Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Careers

Pursue your passion and work alongside world-recognized leaders in the field of software engineering. Our staff works with the highest levels of U.S. government and industry to secure the nation's critical infrastructure, improve mission-critical systems, and advance the state of the art.

Interested in working with us? To browse employment opportunities and apply for a position at the SEI, see our list of open positions below or search for positions. You can also visit the Carnegie Mellon site to learn about benefits for eligible employees, search for open positions that match your interests, and create a Job Agent that will notify you by e-mail when jobs that meet your criteria become available.

Resumes from recruiting firms will not be accepted.

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

SEI Job Listings

The position you are looking for is not available. Please take a look at our current open positions listed below.

Select Job Location

Sort by Date Posted Title Location

23 Jun
2016
Machine Learning Research Scientist - 2003423
Pittsburgh, PA

Position Summary: The Software Engineering Institute (SEI) is a federally funded research and development center located at Carnegie Mellon University. Our Advanced Mobile Systems (AMS) Initiative is seeking a Machine Learning Research Scientist. This is an excellent opportunity to work with leading researchers and faculty at a truly world-class institution. The Machine Learning Research Scientist will focus on advancing and applying machine learning technology to analyzing streaming data. The AMS team conducts applied research, matures and prototypes technology; and transitions technology to government organizations.

The ideal candidate will enjoy working with world-renowned researchers/engineers at the SEI, Carnegie Mellon University, and other universities and R&D centers.  S/he will apply promising technologies to applications requiring rapid processing of large volumes of streaming data.  The candidate should have a strong mathematics and/or computer science background and experience in machine learning technology and developing highly-distributed systems performing near-real-time analysis of data. 

 

Minimum Qualifications and Requirements:

Education/Training: M.S. degree in computer science or related discipline with eight (8) years of experience or equivalent combination or training and experience. PhD strongly preferred.

Experience: Two or more (2+) years in three or more of the following: system/software architecture and development, virtual machine technology, distributed processing, data analytics, machine learning and/or natural language processing.

Skills/Abilities: Ability to contribute to machine learning research and design and develop advanced prototypes. Excellent analytical, problem solving and organizational skills. Ability to work successfully in small team environments, and communicate with prominent researchers and engineers.  Interest in the application of advanced technologies to extremely complex and challenging problems

Mobility: Normally sedentary position with some mobility; i.e., able to travel to campus and potentially other locations.

Environmental Conditions: Usual office setting, close contact with CRT for long periods of time.

Mental: Ability to pay close attention to detail, meet deadlines, balance multiple tasks, work under pressure, and work with frequent interruptions.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training: PhD in Computer Science or related discipline with five (5) years of experience or equivalent combination of training and experience. Advanced coursework in machine learning/natural language processing.  Advanced coursework in architecting highly-distributed systems.  Additional course work in computer applications, software engineering and networking.

Experience: Four or more (4+) years’ experience in system/software architecture and development, virtual machine technology, distributed processing, data analytics, machine learning and/or natural language processing.  Experience developing data analytics applications, and applications for intermittently connected, low bandwidth, and low power environments; sensor integration and fusion. 

Skills/Abilities: Experience working with the intelligence community.

 

Accountability: Completes project tasks from routine to complex; is accountable for meeting established deadlines and project milestones with a commitment to decisions that have been made.

Direction: Expected to perform with limited supervision. Most normal duties and responsibilities are handled independently with the use of established research and engineering protocols and departmental and university procedures and policies.

Decisions: Works with researchers and developers to implement pragmatic solutions to complex problems.

Supervisory Responsibilities: Potential small team supervision.

 

Job Functions or Responsibilities:

30%     Works with CMU, SEI, other researchers, and the intelligence community to enhance the state of the art in technologies to assist in the analysis of large volume and streaming data.

30%     Works with CMU and SEI engineers to apply state of the art technologies to prototype systems that assist in the analysis of large volume and streaming data.

20%     Attends meetings, submits work progress reports, and performs related duties as required.

20%     Represents work plans and prototypes via publications, conferences, and meetings to the academic research, engineering, DoD, and first responder communities.

100% Total Effort

 

Organizational Chart: SSD Director > CSC Directorate Lead > AMS Initiative Lead > Machine Learning Research Scientist.

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

16 Jun
2016
Cybersecurity Risk Management Technical Manager - 2003362
Pittsburgh, PA or Arlington, VA

Position Summary: The CERT Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University with offices in Pittsburgh, Pennsylvania and Arlington, Virginia. The CERT Program engages in cutting-edge research, development, testing, and evaluation to improve the state of cybersecurity. As Cybersecurity Risk Management Technical Manager, you will lead a team of technical staff in developing and transitioning cybersecurity capabilities to both government and the private sector with a focus to benefit the US Department of Defense (DoD). 

You have both a breadth and diversity of experience with applied research, technology, information assurance, risk management, and technology lifecycle in DoD/Government domains. You are considered an expert source in risk management for your team, and you continue to acquire and expand your knowledge. You enjoy spending time with customers and practitioners to understand their problems and find innovative solutions.

You know how to lead teams (both co-located and geographically dispersed) of senior level engineers and complex projects – to supervise and review their work products, to guide their career paths, and to ease administrative burdens so that they can achieve jointly-developed technical goals. You know how to identify and propose new business development opportunities.  You know how to manage a diverse portfolio of work products and customers. You also bring advanced problem-solving and consulting skills in your role as a conduit and representative of the SEI with the community. You enjoy presenting to groups, publishing written works, and teaching/training others, and as a member of the Carnegie Mellon University community, you will have the opportunity to work with world-renowned faculty members and experts in cybersecurity.

As a member of our management team, you work with your Director and other Technical Managers to develop a Directorate-wide strategy, then you roll up your sleeves to develop and execute an implementation plan for your team to meet these goals, thereby assessing and improving the cybersecurity posture of the DoD, US Federal Government, Critical Infrastructure, and Industry.
 

Minimum Qualifications and Requirements:

Education/Training: BS in computer science, software engineering, information systems, or a related scientific/technical field with ten (10) years’ experience or equivalent combination of training and experience.

Experience:  Familiarity with process improvement models that contain the essential elements of effective management, development, and acquisition processes for one or more disciplines (e.g. the SEI’s CMMI) and experience transitioning these models into organizational practice; three or more years of leadership experience with responsibility for project and budget management.

Skills/Abilities:

  • Consulting skills and experience.
  • Demonstrated ability to develop and deliver training courses.
  • Project management experience.
  • Leadership and mentoring skills.
  • Strong knowledge of cybersecurity standards and related bodies of practice.
  • Experience with DoD customers.
  • Background in process improvement and capability measurement.
  • Ability to collaborate with other team members to accomplish organizational goals.
  • Critical-thinking skills.
  • Excellent written and verbal communications skills.

Physical/Mobility: Primarily sedentary in an office setting with some mobility.  Ability to travel frequently to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings.

Environmental Conditions: Close contact with computer for extended periods of time.

Mental: Strong interest in the human, managerial, and technical aspects of cyber security is critical for this position as are these abilities: take or share leadership role in technical projects; work meticulously with careful attention to detail; meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to understand the big picture, direction, and goals of an effort; ability to develop and communicate innovative ideas; ability to demonstrate initiative and to quickly learn new procedures, techniques, approaches, etc.

Accountability: The individual will implement and participate in the planning and execution of projects leading to technical products and results. The individual will also contribute to project, department, and program objectives and planning document development. The individual will keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution.

Direction: The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual must make sound technical decisions with little supervision. The individual must accurately represent the program in interactions with customers, sponsors, and the public. The individual is expected to perform analysis on-site at customer locations and immediately assess potential vulnerabilities requiring further investigation.

Supervisory Responsibilities: This position could involve the training and oversight of the work of other staff members, graduate students, resident affiliates, visiting scientists, and independent contractors. Depending on research project or customer work plan, position may involve task leadership.

Other: Must have a strong interest in cyber security and critical infrastructure protection, applied research, and development. Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.


Preferred Qualifications and Requirements:

Education/Training: MS in computer science, software engineering, information systems, or a related scientific/technical field with eight (8) years’ experience; PhD in computer science, software engineering, information systems, or a related scientific/technical field with five (5) years’ experience, or equivalent combination of training and experience.

Licenses: CISSP, CISM, GIAC, or similar; certifications from the audit discipline (such as CISA) are also acceptable.

Skills/Abilities: In addition to the minimum skills/abilities above, preferred skills/abilities include: demonstrated ability to develop and deliver coursework and training.


Job Functions or Responsibilities:

30%    Manages team to effectively implement and accomplish the SEI Program Plan, the CERT Division strategic plan, and the directorate strategic plan. Sets goals and objectives and manages operational and functional business activities. Develops, implements and tracks short and long term operational plans (financial, staffing, infrastructure, project).

30%   Provides guidance to and monitors the success of team/technical leads in meeting strategic and operational goals. Assesses performance of direct reports and makes salary recommendations for all staff within areas of responsibility. Provides oversight of team/technical leads and their supervisory responsibilities of technical staff. Conducts performance reviews. Responsible for recruitment, hiring, development and retention of all technical and support staff for the CRM team.

20%   Sets technical direction for team. Leads strategic planning process and contributes to the development of the CRR, CERT, and SEI strategic and program plans. Ensures annual update of plan; reviews feasibility of plan, identifies risks and defines risk mitigation strategy. Articulates vision for internal and external audiences.

10%   Identifies opportunities for new technical projects and manages start-up of new, high-priority technical areas of work. Works with Technical Director and business management personnel to develop and implement a funding and transition plan for new work areas.

10%   Directs organizational effectiveness and staff training and development plans. Identifies operational success measures and process improvements. Leads corrective actions.

TOTAL 100%


Organizational Chart: Director CERT Program < Technical Director, Cybersecurity Risk & Resilience Directorate < Technical Manager, Cybersecurity Risk Management

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

 

14 Jun
2016
DevOps Engineer - 2003355
Arlington, VA

Position Summary: The CERT Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. CERT engages in cutting-edge research and development in computer security.  The CERT Security Automation Directorate helps large network operators and security organizations in the USG distill actionable insights from networks through strategic analysis, tool building, and systems development.

As a member of the Deployment Team, the selected candidate will be responsible for developing, deploying, and evolving a network security test bed used for prototyping and systems analysis.  The selected candidate must be capable of administering commodity systems as well as operating specialized networking equipment and hardware.  As required, the candidate will support operational users and developers by using the test bed to verify engineering scenarios, create and test data-sets, and improve infrastructure automation.

 

Minimum Qualifications and Requirements:

Education/Training:  BS in computer science, software engineering, computer engineering, or a related quantitative field of study with eight (8) years of applicable experience. 

Experience:  Applicable experience in the design and implementation of complex testing and networking, including experience in:

  • Scripting (Python, Ruby, Perl).
  • System administration, monitoring, and automation in Unix/Linux.
  • Managing networks (switches, firewalls, routers, VPNs).

