unbiased expert analysis and opinion on technical issues involving cyber security, and has played a key role in internet security since 1988. This position is located on-site at the Department of Defense (DoD) Cyber Crime Center (DC3) in Linthicum, MD to support work with the DoD-DIB Collaborative Information Sharing Environment (DCISE) program at DC3. The DCISE program is a collaborative program developed by the DoD to strengthen the capability of the defense industrial base to protect contractor networks containing DoD information.

As a Computer Security Analysis Capability Developer, the successful candidate will work closely with DCISE partners and analysts; and DoD agencies to strengthen the capability of defense contractors to protect networks containing DoD information. The primary responsibility will be to identify the need for, prototype the implementation of, and pilot prototypes of innovative approaches for DCISE analysts to review, triage, and analyze incident and threat information. Upon proving capability in a pilot, this position will work with engineering and development teams to integrate the new capability into enterprise-level systems for long-term adoption.  This position will also collaborate with analysts from across the CERT/CC to explore new and innovative ways in which SEI's technical competencies and capabilities can be applied to current and future technical challenges faced by the DCISE program.


Minimum Qualifications and Requirements:

Education/Training:   BS in Computer Science Information Science, Information Systems Management with eight (8) years applicable experience; or MS with five (5) years of experience.

Experience:  Successful candidate will have the following experience:  Conducting computer security incident response or analysis and developing applications in Java, PERL, and Python (at least 3 years in each language).

Skills/Abilities:   Successful candidates will have knowledge of:  Software engineering to include requirements elicitation, software architectures, and testing methodologies; basic forensics, network, and malware analysis; security vulnerabilities and the impact that they can have on information systems; system management practices on Windows and Unix/Linux; mitigation strategies to defend systems from attack.

Successful candidates will have the ability to:  Contribute in a team environment with other team members with  varying skills, experience and locations; recognize and deal appropriately with confidential and sensitive information; identify the need for improvements, prototype solutions, and communicate requirements; develop and explain technical decisions to varying audiences; interact effectively with technical and non-technical audiences with  verbal and written communications; acting in a customer service role to internal and external stakeholders; work meticulously with careful attention to detail and priority of work; learn new procedures, techniques, and approaches; and as appropriate define them for others.

Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI, Carnegie Mellon, and DC3 community; customer sites; conferences; and offsite meetings with some frequency. Candidate will be required to travel on overnight assignments.

Environmental Conditions:  Normal office conditions; however close contact with computer for prolonged periods of time

Mental: Ability to work under pressure and changing priorities; pay attention to detail; meet inflexible deadlines; deal with difficult inter-personal situations while maintaining composure.

Other:   Candidate must be able to pass a background investigation, obtain a TS/SCI security clearance, be a US citizen, and work full-time at a customer site in the Baltimore/Washington, DC metro area.


Preferred Qualifications and Requirements:

Education/Training:  MS in Computer Science Information Science, Information Systems Management with five (5) years applicable experience.

Licenses: Information systems security, incident response and analysis, and other similar certifications are desired (e.g. SANS GIAC Level 2 courses, CCNP, CCIE Security).

Experience:  Ideal candidates will have experience in some of the following areas: Performing the security aspects of system and/or network administration in a U.S. government agency or U.S. Defense Contractor environment; acting in the role of a cyber (technical) analyst in an intelligence, counterintelligence or law enforcement role; drafting and formatting technical threat intelligence reports and conduct correlating research using multiple formatted and unformatted data sources; operating or managing risk in a larger enterprise infrastructure; developing materials for senior leadership in government or industry; developing and implementing information security policies and standard operating procedures; acting in the role of a project manager.

Skills/Abilities:   Ideal candidates will have knowledge of some of the following areas:  Software/application development in C and C++; advanced forensic, digital media, or software reverse engineering analysis; advanced network analysis.

Languages:   Working knowledge of Russian, Spanish, Farsi, Arabic, or Mandarin.


Accountability:  Contributes to program objectives and plans development.  Maintains confidentiality of sensitive information such as security, vulnerability, and site information.

Direction:  Performs under minimal supervision, independent judgment is encouraged.  Most normal duties and responsibilities are handled independently with the use of established procedures and policies.  Difficult or unique situations are referred to the supervisor. Ability to work directly on-site at a customer location with minimal direct supervision from direct supervisor.

Decisions:  Must accurately analyze data from multiple sources, generate defensible results, and represent them in interactions with customers, sponsors, and the public.  Participate in conferences and workshops where security-related issues are discussed as required.

Supervisory Responsibilities:  This position has no supervisory responsibilities.