Skills/Abilities:

  • Deep familiarity with networking concepts, tools, etc.
  • Understanding of enterprise level communications.
  • Ability to execute test plans and report results, entry/exit documentation.
  • Excellent written and verbal communication skills.
  • Excellent reasoning and problem-solving skills.
  • Ability to work effectively without close supervision.
  • Ability to attend customer meetings and respond to customer requirements.

Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel up to 20% to customer sites.

Environmental Conditions: Close contact with computer for extended periods of time.

Mental: Ability to work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort; ability to quickly learn new procedures, techniques, approaches, etc.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training: MS in computer science, software engineering, computer engineering, or a related quantitative field of study with five (5) years of applicable experience. 

Experience:             

  • Experience working in production computing environment.
  • Experience designing, operating, and maintaining environments that include Unix/Linux, Windows, virtualization, and network systems and hardware.
  • Experience automating infrastructure tasks using scripting languages. (Python, Ruby, Perl).
  • Experience automating infrastructure configuration management. (Puppet, Ansible, Chef, CFEngine).
  • Experience with DevOps methodologies.
  • Experience with commercial high speed network monitoring equipment.
  • Experience using network test equipment and network load generators.

 

Accountability: The individual is accountable for the definition, creation, maintenance, and technical support of:

  • A prototyping environment consisting of Unix/Linux, windows, virtualization, storage, and network systems and hardware.
  • Automated configuration management, monitoring, and alerting for designated systems.
  • Other products and customer deliverables including material for technical presentations and reports to customers, training material, and technical documentation.

Direction: The individual is expected to act independently using CMU, SEI, and NSS defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual is expected to participate in the decision-making and problem-solving processes of operating, maintaining and implementing a multi-protocol multi-carrier prototype network environment.

Supervisory Responsibilities: This position does not formally supervise others.  However, the individual may act in a technical leadership (non-supervisory) role in regard to specific work products and activities, or in regard to student interns, etc.

 

Job Functions or Responsibilities:

45%     Manage the hardware and software of a prototype network security test-bed to include all appropriate system administration tasks and processes; provision for new requirements and growth.

30%     Define and execute tests in the network security test-bed on behalf of internal and external users.

20%     Build appropriate scenarios, profiles, and data-sets in support of internal and external users using the network security test-bed.

Secondary Functions

5%       Contribute to the broader security community.

100% TOTAL EFFORT

 

Organizational Chart: Director, CERT Program < Technical Director < Technical Manager < Security Engineer

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

10 Jun
2016
Senior Engineer - 2003268
REMOTE - HOME

Position Summary: The Senior Member of the Technical Staff/Senior Engineer will be located at the Lexington Park, Maryland operating location and will lead technical teams providing software engineering expertise to the NAVAIR PMA 281, Strike Planning and Execution Systems/Common Control System program.

The successful candidate will analyze DoD and commercial needs to formulate and prosecute a technical agenda that addresses these needs and will interact extensively with DoD and industry He or she will have the opportunity to have a seminal and lasting influence on an emerging body of technical research and practice.

Key candidate activities include: engineering/architecting a complex system-of-systems; soliciting and aligning requirements from stakeholders or other Subject Matter Experts; leading a team to write system requirements for communication systems and associated networks; information assurance; cross domain solutions; interfaces; mission planning systems; situational awareness systems; and program protection (domain expertise in one or more of these areas is a plus), leading a combined government and Prime Contractor team in the development of design concepts to implement system requirements, creating, analyzing, and briefing courses of action to leadership for decision, monitoring and, where applicable, guiding and advising on project efforts building the technical solution leading up to and through key acquisition milestones – System Requirement Review, Preliminary Design Review, and Critical Design Review, developing the plan and coordinating the test and evaluation of the overall system, Providing inputs to program Statements of Work, performing technical evaluation of contractor proposals, including Basis of Estimates.  The candidate will coordinate closely with on-site, Washington DC and Pittsburgh based SEI technical staff as well as remotely located subject matter experts in the Client Technical Solutions (CTS) Directorate and other SEI programs to deliver system & software engineering technical expertise to customers throughout the lifecycle.  The senior engineer will be able to lead and participate in multi-disciplinary teams.

 

Minimum Qualifications and Requirements:

Education/Training:  The candidate must have at least:  BS or equivalent degree in related discipline with ten (10) years applicable experience; MS or equivalent degree in relevant discipline with eight (8) years applicable experience; PhD or equivalent degree in relevant discipline with five (5) years applicable experience.  A Master’s degree in systems engineering, software engineering, Computer Science, Information Systems, acquisition management or equivalent combination of experience and training is strongly desired.

Experience:  The candidate must have experience in software and systems engineering.  Must be knowledgeable of the software engineering and system engineering disciplines as well as understanding the DoD acquisition lifecycle processes.   The candidate should have experience building, leading, managing and participating on cross-functional, high technology teams, should be able to operate effectively with all organizations within the software, engineering, and acquisition communities and be able to interact diplomatically with partners, customers and sponsors.   The candidate should have experience with software/system acquisition in the Command and Control (C2) or Integrated Air and Missile Defense domains.  NAVAIR experience is considered a plus.

Skills/Abilities:

Detailed knowledge of software/systems engineering; detailed knowledge of at least one core competency: requirements, architecture and design, program and acquisition management, performance improvement, assurance, or security.

Broad systems engineering and system lifecycle experience with a focus in one or more of following domains:

  • Unmanned Systems
  • Autonomy
  • Service Oriented Architectures/Distributed Systems
  • Interoperability
  • Multi-Domain Mission Management
  • Networks
  • Cyber Security
  • Cross Domain Solutions
  • Interfaces
  • Communication Systems
  • Mission Planning
  • Situational Awareness Systems
  • International Traffic in Arms Regulations and Export Licensing

Experience defining, developing, analyzing, and acquiring large software intensive systems. Mastery of writing complete, unambiguous, and verifiable requirements. Experience in systems integration and analysis. Experience in risk analysis and mitigation strategies. Experience in agile software development methodologies, specifically scrum. Ability to recognize and summarize areas of potential software engineering research. Government acquisition experience. Strong leadership, interpersonal, and engagement skills in a multicultural environment. Strong written and verbal communications skills and the ability to present to high visibility stakeholders internal and external to the organization.  

Proven program and project management skills including:

  • Interfacing with clients, developing proposals, and establishing relationships with new DoD and/or government clients.
  • Programmatic skills (e.g., ability to develop project plans, track deliverables).
  • Project management skills (e.g., program control activities, budget oversight and staff planning).

Experience in organizational change management would be considered a plus. Completion of DoD acquisition accreditation levels (SPRDE, Program Management, and/or Test) and attendance at relevant DAU courses would be considered a plus. Ability to lead and participate in multidisciplinary teams

Mobility:  Will be required to travel on overnight assignments both domestic and international.

Environmental Conditions: Usual office setting with extended use of CRT.

Other:  Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Licenses: Certified DoD Acquisition Professional.  Certified PMP.

Other Skills/Abilities:  Experience in organizational change management.  Completion of DoD acquisition accreditation levels (SPRDE, Program Management, and/or Test) and attendance at DAU courses.

 

Accountability:  The member will be directly accountable for understanding DoD acquisition needs, applying new technologies, and establishing delivery capabilities to meet the needs of the sponsoring organization and the acquisition community.

Direction:  As a technical staff member, he/she will be expected operate with minimum supervision using CMU and SEI defined practice, policies and procedures, in concert with the SEI mission.

Decisions: Will be required to work with government program offices to identify strengths and weaknesses within the acquisition program and their contractor base and build solutions to address the weaknesses and recognize and encourage the strengths.

Supervisory Responsibilities:  Must be able to lead and supervise project teams and other technical staff members.

 

Job Functions or Responsibilities:

85%     Participate as a leader or member of technical teams assisting/collaborating with government acquisition program offices or participate as a member of a technical team performing research.  Identify and support the implementation strategies for the capture and application of learning and knowledge transfer from assignments (e.g. dissemination of research results, case studies, guides, reports, presentations, articles, workshops, courses, and blog entries).

10%     Other duties as assigned by the CTS Technical Director or Deputy Director.

5%       Serve in an advisory capacity to other SEI technical programs on acquisition or technical issues.

100% TOTAL EFFORT

 

Organizational Chart:  SEI Director’s Office < SSD Director < Technical Director, Client Technical Solutions Directorate < Aviation Sector Lead < PMA 281 Operating Location Manager < Senior Engineer

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

10 Jun
2016
Software Architect - 2003267
REMOTE - HOME

Position Summary:  This position will be located at the Lexington Park, Maryland operating location and will lead architecture-centric activities and teams providing software engineering expertise to NAVAIR PMA 281, Strike Planning and Execution Systems/Common Control System program.

The successful candidate will be a member of the Air Sector team in the Client Technical Solutions Directorate and will contribute to the development of software, system, and system of system architecture practices, their application in real-world settings, and general software engineering knowledge.  Individual responsibilities include: working in teams, on-site in the Lexington Park operating location and at the NAVAIR Patuxent River PMA 281, Strike Planning and Execution Systems facility, employing the use of architecture practices to identify and solve large-scale development problems; analyzing customer needs throughout the development lifecycle and recommending courses of action; contributing to the development and improvement of architecture practices and software engineering practice; using customer experiences to inform and advance an architectural research agenda; and contributing to the technical community through publications and presentations.

The successful candidate will analyze DoD and commercial needs to formulate and prosecute a technical agenda that addresses these needs and will interact extensively with DoD and commercial stakeholders. He or she will have the opportunity to have a seminal and lasting influence on an emerging body of technical research and practice.

The candidate will coordinate closely with on-site, Washington DC, and Pittsburgh based SEI technical staff as well as remotely located subject matter experts in the Client Technical Solutions (CTS) Directorate and other SEI programs to deliver system architecture & software engineering technical expertise to the NAVAIR customer throughout the lifecycle.  The software architect will be able to lead and participate in multi-disciplinary teams.

 

Minimum Qualifications and Requirements:

Education/Training: MS degree in software engineering, computer science, or information systems or an equivalent combination of training and experience.

Experience: The candidate must have at least:  BS or equivalent degree in relevant discipline with ten (10) years applicable experience; MS or equivalent degree in relevant discipline with eight (8) years applicable experience.

Skills/Abilities: The Candidate must have experience in architecting software-intensive systems that includes managing quality attribute concerns (e.g., performance, modifiability, and scalability). Experience in system architecture, and System of Systems (SoS) or Enterprise Architecture (EA) development and integration environments. Experience in Service Oriented Architectures (SOA)/Distributed Architecture Systems.  Ability to assist with activities across the development lifecycle (including requirements, architecture, design, integration, and testing activities) and to effectively leverage architecture concepts in these activities. Ability to analyze customer problems, determine needs, and recommend a course of action. Ability to quickly learn and adapt to new technologies, platforms, and environments. Knowledge of modern software development languages, platforms, development methods, architecture and design practices, and their application to practice. Ability to work effectively with team members, customers, and collaborators. Effective written and oral communication skills.