JOB FUNCTIONS OR RESPONSIBILITIES:

70%     Identify, design, specify, prototype, and transition new analysis capabilities to DCISE analyst and partners in collaboration with DC3 and SEI staff.  Work with engineering, development, and information assurance groups to mature these capabilities.  Develop knowledge and understanding of SEI capabilities and apply these customer problems.

30%     Review threat data from various sources, and provide supporting technical subject matter expertise. Produce cyber threat assessments based on entity threat analysis. Coordinate cyber threat tracking with partner and counterpart organizations. Deliver reports, briefings, and assessments to leadership, facilitating understanding of cyber threat entities and environments. Support information assurance and cyber threat mitigation decision-making.

100%      TOTAL EFFORT


ORGANIZATIONAL CHART:  NSS Program Director  < CERT/CC Technical Director < CERT/CC Incident Analysis Technical Manager < Computer Security Analysis Capability Developer
 

Position Summary:  The location for the position will be at or near the SEI office in Arlington Virginia.  As a Computer Security Information Analyst, the successful candidate will work closely with cyber security analysts in the public and private sectors to effectuate cyber information and analysis capability sharing to support risk management, incident analysis, and response activities. You will often collaborate with these entities to analyze incident and threat information, develop technical mitigations, and produce reporting to disseminate this information to designated stakeholders.  This position will also work with analysts from across the CERT/CC to explore new and innovative ways in which SEI's technical competencies and capabilities can be applied to current and future technical challenges faced by the critical infrastructure.


Minimum Qualifications and Requirements:

Education/Training:   BS in Computer Science Information Science, Information Systems Management with eight (8) years applicable experience; or MS with five (5) years of experience.

Experience:  Successful candidates will have the following experience:  conducting computer security incident handling or analysis experience (at least four years), reviewing, and analyzing and correlating threat data from available sources.

Skills/Abilities:   Successful candidates will have a working knowledge of: forensics, network, and malware analysis methodologies, and related best practice tools; security vulnerabilities and the impact that they can have on information systems; system management practices on Windows and Unix/Linux; assessing and managing risk in large enterprise infrastructure; mitigation strategies to defend systems from attack; common attack techniques and tactics.

Successful candidates will have the ability to: analyze data from multiple sources, generate defensible results, and represent them in reporting products and interactions with customers, sponsors, and the public; contribute in a team environment with other team members with  varying skills, experience and locations; recognize and deal appropriately with confidential and sensitive information; develop and explain technical decisions to varying audiences; interact effectively with technical and non-technical audiences with  verbal and written communications; acting in a customer service role to internal and external stakeholders; work meticulously with careful attention to detail and priority of work; learn new procedures, techniques, and approaches; and as appropriate define them for others.

Physical:  This position is located in Arlington, VA.

Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI and Carnegie Mellon community, customer sites, conferences, and offsite meetings with some frequency.

Environmental Conditions:  Normal office conditions, close contact with computer for prolonged periods of time.

Mental: Ability to work under pressure and changing priorities; pay attention to detail; meet inflexible deadlines; deal with difficult individuals while maintaining composure.

Other:   Candidate must be able to pass a background investigation, obtain a TS/SCI security clearance, be a US citizen, and work full-time at a customer site in the Northern Virginia metro area. Candidate will be required to travel on overnight assignments.


Preferred Qualifications and Requirements:

Education/Training:  MS in Computer Science Information Science, Information Systems Management with five (5) years applicable experience.

Licenses: Information systems security, incident response and analysis, and other similar certifications are desired (e.g. SANS GIAC Level 2 courses, CCNP, CCIE Security).

Experience:  Ideal candidates will have experience in some of the following areas:  acting in the role of a technical analyst in an intelligence, counterintelligence or law enforcement role; drafting and formatting technical threat intelligence reports and conduct correlating research using multiple formatted and unformatted data sources; performing the security aspects of system and/or network administration in a U.S. government agency or U.S. Defense Contractor environment; developing and implementing information security policies and standard operating procedures.

Skills/Abilities:   Ideal candidates will have knowledge of some of the following areas:  advanced forensic, digital media, or software reverse engineering analysis; advanced network analysis.


Accountability:  Contributes to program objectives and plans development.  Maintains confidentiality of sensitive information such as security and vulnerability information.

Direction:  Performs under minimal supervision, independent judgment is encouraged.  Most normal duties and responsibilities are handled independently with the use of established procedures and policies.  Difficult or unique situations are referred to the supervisor. Ability to work directly on-site at a customer location with minimal direct supervision from direct supervisor.

Decisions:  Must accurately analyze data from multiple sources, generate defensible results, and represent them in reporting products and interactions with customers, sponsors, and the public.  Participate in conferences and workshops where security-related issues are discussed as required.