Broad systems of systems architecture and system lifecycle experience with a focus in one or more of following domains:

  • Unmanned Systems
  • Autonomy
  • Service Oriented Architectures/Distributed Systems
  • Interoperability
  • Multi-Domain Mission Management
  • Networks
  • Cyber Security
  • Cross Domain Solutions
  • Interfaces
  • Communication Systems
  • Mission Planning
  • Situational Awareness Systems
  • International Traffic in Arms Regulations and Export Licensing

Experience defining, developing, analyzing, and acquiring large software intensive systems. Mastery of writing complete, unambiguous, and verifiable requirements. Experience in systems integration and analysis.  Experience in risk analysis and mitigation strategies. Experience in agile software development methodologies, specifically scrum. Ability to recognize and summarize areas of potential software engineering research. Government acquisition experience. Strong leadership, interpersonal, and engagement skills in a multicultural environment. Strong written and verbal communications skills and the ability to present to high visibility stakeholders internal and external to the organization.

Proven program and project management skills including:

  • Interfacing with clients, developing proposals, and establishing relationships with new DoD and/or government clients
  • Programmatic skills (e.g., ability to develop project plans, track deliverables to schedule)
  • Project management skills (e.g., program control activities, budget oversight and staff planning)

Experience in organizational change management would be considered.

Physical Mobility: The ability and willingness to travel is required. On-site at the Lexington Park, MD operating location with some travel to SEI Pittsburgh and DC/Arlington offices, as required.  PMA 281 requested travel will be CONUS, as required.  Estimated travel is 15%.

Environmental Conditions: Usual office setting, including extended work at a computer screen.

Mental: Ability to meet deadlines and function productively as a team member.

Other:  Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Experience: Experience as listed above, plus: knowledge of SEI architecture work such as the Architecture Trade-off Analysis Method, Quality Attribute Workshop, and documentation with the Views and Beyond Approach; experience with the design and development of software-intensive systems, systems of systems, or mission-critical systems; and experience working with industry and DoD stakeholders.  Virtualization experience is strongly desired.

 

Accountability:  Estimation and tracking of time and schedule for all delegated technical tasks.

Direction:  Expected to act independently, with little day-to-day guidance. Expected to also work collaboratively in teams with minimal needed outside facilitation.

Decisions:  Determine architecture-centric solution techniques for practical system development problems.  Determine and recommend appropriate technology to use at a customer site in order to solve specific problems. Determine appropriate technical content for published report.

Supervisory:  Direct support activities to enable technical work.  May direct the activities of work study or graduate student.  Lead or co-lead customer efforts or transition project teams.

 

Job Functions or Responsibilities:

70%     Participate on teams for customer specific efforts in architecture-centric life cycle practices.

15%     Contribute to development of architecture practices.                                           

10%     Author publication-quality technical reports and deliver presentations as part of the defined technical work plan.

5%       As a member of the CTSD Aviation Sector, provide input to its goals, strategies, and technical direction.

100% TOTAL EFFORT

 

Organizational Chart:  SEI Director’s Office < SSD Director < Technical Director, Client Technical Solutions Directorate < Aviation Sector Lead < PMA 281 Operating Location Manager < Software Architect.

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

 

 

 

08 Jun
2016
International Cybersecurity Analyst - 2003266
Pittsburgh, PA or Arlington, VA

Position Summary: The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Program engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the US Department of Defense, federal civilian agencies, private sector organizations and their networked information systems. CERT supports government customers by developing and transitioning cutting-edge analysis techniques and tools, providing strategic advisement, and supporting tactical operations.

The International Cybersecurity Analyst is a member of the CERT technical staff and based either in the SEI Office in Pittsburgh, Pennsylvania or in Arlington, Virginia. The candidate selected to fulfil this role will provide technical subject matter expertise in CERT support of International cybersecurity efforts and associated capability and capacity development efforts. This support will include assisting with the development and pursuit of CERT strategic drivers for engaging in these initiatives and vision for cybersecurity community interaction, regularly interacting with sponsors and stakeholders of these efforts, and execution of efforts as directed by the International CSIRT Initiatives Team Lead to ensure that the work being performed drives toward sponsor goals and CERT strategic drivers.

 

Minimum Qualifications and Requirements:

Education / Training: Bachelor’s Degree in Computer Science or scientific/technical field with three (3) years of experience or a MS/MA in a scientific or technical field with one (1) year of experience or equivalent combination of training and experience.

Experience: Professional experience should include three (3) or more years of experience supporting or managing large organizational or national-level CSIRT capabilities to include incident response, incident analysis, and development and implementation of mitigation actions and proactive security measures. This should include experience:

  • in creating, assessing, and improving these types of teams, as well as a working knowledge of existing global capabilities, advanced technology solutions and initiatives;
  • as an operational cybersecurity analyst, incident handler, or operations specialist;
  • working with and engaging people in diverse cultural environments, and;
  • fostering interaction and collaboration amongst peer organizations.

Skills / Abilities:

  • knowledge of current and effective CSIRT organizational and functional structures and the technical operations performed by these teams.
  • ability to work independently or within a team with members of varying skill sets and levels.
  • broad understanding of enterprise technology security issues.
  • broad working knowledge of commonly deployed computer network defense tools and processes to include leading vendor solutions.
  • ability to brief strategic and technical topics to senior management, technical and non-technical audiences.
  • knowledge of current operational challenges and technical threats faced by network security and intelligence organizations.
  • familiarity with project planning and management best practices.
  • ability to write / create clear, understandable documentation that translates complicated technical processes to a target audience (a writing sample is required).

Physical Mobility: Possibly sedentary, long periods of sitting, flexibility to travel to other campus locations or customer sites, frequent travel between Pittsburgh and Virginia offices, international travel as required.

Environmental Conditions: Normal office conditions, close contact with computer display for prolonged periods of time.

Mental: Ability to:

  • Work meticulously with careful attention to detail.
  • Meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities.
  • Deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort.
  • Develop and communicate innovative ideas.
  • Take leadership role in technical projects.
  • Quickly learn new procedures, techniques, and approaches.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education / Training: MS/MA in a scientific or technical field with one (1) year of experience.

Licenses: CISSP, CEH, CISM, CompTIA, or similar.

Experience:

  • Participation in broad public forums through activities such as standards, open source development, or publication.
  • Experience publishing research and academic papers.
  • Experience working with the government, or within a critical infrastructure sector.
  • Active in regional or international trade-related organizations such as the Forum of Incident Response and Security Teams (FIRST), North American Network Operators' Group (NANOG), Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), Anti-Phishing Working Group (APWG), etc.
  • Demonstrable experience effectively deliver training to technical and management level audiences on subject matter related to computer incident response team (CSIRT) development, incident response operations.
  • Background in international capacity and community building.

 

Accountability: This position is accountable for ensuring that the International CSIRT Initiatives team delivers on the execution of the statement of work for customers sponsoring capability building efforts.  The individual is accountable for aligning cybersecurity operations projects with customer needs and re-prioritizing efforts as appropriate, in close coordination with the International CSIRT Initiatives Team Lead.

Direction: The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual is expected to participate in the decision-making and problem-solving processes of defining, designing, implementing, and sustaining national-level cybersecurity and related operations; suggesting and implementing policies and procedures to support these activities; and creating and sharing information regarding the state of the practice for broad dissemination.

Supervisory Responsibilities: This position will not formally supervise any personnel.

 

Job Functions or Responsibilities:

70%     Create framework and methodology documents, both general and specific to individual stakeholder groups, intended to facilitate the organizational and technical capacity development of international partners.

20%     Support planning, development, and execution of customer led and/or supported development activities, planning discussions, and awareness raising exercises. Through partnership, awareness, and action evaluate the need for, develop blueprints for, and assist with the implementation of national-level CYBERSECURITY capabilities.

10%     Capture knowledge from the engagements undertaken, integrate it with lessons learned from other similar work, and help transfer that knowledge for the betterment of the global CYBERSECURITY community.

100% TOTAL EFFORT

 

Organizational Chart: CERT Program Director < Monitoring and Response Technical Director < Security Operations Technical Manager < International CSIRT Initiatives Team Lead < International Cybersecurity Analyst.

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

02 Jun
2016
Information Assurance Coordinator - 2003111
Arlington, VA

This position is located in Arlington, VA.

Position Summary:  The Information Assurance Coordinator is a hands-on information system security role within the Office of the CIO Information Assurance (IA) team of the Software Engineering Institute (SEI) that operates, monitors, and maintains accredited information systems. This is an opportunity for a cleared IA professional in the Arlington VA area with strong organization and communication skills and working experience with modern Windows system administration tools and operating techniques in a Windows-based accredited network. This position is responsible for facilitating and assuring that information systems in the Arlington VA office remain complaint with DoD and other USG regulations. The position works closely with SEI groups and outside sponsors to coordinate the certification and accreditation of accredited information systems.

 

Minimum Qualifications and Requirements:

Education/Training: Bachelor’s degree in Computer Science, Information Technology, or related field, or equivalent combination of training and experience. Current Microsoft server certifications; one or more of MCITP (Server & Client), MCSA, MCSE, etc.

Licenses:   One or more of: CAP, CASP CE, Security+CE, SSCP, GSEC, CISM

Experience: Five or more (5+) years of system and network administration experience using modern system administration tools and operating techniques in an accredited production Microsoft Windows infrastructure. Prior experience as an ISSO / ISSM (IAO/IAM) in a small to medium-scale classified enclave. Experience as a system / network administrator for services under government cognizance (e.g., DISA, DSS); knowledge of the DOD STIGs and their application in establishing and operating information systems. Experience confirming audit records and STIG compliance for systems in an accredited Microsoft Windows infrastructure.

Skills/Abilities: Problem solving skills. Demonstrated knowledge of Windows operating system commands/utilities; demonstrated knowledge of system administration tools and processes such as those used to manage software, Group Policy Objects, and other aspects of Active Directory; demonstrated knowledge of server and network problem resolution based on examination of events/alerts and system monitors/logs.

Physical Mobility: Some infrequent business travel required involving overnight stays. Computer hardware installation and configuration required on a regular basis, sometimes involving transport of heavy objects (typically under 100 lbs.) short distances, use of hand tools, et cetera. Carrying of light objects (< 30 lbs.) for longer distances (intra-campus; 2-3 city blocks) and lifting of equipment weighing ~50 pounds may also be required. 

Environmental Conditions: Normal office condiditons, close contact with computer displays for prolonged periods of time.

Mental: Ability to identify, isolate and resolve systems problems. Communicate the nature of problems to different parties (e.g., system / network administrators, IA professionals, IT user support, etc.) to resolve technical issues, sometimes under pressure. Temperament and maturity to self-motivate and prioritize tasks with input from a remotely located manager.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance. Must meet and maintain DoD 8570-M readiness requirements within six (6) months of employment. Additional work hours (weekend and evening hours) may be required on an infrequent basis. May be required to stay at or return to work during incidents and/or emergencies to perform duties as requested.

 

Preferred Qualifications and Requirements:

Licenses:   One or more of the following: Active CISSP (or Associate), GSLC, CISM.                                                                                            

Experience:  ICD-501/503 experience; prior use of the ACAS tool chain, Security Content Automation Protocol (SCAP) validation tools, awareness of NISPOM IS-relevant rules, etc.