Supervisory Responsibilities: This position has no supervisory responsibilities.


JOB FUNCTIONS OR RESPONSIBILITIES:

65%     Perform duties as a technical cyber information and fusion analyst, incident analyst and technical liaison. Review, analyze and correlate threat data from various sources. Create innovative reporting products based on available information and capabilities. Mentor others in conducting effective analysis. Produce standardized reports, metrics, threat, activity, and mitigation information products. Coordinate and collaborate on cyber threat tracking with partner and counterpart organizations. Deliver reports, briefings, and assessments to leadership, facilitating understanding of cyber threat entities and environments. Support information assurance and cyber threat mitigation decision-making.

20%     Work to build collaborative relationships and foster information sharing among partner entities in the interest of improving cyber situational awareness and response capabilities.

10%    Work directly with SEI staff supporting the community with incident, vulnerability, network, or malicious code analysis work.

5%     Develop knowledge and understanding of SEI capabilities; learning how SEI capabilities can be applied to customer problems.

100%      TOTAL EFFORT


ORGANIZATIONAL CHART:  NSS Program Director < CERT/CC Technical Director < Incident Analysis Technical Manager < Computer Security Information Analyst

Position Summary:  This position can be located in Pittsburgh, PA or Arlington, VA.  The successful candidate will be a member of the Research, Technology, and System Solutions (RTSS) Program and will be assigned to the Edge-Enabled Tactical Systems Research Project in Pittsburgh. This project identifies technical approaches for the use of smart phones and technologies associated with mobile computing in constrained environments – for example, environments with intermittent operation and limited network bandwidth. The project develops and pilots research prototypes that focus on emerging uses of these technologies and their application in DoD contexts. Current research addresses technical challenges associated with user-directed adaptation of applications in the field, filtering large volumes of data, adaptation based on context, and resource optimization.  This position will focus on developing mobile applications for smart phones and other handheld devices to be used in DoD settings.


Minimum Qualifications and Requirements:

Education/Training: MS degree in software engineering, computer science, electrical and computer engineering, or information systems with five (5) years’ experience or equivalent combination of training and experience.

Experience: Five (5) years of experience in software and systems development; experience in several of the following areas: development of mobile applications, development and implementation of software architectures, development and deployment of cloud-based systems, service-oriented systems, development of research proofs of concept.   Experience with both software and hardware, including radios and mobile devices preferred.

Skills/Abilities:  Ability to function as a member of a team in the design and implementation of research prototypes. Experience with mobile computing, service orientation, tactical systems, and cloud computing. Software development skills including Android, Java, object–oriented design, Python and Linux. Familiarity with Eclipse IDE and Subversion. Ability to assist in the definition and implementation of research projects and prototypes; demonstrated ability to work effectively with team members, other collaborators and customers; good written, verbal, and presentation skills. Strong skills in C, C++, and Java with mobile portfolio (apps), including Android.  Proven ability to work with R&D program managers to establish and implement an R&D portfolio.  Ability to work with and direct small teams of developers.

Mobility: The ability and willingness to travel is required.

Environmental Conditions: Usual office setting with extended use of CRT.

Mental: Ability to work under pressure, meet deadlines, and function productively as a team member.

Other:  US citizenship required; successful candidates must be able to pass a background investigation for a DoD security clearance.  This position can be located in Pittsburgh, PA or Arlington, VA; travel can be as low as 20%, or as high as 50% depending on the location.


Preferred Qualifications and Requirements:

Education/Training: PhD. in software engineering, computer science, electrical and computer engineering, or information systems with two (2) years’ experience or equivalent combination or training and experience.

Experience: The ideal candidate will have experience with both software and hardware, including mobile technology (e.g., radios and smartphones).


Accountability:  This position is accountable to the Edge-Enabled Tactical Systems Project Lead for work content, quality, and schedule.

Direction:  This position operates within broad guidelines from the Project Lead and is expected to exercise reasonable discretion on technical solutions.

Decisions:  Technical decisions to support research or customer needs. Development of research plans for architecture, design, development and testing of edge-enabled tactical systems. Design and development of experiments to validate research hypotheses.

Supervisory Responsibilities:  May lead teams to accomplish specific technical tasks or supervise students on a research project.


JOB FUNCTIONS OR RESPONSIBILITIES:

50%    Defining and developing research prototypes.

30%    Writing and/or presenting research reports and papers.

20%    Working with collaborators and customers.