 

Accountability:  Ensures server(s) and client stations are operating efficiently and resolves issues. Verifies that accredited systems maintain their prescribed configuration and addresses/reports deviations from same immediately.  Recommends and performs modifications to enhance server/service performance and reliability.

Regularly communicates with the ISSO and ISSM as well as IT engineering group leaders in Pittsburgh to convey operational status information relevant to the services in scope.

Responsible for proper handling (e.g., safe storage, proper marking, approved destruction) of document and media used in the operation and maintenance of classified systems.

Responsible for providing information relating to equipment and facility needs each fiscal planning session to aid in budgeting expenses related to the operation of accredited systems in “closed” areas.

Participates in the development or revision of IS-specific security safeguards and local operating procedures to satisfy certification requirements. Works with the ISSM and ISSO in Pittsburgh to align policies to DC operations.

Direction:  Works under limited supervision from a remote manager as part of the OCIO IA team.

Expected to act independently to maintain and securely operate accredited systems with guidance from the lead ISSM, FSO, and OCIO senior management. Draws guidance from relevant operational security guidelines / manuals, turning to the lead ISSM for clarification when needed.

Most work is performed independently, or in concert with the lead ISSM and appropriate IT staff.

Decisions: Must be able to identify user and systems issues and resolve trivial issues independently. Information Security issues and complex operational problems are handled in concert with the ISSO, ISSM and appropriate IT or Security staff.

Supervisory Responsibilities:  No regular staff supervisory responsibilities.

Regularly inspects accredited systems and may task other IT personnel in order to address infractions or post-audit POA&M issues.

Will assist in the training process for new staff and users of accredited systems.

 

Job Functions or Responsibilities:

20%   Installs, maintains, configures and upgrades accredited servers, workstations and network devices in accordance with most current STIG documents. Assists users to resolve problems related to closed area systems and services.

15%   Reviews server logs directly or with analysis tools to discern operational anomalies, including operational threats (e.g., resource contention/exhaustion) and security concerns; addresses and/or reports these to IA colleagues or IT as appropriate.

15%   Reports on the operational status of accredited information systems based on reviews and scans to accrediting agencies, possibly through established channels such as ACAS, HBSS, etc. Reporting is coordinated with the IA team in the Pittsburgh office.

10%  Performs C&A duties including submission of accreditation documents. Drives IS related self-inspection activities and C&A / CCRI preparations. Primary interface to the local DSS IS representative.

10%  Performs classified IS user indoctrination briefings and manages IT accounts / credentials of classified systems, including required recordkeeping (account lifecycle, DoD IAA training status, policy acknowledgements, etc.).

5%   Functions as the secondary COMSEC custodian for the SEI Arlington (a/k/a DC) office responsible for device inventory, key management and loading, etc.

5%   Supports the FSO to prepare for traditional security inspection activities, complete self-inspections, etc.

5%   Performs limited FSO or CSSO duties in a backup capacity as directed.

Secondary Functions

10%    Other IT / IA related duties as assigned by the OCIO.

5%    Training and professional development to keep current with new technologies and regulations.

100% Total Effort

 

Organizational Chart:  CIO < Deputy CIO < Information Assurance Coordinator

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

31 May
2016
International Cybersecurity Analyst - 2003200
Pittsburgh, PA or Arlington, VA

Position Summary: The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Program engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the US Department of Defense, federal civilian agencies, private sector organizations and their networked information systems. CERT supports government customers by developing and transitioning cutting-edge analysis techniques and tools, providing strategic advisement, and supporting tactical operations.

The International Cybersecurity Analyst is a member of the CERT technical staff and based either in the SEI Office in Pittsburgh, Pennsylvania or in Arlington, Virginia. The candidate selected to fulfil this role will provide technical subject matter expertise in CERT support of International cybersecurity efforts and associated capability and capacity development efforts. This support will include assisting with the development and pursuit of CERT strategic drivers for engaging in these initiatives and vision for cybersecurity community interaction, regularly interacting with sponsors and stakeholders of these efforts, and execution of efforts as directed by the International CSIRT Initiatives Team Lead to ensure that the work being performed drives toward sponsor goals and CERT strategic drivers.

 

Minimum Qualifications and Requirements:

Education / Training: Bachelor’s Degree in Computer Science or scientific/technical field with eight (8) years of experience; MS/MA in a scientific or technical field with five (5) years of experience; PhD in a scientific or technical field with two (2) years of experience; or equivalent combination of training and experience.

Experience: Professional experience should include five (5) or more years of experience supporting or managing large organizational or national-level CSIRT capabilities to include incident response, incident analysis, and development and implementation of mitigation actions and proactive security measures. This should include experience:

  • in creating, assessing, and improving these types of teams, as well as a working knowledge of existing global capabilities, advanced technology solutions and initiatives;
  • as an operational cybersecurity analyst, incident handler, or operations specialist;
  • working with and engaging people in diverse cultural environments, and;
  • fostering interaction and collaboration amongst peer organizations.

Skills / Abilities:

  • knowledge of current and effective CSIRT organizational and functional structures and the technical operations performed by these teams.
  • ability to work independently or within a team with members of varying skill sets and levels.
  • broad understanding of enterprise technology security issues.
  • broad working knowledge of commonly deployed computer network defense tools and processes to include leading vendor solutions.
  • ability to brief strategic and technical topics to senior management, technical and non-technical audiences.
  • knowledge of current operational challenges and technical threats faced by network security and intelligence organizations.
  • familiarity with project planning and management best practices.
  • ability to write / create clear, understandable documentation that translates complicated technical processes to a target audience (a writing sample is required).

Physical Mobility: Possibly sedentary, long periods of sitting, flexibility to travel to other campus locations or customer sites, frequent travel between Pittsburgh and Virginia offices, international travel as required.

Environmental Conditions: Normal office conditions, close contact with computer display for prolonged periods of time.

Mental: Ability to:

  • work meticulously with careful attention to detail.
  • meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities.
  • deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort.
  • develop and communicate innovative ideas.
  • take leadership role in technical projects.
  • quickly learn new procedures, techniques, and approaches.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education / Training: MS/MA in a scientific or technical field with five (5) years of experience; PhD in a scientific or technical field with two (2) years of experience; or equivalent combination of training and experience.

Licenses: CISSP, CEH, CISM, CompTIA, or similar.

Experience:

  • participation in broad public forums through activities such as standards, open source development, or publication.
  • experience publishing research and academic papers.
  • experience working with the government, or within a critical infrastructure sector.
  • active in regional or international trade-related organizations such as the Forum of Incident Response and Security Teams (FIRST), North American Network Operators' Group (NANOG), Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), Anti-Phishing Working Group (APWG), etc.
  • demonstrable experience effectively deliver training to technical and management level audiences on subject matter related to computer incident response team (CSIRT) development, incident response operations.
  • background in international capacity and community building.

 

Accountability: This position is accountable for ensuring that the International CSIRT Initiatives team delivers on the execution of the statement of work for customers sponsoring capability building efforts.  The individual is accountable for aligning cybersecurity operations projects with customer needs and re-prioritizing efforts as appropriate, in close coordination with the International CSIRT Initiatives Team Lead.

Direction: The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual is expected to participate in the decision-making and problem-solving processes of defining, designing, implementing, and sustaining national-level cybersecurity and related operations; suggesting and implementing policies and procedures to support these activities; and creating and sharing information regarding the state of the practice for broad dissemination.

Supervisory Responsibilities: This position will not formally supervise any personnel.

 

Job Functions or Responsibilities:

70%     Create framework and methodology documents, both general and specific to individual stakeholder groups, intended to facilitate the organizational and technical capacity development of international partners.

20%     Support planning, development, and execution of customer led and/or supported development activities, planning discussions, and awareness raising exercises. Through partnership, awareness, and action evaluate the need for, develop blueprints for, and assist with the implementation of national-level CYBERSECURITY capabilities.

10%     Capture knowledge from the engagements undertaken, integrate it with lessons learned from other similar work, and help transfer that knowledge for the betterment of the global CYBERSECURITY community.

100% TOTAL EFFORT

 

Organizational Chart:  CERT Program Director < Monitoring and Response Technical Director < Security Operations Technical Manager < International CSIRT Initiatives Team Lead < International Cybersecurity Analyst.

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

31 May
2016
Senior Software Systems Engineer - 2003199
Arlington, VA

What We Do: The SEI Emerging Technology Center helps the government stay on the edge of technology. The world is innovating software and information technologies rapidly, and the Center identifies, demonstrates, and applies emerging software technologies to meet critical mission needs. We focus on promoting government awareness and knowledge of emerging technologies and their application, and shaping and leveraging academic and industrial research.

 

Position Summary:  The SEI Emerging Technology Center is focused on matching state-of the-art software capabilities with critical U.S. Government needs. The Center is part of the Software Engineering Institute (SEI), a federally funded research and development center (FFRDC) at Carnegie Mellon University. We have an immediate need for a Senior Software Systems Engineer. This position will be based at our Arlington, VA office, and will require frequent onsite work at a customer site in Chantilly, VA. Technical staff in the Center work on leading edge technologies and apply them to important and challenging problems. It is a dynamic and flexible development environment with constant opportunities to develop new skills, to learn new programming methods and techniques, to work on emerging architectures and systems, and to make a difference.

 

Minimum Qualifications and Requirements:

Education/Training: BS or equivalent degree in relevant discipline with ten (10) years applicable experience; MS or equivalent degree in relevant discipline with eight (8) years applicable experience; or equivalent combination of training and experience.

Experience: The candidate must have experience in software engineering and systems engineering. Must be knowledgeable of the software engineering and system engineering disciplines as well as have some understanding of the DoD or Intelligence Community acquisition processes. The candidate should have experience building, leading, managing and participating on cross-functional, high technology teams, should be able to operate effectively with all organizations within the technology and acquisition communities and be able to interact with partners, customers and sponsors.

Experience in the following: DoD or Intelligence Community software systems acquisition on major programs; solid technical breadth and understanding of all aspects of the end-to-end software lifecycle (e.g., requirements, design, implementation, testing, maintenance); major DoD or Intelligence Community software acquisition practices; enterprise architecture ; software architecture development and evaluation, software architecture patterns (e.g. SOA) and concepts (e.g. Cloud computing); systems engineering on software intensive systems; requirements development and management; software integration and test and software/hardware integration; deployment of software intensive systems, technology transition from legacy systems.

Strong written and verbal communications skills and the ability to present to high visibility stakeholders internal and external to the organization.  Proven program and project management skills including: interfacing with clients, developing proposals, and establishing relationships with new DoD and/or government clients and programmatic and project management skills (e.g., ability to develop project plans, track deliverables, manage risks, perform staff planning, provide budget oversight).  Ability to lead and participate in multidisciplinary teams.

Skills/Abilities:  Detailed knowledge of software engineering; strong knowledge of systems engineering; demonstrated strengths in: software architecture and design, large commercial or government systems. 

Mobility: Will be required to travel on overnight assignments.

Environmental Conditions: Normal office conditions; close contact with computer screen for extended periods of time.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Licenses: Certified DoD Acquisition Professional. Certified PMP.