100% Total Effort


Organizational Chart:  RTSS Director < AMS Initiative Manager < Advanced Mobile Systems Engineer
 

Position Summary:  This is  temporary position, approximately twelve (12) months in duration.  The Architecture Practice (AP) group at the Software Engineering Institute, part of Carnegie Mellon University, is searching for a talented Eclipse developer. AP bridges the gap between academic and government researchrs in order to bring cutting edge ideas to government organizations. The candidate will be responsible for contributing to the development and maintenance of an open source toolset for the SAE AADL language standard. This toolset supports textual and graphical modeling of safety-critical software-reliant system architectures and their analysis in terms of performance, safety, reliability and other non-functional properties. The candidate will work with Eclipse and Eclipse-based platform technologies such as EMF, GMF, and Xtext, developing and interfacing with analysis tools, as well as manage the release and maintenance of the toolset. The candidate will be interacting with SEI team members as well as external contributors and users of the toolset.


Minimum Qualifications and Requirements:

Education/Training: Bachelor's degree in information systems or computer science and knowledge of research techniques or equivalent combination of training and experience

Experience:   One or more (1+) years of Java development; one or more (1+) years of Eclipse development; experience using the Eclipse and Eclipse-based SDKs on Windows and/or Linux; experience with Eclipse plug-in development and release management frameworks; experience with version control (GIT).

Skills/Abilities: Ability to design and develop in Eclipse and Java to the highest standards; understanding of advanced object oriented programming concepts and Meta model-based development as found in the Eclipse Modeling Framework (EMF); excellent analytical, problem solving and organizational skills; ability to comprehend system related materials, design and maintain applications, work successfully in small team environments, and communicate with external collaborators as well as users.

Mobility: Normally sedentary position with some mobility; ie., able to travel to other campus locations; may require some bending, stretching, pushing as well as lifting of several reams of paper, etc.

Environmental Conditions: Usual office setting, close contact with computer displays for long periods of time.

Mental: Ability to pay close attention to detail, meet inflexible deadlines, balance multiple tasks, remain calm during difficult situations, work under pressure, and work with frequent interruptions.

Other: Candiate must be a US Citizen and be able to successfull pass a background investigation.


Preferred Qualifications and Requirements:

Education/Training: Additional course work in computer applications.

Experience: Threeor more (3+) years of Java development; two or more (2+) years of Eclipse developmentExperience in research programming and working in an academic environment.


Accountability:  Completes project tasks from routine to moderately complex; is accountable for meeting established deadlines and project milestones with a commitment to decisions that have been made.

Direction:  Expected to perform under general supervision.  Most normal duties and responsibilities are handled independently with the use of established research protocol and departmental and university procedures and policies. Difficult or unique situations are referred to the supervisor.

Decisions:  Suggests possible solutions to colleagues and users.   

Supervisory Responsibilities:  May assist or supervise student researchers with projects.


JOB FUNCTIONS OR RESPONSIBILITIES:

70%   Designs and implements software applications and database specifications (often in a team setting) or modifies existing software packages to meet specific research needs. Documents new designs, codes and modifications.

15%  Attends meetings and submits work progress reports to supervisor as required.

15%  Performs related duties as assigned.

100%    Total Effort

 
ORGANIZATIONAL CHART:  RTSS Director > AP Initiative Lead > Research Programmer
 

Position Summary: The Senior Member of the Engineering Technical Staff of the Military Services Team will be responsible for leading teams that enable the organizations within the Department of Defense as well as other customer organizations to enhance the predictable performance and mission assurance in the acquisition, evolution and operations of software-reliant systems. Key activities include understanding customer requirements and key challenge problems and addressing them with tailored solutions; applying, adapting, integrating, verifying and transitioning the SEI body of knowledge and other bodies of knowledge to maximize impact; creating, applying and codifying new approaches to support customer needs and advance the software engineering state of the practice; and maintaining situational awareness in technical and DoD domains. The candidate will coordinate closely with technical staff in ASP and other SEI programs to deliver software engineering technical expertise to customers throughout the lifecycle. The senior engineering technical staff member will be able to lead and participate in multi-disciplinary teams in support of the ASP vision and mission.

Minimum Qualifications and Requirements:

Education/Training: Bachelor's degree in Computer Science, Information Systems, systems engineering, software engineering, acquisition management or equivalent combination of experience and training.

Experience: The candidate must have at least: BS or equivalent degree in relevant discipline with ten (10) years applicable experience; MS or equivalent degree in relevant discipline with eight (8) years applicable experience; PhD or equivalent degree in relevant discipline with five (5) years applicable experience.
The candidate must have experience in software engineering, development or management and/or systems engineering. Must be knowledgeable of the software engineering and system engineering disciplines as well as understanding the DoD, Intelligence Community or Civilian Agency acquisition processes. The candidate should have experience building, leading, managing and participating on cross-functional, high technology teams, should be able to operate effectively with all organizations within the software and acquisition communities and be able to interact diplomatically with partners, customers and sponsors.

Skills/Abilities: Detailed knowledge of software engineering; detailed knowledge of at least one core competency: requirements, architecture and design, program and acquisition management, performance improvement, assurance, or security and depth in at least one SEI body of work.

Experience in five or more of the following: DoD or Civilian Agency software systems acquisition on major programs (For the purposes of this announcement, our definition of major is at least 100K SLOC of custom developed code, and/or significant integration of COTS/GOTS products); solid technical breadth and understanding of all aspects of the end-to-end software lifecycle (e.g., requirements, design, implementation, testing, etc.); alternative life cycles (e.g. waterfall, agile); major DoD, Intelligence Community, or Civilian Agency software acquisition policies and directives; enterprise architecture (e.g., DoD Architecture Framework [DoDAF] or Federal Enterprise Architecture Framework [FEAF]); software architecture development and evaluation, software architecture patterns (e.g. SOA) and concepts (e.g. Cloud computing); information Assurance/survivability; systems engineering on software intensive systems; COTS product integration; performance measurement including definition and application of goals, measurements and metric; system of systems engineering; requirements development and management; software integration and test and software/hardware integration; deployment of software intensive systems, especially including transition from legacy systems; cost estimation.

Strong written and verbal communications skills and the ability to present to high visibility stakeholders internal and external to the organization. Proven program and project management skills including: interfacing with clients, developing proposals, and establishing relationships with new DoD and/or government clients and programmatic and project management skills (e.g., ability to develop project plans, track deliverables, manage risks, perform staff planning, provide budget oversight). Ability to lead and participate in multidisciplinary teams.

Mobility: Will be required to travel on overnight assignments.

Environmental Conditions: Usual office setting with extended use of CRT.

Other: Successful candidate must be able to pass a background investigation, be a US citizen and be eligible for a Top Secret SCI security clearance.

Preferred Qualifications and Requirements:

Education/Training: Master's degree in Computer Science, Information Systems, systems engineering, software engineering, or acquisition management.

Licenses: Certified DoD Acquisition Professional. Certified PMP.

Accountability: The member will be directly accountable for understanding DoD acquisition needs, applying new technologies, and establishing delivery capabilities to meet the needs of the sponsoring organization and the acquisition community.

Direction: As a technical staff member, he/she will be expected operate with minimum supervision using CMU and SEI defined practice, policies and procedures, in concert with the SEI mission.

Decisions: Will be required to work with government program offices to identify strengths and weaknesses within the acquisition program and their contractor base and build solutions to address the weaknesses and recognize and encourage the strengths.

Supervisory Responsibilities: Must be able to lead and supervise others.

JOB FUNCTIONS OR RESPONSIBILITIES:

85% Participate as a leader or member of technical teams in support of government acquisition program offices or participate as a member of a technical team performing research. Identify and support the implementation strategies for the capture and application of learning and knowledge transfer from assignments (e.g. dissemination of research results, case studies, guides, reports, presentations, articles, workshops, courses, and blog entries).

10% Other duties as assigned by the Acquisition Support Program Executive Director, Deputy Director, Associate Director or Chief Engineer.

5% Serve in an advisory capacity to other SEI technical programs on acquisition or technical issues.

100% TOTAL EFFORT

ORGANIZATIONAL CHART: SEI Director’s Office < Executive Director—Interagency, Acquisition and Cyber < Associate Director, Military Services Acquisition < Military Services Team: Senior Engineer

ADDITIONAL INFORMATION:  This position will be located in Arlington, VA with travel to various client locations.

Position Summary:  The successful candidate will be a member of the Research, Technology, and System Solutions (RTSS) Program and will be assigned to the High-Confidence Cyber-Physical Systems (HCCPS) Research Project in Pittsburgh. This project conducts research in the design and analysis of cyber-physical systems (CPSs). Such systems are distributed in nature and include intimate interdependencies between software computations (cyber-computations) and physical processes. In this project we conduct research in verification techniques from model-checking and static analysis for functional verification; in real-time scheduling, and resource allocation; and in robot coordination. Our goal is to develop CPS design and analysis principles so that CPSs can be developed with high confidence that they will provide desired behavior.

The HCCPS project is not only interested in theoretical investigation but also in building prototypes to evaluate the practicality of results. Our ultimate goal is to transition new techniques and methods for CPSs into widespread use.  As a result, we create model problems inspired by the practitioner community and we develop ready-to-use materials including books, reports, courses, etc. As a DoD Federally-Funded Research and Development Center we are particularly interested in serving the needs of DoD.