 

Direction: As a technical staff member, he/she will be expected to operate with minimum supervision using CMU and SEI defined practice, policies and procedures, in concert with the SEI mission.

 

Job Functions or Responsibilities:

50%     Individual Technical Contribution. This includes other duties as assigned by the Emerging Technology Center Director, and serving in an advisory capacity to other SEI technical programs on technical issues.

20%     Direct Relationship Management

20%    Technical Program Management and Technical Leadership

10%    Business Development

100% TOTAL EFFORT

 

Organizational Chart:  SEI Director’s Office < Director, Emerging Technology Center < ETC Program Manager< Senior Software Systems Engineer.

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

26 May
2016
Senior Software Developer - 2003125
Pittsburgh, PA or Arlington, VA

What we do:  The SEI Emerging Technology Center helps the government stay on the edge of technology.  The world is innovating software and information technologies rapidly, and the Center identifies, demonstrates, and applies emerging software technologies to meet critical mission needs.  We focus on promoting government awareness and knowledge of emerging technologies and their application, and shaping and leveraging academic and industrial research. 

Position Summary:  The SEI Emerging Technology Center is a focused on matching state-of-the-art software research with critical U.S. Government (USG) needs.  This position will support the Center’s mission by developing, applying, demonstrating, evaluating, and transitioning software capabilities that operationalize research concepts of significant value to the USG.  Software developers in the Center work on leading edge technologies and apply them to important and challenging problems. It is a dynamic and flexible development environment with constant opportunities to develop new skills, to learn new programming methods and techniques, to work on emerging architectures and systems, and to make a difference.

Duties include:  Take hands-on lead role on team of Software Developers; develop and code software solutions that provide needed capabilities to the USG building on state-of-the-art research in analytics, data architectures, software assurance, security, and human information interaction; conduct rapid software prototyping to demonstrate and evaluate technologies in relevant environments; conduct performance, security, and other aspects of evaluating software systems; test software capabilities using novel testing and analysis techniques; document software with an emphasis on architectures, user stories, and interface definitions; practice agile software development methods and actively participate on teams of software developers, researchers, designers, and technical leads; support software development infrastructure and assist in building and configuring computing systems and resources; interface with the research community and the USG to understand challenges, needs, and possible solutions; contribute to improving the overall technical capabilities of the Center by mentoring and teaching others, participating in design (software and otherwise) sessions, and sharing insights and wisdom across the SEI Emerging Technology Center team.

 

Minimum Qualifications and Requirements:

Education/Training:  Bachelors of Science in Computer Science, Information Systems, or related field with ten (10) years’ experience in hands on software development, or equivalent; Masters of Science in Computer Science, Information Systems, or related field with eight (8) years’ experience in hands on software development, or equivalent; Ph.D. with five (5) years’ experience is a plus.

Experience:  Professional experience listed above to include the following areas:  eight (8) years of production or intensive research software development experience in modern languages such as C/C++ or Java; knowledge of other commonly used language such as Perl, Python, Ruby, JavaScript, etc.; working knowledge of some modern computing paradigms and environments such as NoSQL systems (Hadoop, CouchDB, MapReduce), cloud computing and virtualization, parallel programming, HPC development, network programming, mobile development, and interface development; familiarity with end-to-end software development activities in Linux/Windows/Unix/Web environments; familiarity with software development tools including IDEs (Eclipse, IntelliJ, emacs etc.), version control systems (git, svn, p4 etc.) and bug tracking systems (e.g., bugzilla); working knowledge and experience in participating in agile software development practices and team design sessions; experience as team lead or supervisor; demonstrated problem solving ability with the ability to explore and evaluate many possible solutions to problems; proven contribution to open source development projects is a plus.

Skills/Abilities:  Knowledge of:  Software development in Python, C/C++, Java, and other modern languages; modern computing, data, and storage solutions including advanced web development (HTML5, Adobe Flex, PHP), data processing architectures (MapReduce, Hadoop, BigTable) including cloud computing and virtualization concepts; virtualization, hypervisors, cloud controllers, and other cloud provisioning concepts; algorithm design and analysis including analysis of algorithm complexity; familiarity with of core Internet protocols (e.g., TCP/IP, BGP, UDP, ICMP, DNS, SMTP, HTTP, etc.); software / systems development lifecycle, QA testing, revision control, and change management practices.

Physical Mobility: Primarily sedentary in an office setting with some mobility. Flexible to travel to various locations within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Travel outside of Pittsburgh limited to no more than 5 working days a month.

Environmental Conditions: Normal office conditions; close contact with computer screen for extended periods of time.

Mental: The ability to:  explore and solve complex, ill-defined problems; work meticulously with attention to detail; meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; self-starter willing to take on tasks and initiate constructive activity with little guidance; deal collaboratively, diplomatically, and successfully with customers, co-workers, and other professional colleagues, managers, and staff; grasp the big picture, direction, and goals of an effort; interface with world-class research community; develop and communicate innovative ideas; quickly learn new procedures, techniques, and approaches.

Other:  U.S. Citizenship is required.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.

 

Preferred Qualifications and Requirements:

Education/Training:  Ph.D. in Computer Science, Mathematics, Information Systems, or related discipline with five (5) years’ experience.

 

Accountability:  This position will be responsible for exploring, defining, developing, demonstrating, and, in some cases, transitioning software capabilities.  This includes working with a team of developers, researchers, designers, and other technical personnel to create solutions.

Direction:  This position is expected to act with minimal supervision in accordance with SEI procedures and policies, such as those involving product development, team interaction, and confidentiality.

Decisions:  This position will explore, develop, and demonstrate software capabilities and make implementation choices for a wide-range of software-intensive problems.

Supervisory Responsibilities:  This position will eventually supervise a team of approximately 2 to 6 developers, and will act in the capacity of a mentor to solutions architects, software developers, and designers.

 

Job Functions or Responsibilities:

30% Design, develop, test, document, and demonstrate software.

20% Lead, direct, and oversee the activities of a team of developers working on diverse set problems and projects; development and management the development infrastructure and support the development team.

20% Interface with the research community to understand the state of research ideas and the practicality of applying those ideas to real USG problems and challenges.  Interface with USG customers to understand their needs and capabilities and identify possible solutions.

20%  Actively participate in agile team software development activities and team brainstorming, innovations, and design sessions.

10%  Participate in the broader SEI software research community through collaboration, papers, and presentations.


100% Total Effort

 

Organizational Chart:  SEI Emerging Technology Center Director < SEI Emerging Technology Center Technical Director < Senior Software Developer

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

24 May
2016
Senior Researcher - 2002044
Pittsburgh, PA or Arlington, VA

Position Summary: This individual provides quantitative expertise to outside customers and other technology groups in the SEI to address a wide variety of software engineering, acquisition, and sustainment problems. Specific examples include reviewing project cost estimates, establishing and assessing software measurement programs, designing project management dashboards, and assessing the quality of the data currently being used by customer organizations.  Additionally, this position leads and participates in research and development projects within the Software Engineering Measurement and Analysis initiative and on teams in other units of the SEI.  The position also requires making public presentations on our R&D activities and products and services we offer as well as serving as the principle point of contact for customer engagements.  The position also works with the SEI Business Development team as requested to support visits with potential customers and to write work proposals.  As a senior member of the technical staff, the individual will also be responsible for review and evaluation of the work performed on their projects to ensure value is delivered and the work is of high quality.

 

Minimum Qualifications and Requirements:

Education/Training:  B.S. degree or higher in quantitative analysis such as social sciences or B.S. degree in computer science, software engineering or related discipline.

Experience:  Ten (10) years of applicable experience in software engineering measurement, project management, or DOD acquisition.  Also experience on software project teams or as a consultant.

Skills/Abilities:

  • Quantitative analytical expertise including statistical modeling and empirical research methods
  • Ability to use advanced statistical techniques including multivariate analysis and machine learning methods
  • Ability to construct an empirical research plan and experimental design
  • Excellent/outstanding written and verbal communications skills.
  • Ability to actively listen to grasp the big picture, identify key issues and convey the goals of an organization and the current effort
  • Ability to work with and lead teams of professionals
  • Instructional delivery skills
  • Planning skills
  • Consulting skills including meeting facilitation skills
  • High capability for attention to detail

Skills with the following tools:

Microsoft Office (Word, Excel, PowerPoint)

At least one statistical package (SAS/Jump, SPSS, Systat, R)

Mobility: Typical travel is 20-25% per month and occasionally greater

Environmental Conditions:  Extensive use of LCD terminal and keyboard

Mental: Ability to work under pressure to meet deadlines, attend to details, be creative, deal collaboratively with customers, SEI team members, managers and other SEI groups.  Able to express criticism in a constructive manner and willing to accept criticism without becoming defensive. Willing to speak up and offer ideas and feedback when requested.

Other:  Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training: M.S. or PhD in one of the above disciplines.

Licenses:  Certification as Project Management Professional, Six Sigma Black Belt, ASQ Quality Professional or similar certification.

Experience: Five years or more in a management role related to software development, sustainment or acquisition in a DOD context. Two or more years in an internal or external consulting role.

Skills/Abilities: Experience conducting experiments, validation studies on software practices or other innovations.  Knowledge of design of experiments and/or control charts.  Data mining.

 

Accountability: When serving as the technical lead for a project, this position is responsible for meeting the project’s commitments: deliverables, schedule and budget. The individual must be able to develop and present work plans and status reports to the customer as required. The individual is accountable for the quality of the products delivered and customer satisfaction with the deliverables and working relationship.

Direction: Conducts complex technical work with limited direction from SEMA Manager and other team or initiative leaders.

Decisions: May determine content of customer communications. Will replan efforts and schedules as circumstances change. Will have direct impact on objectives and approach to own technical work.

Supervisory Responsibilities:  May function as a team leader on technical work. Under these circumstances, the individual is responsible for scheduling the work of the team and will supervise others as necessary.  Will work with other managers as necessary to deconflict work priorities of team members and will provide feedback on the performance of the team to the team and the SEMA manager and SEAP Technical Director as requested.

 

Job Functions or Responsibilities:

35%     Develop measurement technology and research papers as needed for SEI initiatives.

40%     Consults with customers on design and implementation of measurement to support customer functions and decisions.

20%     Develops transition materials such as courseware and case studies on customer engagements and provides delivery of SEI training.

5%       Supports business development.

100% TOTAL EFFORT
 

Organizational Chart: SSD Director < Technical Director for SEAP < Manager of SEMA

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

 

18 May
2016
Managing Director, CERT Division
Pittsburgh, PA

Boyden Global Executive Search

Founded in 1946, Boyden is the oldest and one of the largest privately owned search firms in the world, with more than 65 offices in over 40 countries. In the world of executive search, Boyden is distinguished by the expertise of our consultants, the resources of our global firm, our commitment to our clients, and our culture of professionalism and integrity. For further information about Boyden, visit www.boyden.com.

 

Background

Our client, the Carnegie Mellon University Software Engineering Institute (SEI), is seeking a highly experienced, dynamic and visionary leader to fill the position of Managing Director, CERT Division. The position is located in Pittsburgh, PA and is open due to a planned retirement in September.