Minimum Qualifications and Requirements:

Education/Training: Ph.D. degree in software engineering, computer science, electrical and computer engineering or related discipline with a dissertation in a related topic.

Experience: Five (5) years of experience in software and systems development or verification tool development (counting research projects). 

Skills/Abilities: Ability to function as a member of a team, conduct publishable research and implement research prototypes. Knowledge of the theory and experience in any (or all) the areas of: robotics systems, real-time systems, formal method tools, control theory, and hybrid systems. Good written, verbal, and presentation skills. Established publication record.  Candidates must have an established publication record.

Other: US citizenship required.

Preferred Qualifications and Requirements:

Experience: Experience conducting research related to developing DoD-related systems.

Mobility: The ability and willingness to travel is required.

Environmental Conditions: Usual office setting with extended use of CRT.

Mental: Ability to work under pressure, meet deadlines, and function productively as a team member.

Other: Successful candidates must be able to pass a background investigation for a DoD security clearance.

Accountability:  This position is accountable to the Technical Manager of the Cyber-Physical  and Ultra-Large Scale Systems (CPS/ULS) Initiative for work content, quality, and schedule.
 
Direction: This position operates within broad guidelines from the Technical Manager and is expected to exercise reasonable discretion on technical solutions.

Decisions: Technical decisions to support research or customer needs. Development of research plans for CPS. Design and development of experiments to validate research hypotheses.

Supervisory Responsibilities:  May lead teams to accomplish specific technical tasks or supervise students on a research project.

JOB FUNCTIONS OR RESPONSIBILITIES:
60%     Defining and executing research projects; and developing prototypes.
20%     Writing and/or presenting research reports and publications.
20%     Working with the professional community and customers.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  Director of Research, Technology, and System Solutions (RTSS) Program < Technical Manager of Cyber-Physical and Ultra-Large Scale Systems < Principal Researcher 

Position Summary:  The Senior Member of the Engineering Technical Staff of the Military Services Team will be responsible for leading teams that enable the organizations within the Department of Defense as well as other customer organizations to enhance the predictable performance and mission assurance in the acquisition, evolution and operations of software-reliant systems.   Key activities include understanding customer requirements and key challenge problems and addressing them with tailored solutions; applying, adapting, integrating, verifying and transitioning the SEI body of knowledge and other bodies of knowledge to maximize impact; creating, applying and codifying new approaches to support customer needs and advance the software engineering state of the practice; and maintaining situational awareness in technical and DoD domains.  The candidate will coordinate closely with technical staff in ASP and other SEI programs to deliver software engineering technical expertise to customers throughout the lifecycle.  The senior engineering technical staff member will be able to lead and participate in multi-disciplinary teams in support of the ASP vision and mission. 

This position is located in the Los Angeles, California area.

Minimum Qualifications and Requirements:
 
Education/Training:  Bachelor's degree in Computer Science, Information Systems, systems engineering, software engineering, acquisition management or equivalent combination of experience and training

Experience: The candidate must have at least:  BS or equivalent degree in relevant discipline with ten (10) years applicable experience; MS or equivalent degree in relevant discipline with eight (8) years applicable experience; PhD or equivalent degree in relevant discipline with five (5) years applicable experience.

The candidate must have experience in software engineering, development or management and/or systems engineering.  Must be knowledgeable of the software engineering and system engineering disciplines as well as understanding the DoD acquisition processes.   The candidate should have experience building, leading, managing and participating on cross-functional, high technology teams, should be able to operate effectively with all organizations within the software and acquisition communities and be able to interact diplomatically with partners, customers and sponsors.   The candidate should have experience with software acquisition for space systems – satellites, ground or both.

Skills/Abilities: Detailed knowledge of software engineering; detailed knowledge of at least one core competency: requirements, architecture and design, program and acquisition management, performance improvement, assurance, or security.  Depth in at least one SEI body of work.

Experience in five or more of the following: DoD or Civilian Agency software systems acquisition on major programs   (For the purposes of this announcement, our definition of major is at least 100K SLOC of custom developed code, and/or significant integration of COTS/GOTS products); solid technical breadth and understanding of all aspects of the end-to-end software lifecycle (e.g., requirements, design, implementation, testing, etc.); alternative life cycles (e.g. waterfall, agile); major DoD software acquisition policies and directives; enterprise architecture (e.g., DoD Architecture Framework [DoDAF]); software architecture development and evaluation and software architecture patterns (e.g. SOA); cloud computing; information Assurance/survivability; risk management; systems engineering on software intensive systems; COTS product integration; performance measurement including definition and application of goals, measurements and metrics; system of systems engineering; requirements development and management; software integration and test and software/hardware integration; deployment of software intensive systems, especially including transition from legacy systems; cost estimation.

Strong written and verbal communications skills and the ability to present to high visibility stakeholders internal and external to the organization.

Proven program and project management skills including:  Interfacing with clients, developing proposals, and establishing relationships with new DoD clients.  Programmatic skills (e.g., ability to develop project plans, track deliverables, manage risks).  Project management skills (e.g., program control activities, budget oversight, staff planning).  Ability to lead and participate in multidisciplinary teams.

Mobility:  Will be required to travel on overnight assignments

Environmental Conditions: Usual office setting with extended use of CRT

Other:   Successful candidate must be able to pass a background investigation, be a US citizen and be eligible for a security clearance.

Preferred Qualifications and Requirements:  

Education/Training:  Master's degree in Computer Science, Information Systems, systems engineering, software engineering, or acquisition management.

Licenses: Certified DoD Acquisition Professional.  Certified PMP.

Skills/Abilities:  Experience in organizational change management.  Completion of DoD acquisition accreditation levels (SPRDE, Program Management, and/or Test) and attendance at DAU courses
 

Accountability:  The member will be directly accountable for understanding DoD acquisition needs, applying new technologies, and establishing delivery capabilities to meet the needs of the sponsoring organization and the acquisition community.

Direction:  As a technical staff member, he/she will be expected operate with minimum supervision using CMU and SEI defined practice, policies and procedures, in concert with the SEI mission.

Decisions:  Will be required to work with government program offices to identify strengths and weaknesses within the acquisition program and their contractor base and build solutions to address the weaknesses and recognize and encourage the strengths.

Supervisory Responsibilities:  Must be able to lead and supervise others.

JOB FUNCTIONS OR RESPONSIBILITIES:

85%   Participate as a leader or member of technical teams in support of government acquisition program offices or participate as a member of a technical team performing research.  Identify and support the implementation strategies for the capture and application of learning and knowledge transfer from assignments (e.g. dissemination of research results, case studies, guides, reports, presentations, articles, workshops, courses, and blog entries).

10%  Other duties as assigned by the Acquisition Support Program Executive Director, Deputy Director or Chief Engineer.

5%      Serve in an advisory capacity to other SEI technical programs on acquisition or technical issues.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:  SEI Director’s Office < Executive Director—Acquisition, Interagency and Cyber < Associate Director, Military Services Programs < Military Services Team: Senior Engineer

Position Summary:  The mission of the SEI is to improve the practice of software engineering worldwide. One of the focus areas of the Research, Technology, and System Solutions (RTSS) Program is creating architecture-centric theories and practices that increase development efficiency and effectiveness on large-scale software and systems engineering projects. Examples of SEI architecture research include work in architecture evaluation, documenting and modeling architectures, identifying architecturally significant requirements, quality attribute analysis, and architecting in iterative environments.

The successful candidate will join the Architecture Practices team and will contribute to its architecture-centric research agenda. The team builds on established research and experience to create and extend architecture-centric theories and practices that organizations use to produce systems that meet their business and mission goals. Individual responsibilities include: contributing to ongoing architecture research efforts and new research directions, validating ideas in customer settings, and publishing results as part of the defined technical work plan.


Minimum Qualifications and Requirements:

Education/Training: MS degree in software engineering, computer science, or information systems or an equivalent combination of training and experience.

Experience: Five (5) years of experience in architecture research and/or practice working on large systems, systems of systems, or enterprise architectures.

Skills/Abilities: Broad knowledge of architecture research and its application to real world systems. A record of successfully contributing to the definition, proposal, and execution of research agendas. Publishes and presents in high-quality, peer-reviewed venues. Knowledge of modern development processes, languages, and platforms. Effective written and oral communication skills.

Physical Mobility: The ability and willingness to travel is required.

Environmental Conditions: Usual office setting, including extended work at a computer screen.

Mental: Ability to meet deadlines and function productively as a team member.

Other:  US citizenship required; successful candidate must be able to pass background investigation for a DoD secret clearance.


Preferred Qualifications and Requirements:

Education/Training:  PhD with two (2) years’ experience in software engineering, computer science, or information systems or an equivalent combination of training and experience.

Skills/Abilities:  Skills/abilities as listed above, plus: knowledge of the architectural implications of emerging technologies (for example, cloud computing, big data and analytics, and social software), an understanding of DoD challenges and stakeholders, experience working on distributed research and/or development teams, and working knowledge of SEI architecture research and methods.


Accountability: Estimation and tracking of time for technical tasks.


Direction:  Expected to act independently, with little day-to-day guidance. Expected to also work collaboratively in teams with minimal needed outside facilitation.