For over three decades, the Software Engineering Institute has been helping government and industry organizations to acquire, develop, operate, and sustain software systems that are innovative, affordable, enduring, and trustworthy. SEI serves the nation as a not-for- profit, Federally Funded Research and Development Center (FFRDC), specifically established by the U.S. Department of Defense (DoD) to focus on software and cybersecurity. SEI is based at Carnegie Mellon University, a global research university annually rated among the best for its programs in computer science and engineering.

As an FFRDC, the SEI fills voids where in-house and private sector research and development centers are unable to meet DoD core technology needs. For government and industry, the SEI is an objective, unbiased, honest broker that maintains a critical mass of top-caliber software and cyber professionals; provides a central repository for information about software engineering and cybersecurity; develops and maintains core competence in areas critical to the DoD; and  serves as an intellectual crossroads and catalyst for change.

SEI is composed of three business units:

  • Software Solutions Division
  • Emerging Technology Center
  • CERT Division

The CERT Division (CERT) is a national asset in the field of cybersecurity that is recognized as a trusted, authoritative organization dedicated to improving the security and resilience of computer systems and networks. CERT regularly partners with government, industry, law enforcement, and academia to develop advanced methods and technologies to counter large-scale, sophisticated cyber threats. CERT is a leader in:

  • Network Analysis
  • Analyzing cyber vulnerabilities in the critical infrastructure
  • Performing research to address insider threats

CERT has approximately 260 employees and represents $88.4 million of funding out of SEI’s total FY $137.2 million. FY 2016 projections are $97.2 million for CERT and $144.5 million for all of SEI. Because CERT is located within the SEI, the majority of its work contributes to government and national security efforts. CERT collaborates with high level government organizations such as the Department of Defense; Department of Homeland Security (DHS); law enforcement, including the FBI; the Intelligence Community; and many industry organizations. CERT also collaborates with non-Federal organizations to resolve software vulnerabilities.

For more information on SEI, please visit the SEI web site at www.sei.cmu.edu and for CERT, www.cert.org

 

Position

The Managing Director of the CERT Division reports to the Director & CEO of the SEI and is a member of the SEI’s Executive Leadership Team (ELT). CERT is the largest division bringing in nearly $100 million in funding to the SEI. This position is directly responsible for approximately 250 to 300 employees.

In addition to her/his duties and responsibilities as Managing Director, the selected individual is also expected to participate on research and science advisory boards, such as external advisory boards for other labs, science advisory boards, and/or programs conducted by the National Academies of Science and Engineering.

 

Key Responsibilities

The Managing Director’s primary responsibilities are to develop and implement the strategic plan and maintain oversight of the entire division including day-to-day management – direction of the research, development, and delivery of the products and technologies; and develop and manage work plans with SEI customers and collaborators.

Additional key responsibilities of the Managing Director include:

  • Developing, implementing and overseeing the strategy, direction, and management of SEI’s activities in the area of cybersecurity
  • Providing leadership, both horizontally and vertically across the SEI
  • Developing near- and long-term strategies and financial goals; within first 100 days develop a 2-year CERT strategic plan that aligns with the SEI Directors Office initiatives
  • Managing the DoD STE allocation of CERT
  • Leading the business development efforts relative to DoD, other Federal and Commercial clients to ensure aggressive long term growth in revenues and margins
  • Leading the strategic planning for and providing leadership and guidance to the business development efforts throughout the division; establish revenue  goals, KPIs, and oversight in the identification and closure of opportunities for expanding existing relationships and for new business including:
    •  Acquiring additional DoD business in the area of cybersecurity
    • Developing the intelligence business which will supplement CERT funding, but is not limited by STE ceiling
  • Nurturing existing client relationships and funded programs of work
  • Developing new clients in the non-DoD sector (other Federal clients and Commercial organizations)
  • Establish strategic alliances and joint ventures that will accrete to SEI’s growth across all business units
  • Building strategic Senior Leadership relationships with other organizations within the DoD
  • Working with the SEI Director’s Office and Chief Strategy Officer’s Office to establish and achieve an annual set of strategic goals in the areas of Technical, Research, Workforce, Customer, Revenue, and Mission
  • Building CERT’s management bench strength across the entire division and oversee formal performance management and succession planning
  • Being a team player and collaborator within CERT and across the SEI

 

Selection Criteria

The ideal candidate must have a minimum of fifteen (15) years of progressively increasing technical responsibilities managing research projects in a University, the Department of Defense, or in a software intensive systems environment at the classified level. He/she must have demonstrated experience in leading business development activities that result in substantial growth of revenues over time.

The ideal candidate must have experience in building and managing high technology teams and have the knowledge of DoD/IC computer science, cybersecurity, IT Architecture, or software technology. An M.S. degree in a technical field is required and an advanced business degree is desirable. Candidates must have a DoD Top Secret security clearance or the ability to obtain one.

The candidate must be able to demonstrate successful experience in managing a portfolio of large, complex, research projects that proved strategic in nature and the content of which have focused on information technology, software reliant systems, cybersecurity, and technology while also reflecting growth in revenue and assurance of compliance with policies/regulations. He/she should have experience with budget management responsibilities including monitoring financial information and performance against goals. Management experience within a university, government, military, and/or Fortune 500 technology-based organization is preferred. Candidates must be able to travel domestically and internationally up to 50% of the time.

Additionally, the candidate must possess/be:

  • A strategic thinker and capable of thinking outside-the-box
  • Experienced in financial management and personnel mentoring and oversight
  • Track record of accomplishments in leading the research and transition agenda for a technology-based organization
  • Experience in developing plans and managing projects (budget and schedules) in an integrated team environment
  • Demonstrated understanding of the current and future government cybersecurity needs
  • Understanding of how to commercialize DoD cyber technology and sell and market to the commercial community
  • Ability  to  collaborate  internally  and  partner  effectively  with  all  levels  of  the organization
  • Demonstrated  ability  in  leading  and  managing  senior  level  researchers  and engineers
  • Strong influencing, consensus building and engagement skills
  • Ability to collaborate and negotiate agreements with senior managers and officials both internally and externally
  • Reputation for highest level of integrity
  • Forward thinking and a creative change agent
  • Resourceful, committed, and accountable
  • High comfort level with ambiguity
  • Success at building consensus within a matrixed organization
  • Strong organizational, leadership, team building, and mentoring skills
  • Transparent and respectful of the views of others
  • Have great listening skills
  • Decisive decision maker
  • Excellent oral, written, and presentation skills
  • Confident but have one’s ego in control and have a healthy sense of humor

 

Compensation and Benefits

This is an outstanding career opportunity for an individual interested in a genuine professional challenge. With this position comes a very competitive compensation and benefits program.

 

HOW TO APPLY

The Officer-in-Charge of this engagement is Tim McNamara, Managing Partner. Linda Kearschner, Principal, is leading the recruiting effort for the project. Interested parties should submit, in electronic format, a resume with salary history and a cover letter outlining reasons for interest in this opportunity to lkearschner@boyden.com, or may call our toll free number at 1.877.2.BOYDEN (226-9336) or 1.202.536.5168 for additional information.

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

 

18 May
2016
Security Operations Technical Manager - 2003124
Pittsburgh, PA or Arlington, VA

Position Summary: The CERT Program is a world-class program within the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Program engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the US Department of Defense, US Intelligence Community, federal civilian agencies, private sector organizations and their networked information systems. CERT supports government customers by developing and transitioning cutting-edge analysis techniques and tools, providing strategic advisement, and supporting tactical operations.

CERT is seeking a dynamic Security Operations Technical Manager (TM) who will lead, shape and manage the growth of a cutting edge security operations program. This candidate will be able to reason about complex problems, be an innovator, and a leader.

This candidate must be able to develop and execute a technical agenda and strategic roadmap to continually improve the state of the art and practice of Security Operations and Incident Management/Response. The TM will need to be able to communicate this technical vision and be capable of building consensus within the team and to maintain a successful culture built on high-quality and impactful customer work.

This approximately 20-person Security Operations team works from the SEI’s Pittsburgh and Arlington offices, and is embedded at USG facilities in the Washington DC-Baltimore area.  The position of technical manager is responsible for all aspects of developing and executing the body of work to include setting the technical direction; managing financials; business development; and personnel issues.

This role reports to the Director of Monitoring and Response, a directorate in the CERT Division.

 

Minimum Qualifications and Requirements:

Education/Training:  BS in a Computer Science or related scientific/technical field with ten (10) years’ experience, or equivalent combination of training and experience.

Experience:  Experience listed above should include:

  • Work in cyber security or intelligence operations;
  • Prior responsibility managing a team comprising a total of at least 10 individuals with commensurate personnel and financial authority.
  • These individuals should have had cyber operations roles.

Skills/Abilities: Working knowledge of:

  • Current security challenges and threats faced by a subset of the following audiences: USG intelligence, defense, law enforcement, civilian departments, and critical infrastructure.
  • USG mission’s areas/owners in cyber security.
  • Community best practices in cyber operations and associated tools/techniques.
  • Understanding of existing standards and models for security operations, incident response, intrusion analysis and cyber threat intelligence.
  • Internet protocols, operations, and governance.
  • International policies, frameworks, treaties and conventions.

Ability to:

  • Set and implement a strategic direction for a technical area and group.
  • Codify operational experience into best practices.
  • Conduct technical project management.
  • Brief strategic and technical topics to senior management and non-technical audiences;
  • Sustain a team with business development activity.
  • Foster professional growth and develop technical/professional leadership capabilities in technical staff.

Physical Mobility: Primarily sedentary in an office setting with some mobility.  Requires travel to various domestic locations within the SEI and CMU community to include the SEI Arlington/Pittsburgh office; sponsor sites; conferences; and offsite meetings with routine frequency (up to one 2 day trip every week).

Environmental Conditions: Normal office conditions; close contact with computer display for extended periods of time.

Mental:  The ability to: work meticulously with careful attention to detail; meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort; develop and communicate innovative ideas; and excellent oral and written communication skills.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training: MS in a related technical field with ten (10) years of experience, or equivalent combination of training and experience.

Experience:  Experience listed above should include:

  • Working for or supporting the USG.
  • Supporting multiple sponsors/customers.
  • Supporting customers in an operational security environment such as incident response, intelligence, or a security operations center.
  • Supporting elements of the critical infrastructure sectors or international NCSIRTs.
  • Leading community building activities in the critical infrastructure, NCSIRT, or USG space.
  • Establishing and defining processes for operational security organizations, and codifying best practices from community and operational experience.
  • Leading workforce/capacity building projects.
  • Prior responsibility in managing a team of 15-20 individuals with commensurate personnel and financial authority.
  • Participation in public and closed community security forums through activities such as publication, presentation, collaborative security operations, and collaborative research.
  • Experience leading work internationally.

Skills/Abilities:

  • Practical experience leading, defining, or applying TTPs for cyber operations; 
  • Working knowledge of secure systems and network architecture practices.

 

Accountability:  This position is accountable for the specification and execution of all any Incident Analysis technical area work plans and a subset of the SEI operational plan.

Direction:  The individual in this position is expected to act autonomously using CMU, SEI, and CERT, defined policies, practices, and procedures.  Additionally, this position will define those set for their technical area and influence those set for CERT.

Decisions:  The individual in this position is expected to make strategic choices about the direction of the technical area that will be distilled into a technical agenda funded by a defined set of existing or new customers and implemented by a team hired to support the specifics tasking.

Supervisory Responsibilities:  This position has ultimate supervisory responsibility over all staff in the technical area to include hiring, performance reviews, salary adjustments, task assignment, and setting the tone and culture of the group.

 

Job Functions or Responsibilities:

30%     Manages group to effectively implement the SEI and task order work plans.  Sets goals and objectives and manages operational and functional business activities.   Develops, implements and tracks short and long term operational plans (financial, staffing, infrastructure, project).

30%     Provides guidance to and monitors the success of team leads in meeting strategic and operational goals. Assesses performance of direct reports and makes salary recommendations for all staff within areas of responsibility.  Provides oversight of team leads and their supervisory responsibilities of technical staff and conducting performance reviews. Responsible for recruitment, hiring, development and retention of all technical and support staff.

20%     Sets technical agenda of the technical area.  Leads planning process and contribute to the development the CERT strategic plan.  Ensures regular update of technical area’s plan; reviews feasibility of plan, identifies risks and defines risk mitigation strategy.  Articulates vision for internal and external audiences.

10%     Identifies opportunities for new technical projects and manages start-up of new, high-priority technical programs of work. Works with Technical Director of Response and Monitoring to develop and implement a funding and transition plan for new work areas.

10%     Directs organizational effectiveness and staff learning and development plans. Identifies operational success measures and process improvements.  Leads corrective action.

100% Total Effort

 

Organizational Chart: Division Director, CERT < Monitoring and Response Technical Director < Security Operations Technical Manager.

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

16 May
2016
Cyber Security Engineer - Exercise Developer - 2003110
Pittsburgh, PA or Arlington, VA or REMOTE - Fort George G. Meade

This position has multiple openings and can be located in Pittsburgh, PA, Arlington, VA or Fort George G. Meade.

Position Summary:  As a member of CERT's Workforce Development program, the candidate will work with other team members in developing cyber-security training exercises and simulations, primarily for US military/government customers. This involves interacting directly with customers, gathering training requirements and objectives, producing and facilitating creative and engaging exercise scenarios, and building supporting physical and virtualized systems and network topologies. As such, the candidate will work regularly with a wide range of software and hardware technologies within CERT labs. The candidate may also assist in developing and teaching cyber security training content to external customers. The candidate will also be involved software and hardware prototype development.  Additionally, the position requires the candidate to have demonstrated and effective leadership/management abilities as he/she may supervise and evaluate full time direct reports as well as the activities of graduate student assistants. The successful candidate must be self-directed, have an interdisciplinary approach to problem solving, and work well communicating technical information to technical and non-technical users. The candidate must also be able to interact with clients and staff of all levels in a highly professional and competent manner.

 

Minimum Qualifications and Requirements:

Education/Training:  Bachelor’s degree in Computer Science, Information Science, or related discipline with eight (8) years applicable working experience in information technology, Master’s degree in Computer Science, Information Science, or related discipline with five (5) years of applicable working experience in information technology, PhD Computer Science, Information Science, or related discipline with two (2) years of applicable working experience in information technology, or equivalent combination of training or experience.

Experience: Successful candidates must possess "hands-on" experience with Computer/Network Security and I.T. system and network administration. Additionally, he/she must have practical experience with Windows server and desktop platforms and Linux/Unix operating systems. The candidate must have experience in network design and troubleshooting and implementing standard networking protocols. Additionally, demonstrated practical experience working with common commercial and open-source cyber security tools is required. The candidate should have some experience teaching technical content to students, peers, and non-technical individuals and must enjoy doing so.

Skills/Abilities: Candidate must be able to prioritize workload and complete deliverables on time, have good technical problem-solving skills, strong analytical and information organization skills, excellent oral and written communication skills, and strong technical teaching skills. Candidate must be able to multitask and work effectively with multiple project teams and sponsors/customers. Experience with virtualization technologies, particularly VMWare ESX server is highly desired. Programming experience in C, C++, C#, Python, and Java is also highly desirable.

Physical Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites.

Environmental Conditions: Close contact with computer for long periods of time.

Mental: Ability to pay close attention to detail, meet deadlines, work under pressure, and communicate effectively.

Other:  Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training: BS and MS in Computer Science; training in enterprise security tools (i.e. McAfee ePO/HIPS, ArcSight, etc.)

Licenses: CISSP, Network+, Security+ and/or other industry standard certifications

Experience: US military service in a series of positions involving information technology, cyber security, and management of large scale government networks.

Skills/Abilities: Strong presentation/platform skills and excellent writing skills.

 

Accountability:  The incumbent is accountable for the definition, creation, and maintenance of final deliverables and products and may manage unclassified/classified DoD projects in excess of $3M annually.

Direction:  The incumbent is expected to act independently using CMU and SEI defined policies, practices, and procedures.

Decisions: The incumbent must use good judgment to solve customer and personnel problems and is required to envision, design, develop, pilot, and deliver new capabilities, products, and services.  Candidate will also be required to accurately represent SEI/CERT and its technical work in interactions with customers, sponsors, and the public.

Supervisory Responsibilities:  The incumbent may have at least 2 direct reports as well as up to 15 secondary reports and will be required to provide performance management, career guidance, and take personnel corrective actions as required.

 

Job Functions or Responsibilities:

10%      Design and develop technical documents and instructional materials.

10%      Research, evaluate, develop, install/configure hardware and software including promising new technologies that require examination for cyber security research and development.

10%      Deliver technical and management training to customers.

55%      Mentor, guide and interact with team and other staff.

15%      Contribute to transition planning and strategy.

100% TOTAL EFFORT

 

Organizational Chart: Director, CERT Division < Technical Director, Cyber Security Solutions Directorate < Technical Manager, Cyber Workforce Development Initiative < Cyber Workforce Development Team Lead < Cyber Security Engineer - Exercise Developer

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

 

10 May
2016
Information Security Critical Infrastructure Analyst - 2003055
Pittsburgh, PA

Position Summary: The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Program engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.  The individual in this position will work as a member of the Cybersecurity Assurance Team within the Cyber Risk & Resilience Directorate. The team develops solutions (in the form of frameworks, models, tools, policies, practices, technical guidance, and training) that allow organizations to identify, analyze, and manage organizational, operational, and technical risks to mission-critical assets, processes, systems, and infrastructures. The individual will conduct applied research and perform assessments, diagnostics, and analysis techniques to better understand and mitigate risks to cyber environments and the organizational processes that depend on them. Activities will include close work with customers from a variety of organizations, including DoD, government agencies, and commercial organizations.

 

Minimum Qualifications and Requirements:

Education/Training: BS in computer science, software engineering, information systems, or a related scientific/technical field with eight (8) years’ experience.

Licenses: CISSP or CISA

Experience: Professional experience in Industrial Control Systems Security in the Water, Chemical, or Energy Sectors. Operational experience in Critical Infrastructure. Experience with and applied knowledge in: data Analysis, Statistics, and Statistical Tools for quantitative methods; information technology and telecommunications systems; cyber security, survivability, and resilience concepts and issues; critical Infrastructure and Key Resources; software and systems engineering.

Skills/Abilities: Must exhibit the following skills and abilities: understanding of information technology and telecommunications systems; working knowledge of network interoperability, cyber security, and survivability issues, including cyber security best practices and standards; working knowledge of DHS critical infrastructure sectors and related security and resilience issues; development and delivery of information and infrastructure security risk and vulnerability evaluations; ability to conduct analytical studies and investigations; reasoning and problem-solving skills; ability to work independently with limited supervision; ability to interact effectively with customer and to represent the SEI and its capabilities; ability to work well as a member of a cooperative team; ability to work in a matrix organizational structure; ability to recognize and deal appropriately with confidential and sensitive information; ability to implement project plans, monitor project budgets, and identify and mitigate project risks; leadership and mentoring skills; excellent written and oral communication skills; ability to contribute to technical research white papers and reports; ability to prepare papers and deliver presentations to technical and non-technical audiences; ability to contribute to customer technical exchanges and marketing presentations; participation in professional society activities, particularly IEEE and ACM.

Physical/Mobility: Primarily sedentary in an office setting with some mobility. Ability to travel frequently to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings.

Environmental Conditions: Close contact with computer for extended periods of time.

Mental: Strong interest in the human, managerial, and technical aspects of cyber security is critical for this position as are these abilities: take or share leadership role in technical projects; work meticulously with careful attention to detail; meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to understand the big picture, direction, and goals of an effort; ability to develop and communicate innovative ideas; ability to demonstrate initiative and to quickly learn new procedures, techniques, approaches, etc.

Other: Must be able to work independently and travel as needed; this position requires frequent solo travel by car to customer sites in remote areas. Strong interest in cyber security and critical infrastructure protection analysis basis research, applied research, and development.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information. Candidates must be able to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training: MS in computer science, software engineering, information systems, or a related scientific/technical field with five (5) years’ experience.  PhD in computer science, software engineering, information systems, or a related scientific/technical field with two (2) years’ experience.

Licenses: CISSP, CISM, GIAC, or similar; certifications from the audit discipline (such as CISA) are also acceptable.

Experience: In addition to the minimum experience above, preferred experience includes: experience in both physical and cyber aspects of security; familiarity with resilience concepts; familiarity with process improvement models such as CMMI or SixSigma, TQM, ISO9000, CERT-RMM; familiarity with standards for measurement (including ISO 15939); familiarity with NIST 800-series standards for information security; familiarity with the DoD DIACAP standard for information assurance certification and accreditation; familiarity with standards for security (ISO 27000), business continuity (BS 25999), and IT operations (ISO 20000); working in a team environment on collaborative projects in critical infrastructure sectors involving network, system or data security; experience employing software engineering techniques in designing and developing distributed, secure software, and experience with / knowledge of any of the following; system administration; networking; firewalls, intrusion detection systems, and other security technologies; application development/programming; relational databases.

Skills/Abilities: In addition to the minimum skills/abilities above, preferred skills/abilities include: ability to lead work teams as needed; consulting skills; demonstrated ability to deliver coursework and training.

 

Accountability: The individual will implement and participate in the planning and execution of projects leading to technical results. The individual will also contribute to project, department, or program objectives and planning document development. The individual will keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution.

Direction: The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual must make sound technical decisions with little supervision. The individual must accurately represent the program in interactions with customers, sponsors, and the public. The individual is expected to perform analysis on-site at customer locations and immediately assess potential vulnerabilities requiring further investigation.

Supervisory Responsibilities: This position could involve the training and oversight of the work of other staff members, graduate students, resident affiliates, visiting scientists, and independent contractors. Depending on research project or customer work plan, position may involve task leadership.

 

Job Functions or Responsibilities:

30%     Participate in the examination, analysis, and documentation of assessments, diagnostics, and analysis techniques for information and infrastructure security; examine data on cyber security and technology risks to identify problem areas and propose mitigation alternatives.