Decisions:  Determine architecture-centric solution techniques for practical system development problems.  Determine and recommend appropriate technology to use at a customer site in order to solve specific problems. Determine appropriate technical content for published report.

Supervisory Responsibilities:  Direct support activities to enable technical work. May direct the activities of work study or graduate student. Lead or co-lead customer efforts or transition project teams.



JOB FUNCTIONS OR RESPONSIBILITIES:

10%    Defining and developing research strategies and projects.
        
40%    Leading research teams and/or conducting planned research projects.

20%    Working with collaborators and customers applying research outcomes.

20%    Author publication-quality technical reports and deliver presentations as part of the defined technical work plan.

10%    Participate in and lead technical activities in community settings (conferences, workshops, working groups).
100% TOTAL EFFORT


ORGANIZATIONAL CHART:  RTSS Director > Architecture Practices manager > Architecture Researcher
 

POSITION SUMMARY:
As a member of CERT’s Workforce Development Program, the candidate will work with other team members in developing cyber-security and cyber-forensics training exercises and simulations—largely for US Government customers. This involves interacting directly with customers, gathering training requirements and objectives, producing and executing creative and engaging exercise scenarios, and building supporting physical and virtualized systems and network topologies. As such, the candidate will work regularly with a wide range of software and hardware technologies within CERT Labs. The candidate will also assist in developing and teaching cyber security and cyber forensics training content to external customers. He/she will be expected to work well in a collaborative team environment, while also being self-directed and motivated in accomplishing tasks and solving problems. Additionally, the position requires the candidate to have effective leadership/management abilities as he/she will oversee and direct the activities of graduate student assistants.

The successful candidate must be self-directed, have an interdisciplinary approach to problem solving, and work well communicating technical information to technical and non-technical users. The candidate must also be able to interact with clients and staff of all levels in a highly professional and competent manner.

Minimum Qualifications and Requirements:

Education/Training:  BS in Computer Science, Information Science, or related discipline with eight (8) years applicable working experience in information technology.

Licenses:  CISSP, Network+, Security+ and/or other industry standard certifications are highly desirable.

Experience:  Successful candidates must possess “hands-on” experience with Computer/Network Security and I.T. system and network administration. Additionally, he/she must have practical experience with Windows server and desktop platforms and Linux/Unix operating systems. The individual must possess knowledge/experience in network design and troubleshooting and have deep knowledge of standard networking protocols. Additionally, demonstrated practical experience working with common commercial and open-source cyber security tools is required. The candidate should have experience teaching technical content to students, peers, and non-technical individuals and must enjoy doing so.

Skills/Abilities: Candidate must be able to prioritize workload and complete deliverables on time, have good technical problem-solving skills, strong analytical and information organization skills, excellent oral and written communication skills, and strong technical teaching skills. Candidate must be able to multitask and work effectively with multiple project teams and sponsors/customers. Experience with virtualization technologies, particularly VMWare ESX server is highly desired. Programming experience in C, C++, C#, and Java is also desirable but not required.

Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites.

Environmental Conditions: Close contact with computer for long periods of time.

Mental: Ability to pay close attention to detail, meet deadlines, work under pressure, and communicate effectively.

Other:  Candidate must be able to pass a background investigation, obtain a security clearance, and be a U.S. citizen.

Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science, Information Science with at least five (5) years of applicable working experience in information technology with emphasis in cyber security.

Experience: Strong teaching or direct delivery training experience; proficiency with a variety of operating systems and detailed technical experience with large networks and telecommunications.

Skills/Abilities: Strong presentation/platform skills and excellent writing skills.

Accountability: The incumbent is accountable for the definition, creation, and maintenance of final deliverables and products.

Direction: The incumbent is expected to act independently using CMU and SEI defined policies, practices, and procedures.

Decisions: Required to design, develop, pilot and deliver products. Required to accurately represent NSS and its technical work in interactions with customers, sponsors, and the public.

Supervisory Responsibilities:
Supervises student interns.

JOB FUNCTIONS OR RESPONSIBILITIES:

% EFFORT  ESSENTIAL FUNCTIONS

35%  (1) Design and develop technical documents and instructional materials.

35%  (2) Install/configure hardware and software including promising new technologies that require examination for information security and assurance research and development.

15%  (3) Deliver technical and management training to customers.

10%  (4) Mentor, guide and interact with team and other staff.

5%  (5) Contribute to transition planning and strategy.

100% TOTAL EFFORT

ORGANIZATIONAL CHART:

Manager, Networked Systems Survivability Program > Technical Director, Enterprise Workforce Development > Technical Manager, Workforce Development > Cyber Security Trainer and Exercise Developer