25%     Participate in the delivery of existing CERT cyber security, resilience, and risk assessment and analysis approaches with customers and partners; participate in research, analysis, and documentation of cyber security issues, concerns, and risks at customer locations.

20%     Participate in research into innovative and cutting-edge tools, techniques, and methods to improve cyber security and resilience; transition research into applied knowledge for customers.

10%     Deliver courses in operational resilience management, cyber security management, and information security risk management.

5%       Contribute to conferences and meetings; participate in marketing calls and technical exchanges with clients; give talks and lectures as appropriate; participate on working groups for subjects of interest.

5%       Contribute to and review the literature in cyber security, resilience, and software engineering.

5%       Provide assistance and input to other teams and projects within the SEI.

100% Total Effort

Organizational Chart: Director CERT Program > Technical Director, Risk and Resilience Directorate > Technical Manager, Cybersecurity Assurance team > Information Security Critical Infrastructure Analyst

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

06 May
2016
Systems Infrastructure Engineer - 2003016
Pittsburgh, PA

Position Summary: As a member of CERT's Cyber Workforce Development directorate, the candidate will provide full-stack systems and network administration support to internal engineering teams on the group’s datacenter and lab infrastructure.  This infrastructure supports remote cybersecurity training, large-scale team exercises, and systems/network modeling and testing for US military commands and US government personnel stationed across the globe.  The production infrastructure includes over three hundred HP blade servers running VMWare hypervisors, HP/3PAR flash storage appliances, Cisco networking and firewall appliances, and “fly-away” training kits utilizing Dell blade servers and Cisco wireless equipment.  The lab infrastructure includes IBM blade servers, Dell storage, and various desktop/laptop computers used for classroom training and software development. The position offers great opportunities for career broadening and professional development while supporting US national security missions.  The position requires the incumbent to attain a clearance upon hiring.sionals including Network and Systems Engineers, Software Developers and Media/AV Architect. 

 

Minimum Qualifications and Requirements:

Education/Training:   Bachelor’s degree in Computer Science, Information Science, or related discipline with three to five (3-5) years of hands-on experience in IT.

Experience: Successful candidates must possess senior-level experience in enterprise/production IT environments.  Demonstrated proficiency and systems/network administration experience within multi-platform datacenters as well as applying configuration/change management best practices.  Successful experience working within customer-oriented team environments. The position requires highly-effective problem solving and troubleshooting abilities as well as exceptional communications and interpersonal skills. 

Skills/Abilities:

  • Hypervisors:  Proficient with VMware ESXi, VMware vSphere (5.5+).
  • OS:  Proficient with Windows Server 2008, 2012, RHEL 6+, and desirable with Ubuntu 12.04+.
  • Networking: Proficient with Cisco Catalyst, Nexus platforms, Cisco ASA, and desirable with Juniper EX series switches.

Server/Security Administration:

  • Proficient with HP, Dell, and/or IBM Blade servers.
  • Familiar with enterprise backup technologies: HP StoreOne.
  • Proficient in one or more of the following scripting tools: (bash, powershell, vb, python, perl).
  • Proficient with enterprise monitoring solutions: Nagios, zabbix, and/or Solarwinds.
  • Proficient with IIS, Familiar with Apache, and/or Nginx web servers.
  • Experience with security compliance and auditing: Nessus, OpenVAS, MBSA, etc. and familiarity with NIST 800-171, NIST 800-53, NIST 800-137, NIST 800-30 .
  • Familiar with load balancers such as BigIP F5.
  • Familiar with enterprise security technologies such as: VPNs and proxy servers.
  • Proficient with Microsoft Active Directory.
  • Familiar with Microsoft SQL server.

Mobility: Mostly sedentary, with occasional meetings in nearby buildings.

Environmental Conditions: Close contact with computer for extended periods of time.    

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Direction: The incumbent is expected to act independently using CMU and SEI defined policies, practices, and procedures.

Decisions: The incumbent is required to leverage current systems, develop advanced workflows and supervise vendors in order to support meeting customer deliverable. The incumbent is required to accurately represent SEI and its technical work in interactions with customers, sponsors, and the public.

Supervisory Responsibilities: The incumbent selects and initiates professional services agreements with up to five production vendors. The incumbent may supervise interns. The incumbent supervises and evaluates the performance of all production vendors.

 

Job Functions or Responsibilities:

30%      Design and develop technical documents and instructional materials.

30%      Design software use cases and functions checks.

20%      Deliver technical and management training.

10%      Mentor, guide and interact with team and other staff.

10%      Contribute to transition planning and strategy.

100% TOTAL EFFORT

 

Organizational Chart: Director, CERT Division < Technical Director, Cyber Workforce Development < Technical Manager, Cyber Workforce Development Education, Training and Prototypes < Systems Infrastructure Engineer.

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

02 May
2016
Cyber Security Engineer - Exercise Developer - 2003013
REMOTE - Fort George G. Meade, MD

Position Summary:  As a member of CERT's Workforce Development program, the candidate will work with other team members in developing cyber-security training exercises and simulations, primarily for US military/government customers. This involves interacting directly with customers, gathering training requirements and objectives, producing and facilitating creative and engaging exercise scenarios, and building supporting physical and virtualized systems and network topologies. As such, the candidate will work regularly with a wide range of software and hardware technologies within CERT labs. The candidate may also assist in developing and teaching cyber security training content to external customers. The candidate will also be involved software and hardware prototype development.  Additionally, the position requires the candidate to have demonstrated and effective leadership/management abilities as he/she may supervise and evaluate full time direct reports as well as the activities of graduate student assistants. The successful candidate must be self-directed, have an interdisciplinary approach to problem solving, and work well communicating technical information to technical and non-technical users. The candidate must also be able to interact with clients and staff of all levels in a highly professional and competent manner.

 

Minimum Qualifications and Requirements:

Education/Training:  Bachelor’s degree in Computer Science, Information Science, or related discipline with eight (8) years applicable working experience in information technology, Master’s degree in Computer Science, Information Science, or related discipline with five (5) years of applicable working experience in information technology, PhD Computer Science, Information Science, or related discipline with two (2) years of applicable working experience in information technology, or equivalent combination of training or experience.

Experience: Successful candidates must possess "hands-on" experience with Computer/Network Security and I.T. system and network administration. Additionally, he/she must have practical experience with Windows server and desktop platforms and Linux/Unix operating systems. The candidate must have experience in network design and troubleshooting and implementing standard networking protocols. Additionally, demonstrated practical experience working with common commercial and open-source cyber security tools is required. The candidate should have some experience teaching technical content to students, peers, and non-technical individuals and must enjoy doing so.

Skills/Abilities: Candidate must be able to prioritize workload and complete deliverables on time, have good technical problem-solving skills, strong analytical and information organization skills, excellent oral and written communication skills, and strong technical teaching skills. Candidate must be able to multitask and work effectively with multiple project teams and sponsors/customers. Experience with virtualization technologies, particularly VMWare ESX server is highly desired. Programming experience in C, C++, C#, Python, and Java is also highly desirable.

Physical Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites.

Environmental Conditions: Close contact with computer for long periods of time.

Mental: Ability to pay close attention to detail, meet deadlines, work under pressure, and communicate effectively.

Other:  U.S. Citizenship is required.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.

 

Preferred Qualifications and Requirements:

Education/Training: BS and MS in Computer Science; training in enterprise security tools (i.e. McAfee ePO/HIPS, ArcSight, etc.).

Licenses: CISSP, Network+, Security+ and/or other industry standard certifications.

Experience: US military service in a series of positions involving information technology, cyber security, and management of large scale government networks.

Skills/Abilities: Strong presentation/platform skills and excellent writing skills.

 

Accountability:  The incumbent is accountable for the definition, creation, and maintenance of final deliverables and products and may manage unclassified/classified DoD projects in excess of $3M annually.

Direction:  The incumbent is expected to act independently using CMU and SEI defined policies, practices, and procedures.

Decisions: The incumbent must use good judgment to solve customer and personnel problems and is required to envision, design, develop, pilot, and deliver new capabilities, products, and services.  Candidate will also be required to accurately represent SEI/CERT and its technical work in interactions with customers, sponsors, and the public.

Supervisory Responsibilities:  The incumbent may have at least 2 direct reports as well as up to 15 secondary reports and will be required to provide performance management, career guidance, and take personnel corrective actions as required.

 

Job Functions or Responsibilities:

10%      Design and develop technical documents and instructional materials.

10%      Research, evaluate, develop, install/configure hardware and software including promising new technologies that require examination for cyber security research and development.

10%      Deliver technical and management training to customers.

55%      Mentor, guide and interact with team and other staff.

15%      Contribute to transition planning and strategy.

100% TOTAL EFFORT

 

Organizational Chart: Director, CERT Division < Technical Director, Cyber Security Solutions Directorate < Technical Manager, Cyber Workforce Development Initiative < Cyber Workforce Development Team Lead < Cyber Security Engineer - Exercise Developer

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

02 May
2016
Cyber Security Engineer - Exercise Developer - 2003017
Pittsburgh, PA or Arlington, VA or REMOTE - Fort George G. Meade

This position has multiple openings and can be located in Pittsburgh, PA, Arlington, VA, or Fort George G. Meade.

Position Summary:  As a member of CERT's Workforce Development program, the candidate will work with other team members in developing cyber-security training exercises and simulations, primarily for US military/government customers. This involves interacting directly with customers, gathering training requirements and objectives, producing and facilitating creative and engaging exercise scenarios, and building supporting physical and virtualized systems and network topologies. As such, the candidate will work regularly with a wide range of software and hardware technologies within CERT labs. The candidate may also assist in developing and teaching cyber security training content to external customers. The candidate will also be involved software and hardware prototype development.  Additionally, the position requires the candidate to have demonstrated and effective leadership/management abilities as he/she may supervise and evaluate full time direct reports as well as the activities of graduate student assistants. The successful candidate must be self-directed, have an interdisciplinary approach to problem solving, and work well communicating technical information to technical and non-technical users. The candidate must also be able to interact with clients and staff of all levels in a highly professional and competent manner.

 

Minimum Qualifications and Requirements:

Education/Training:  Bachelor’s degree in Computer Science, Information Science, or related discipline with three (3) years applicable working experience in information technology, Master’s degree in Computer Science, Information Science, or related discipline with one (1) years of applicable working experience in information technology, or equivalent combination of training or experience.

Experience: Successful candidates must possess "hands-on" experience with Computer/Network Security and I.T. system and network administration. Additionally, he/she must have practical experience with Windows server and desktop platforms and Linux/Unix operating systems. The candidate must have experience in network design and troubleshooting and implementing standard networking protocols. Additionally, demonstrated practical experience working with common commercial and open-source cyber security tools is required. The candidate should have some experience teaching technical content to students, peers, and non-technical individuals and must enjoy doing so.

Skills/Abilities: Candidate must be able to prioritize workload and complete deliverables on time, have good technical problem-solving skills, strong analytical and information organization skills, excellent oral and written communication skills, and strong technical teaching skills. Candidate must be able to multitask and work effectively with multiple project teams and sponsors/customers. Experience with virtualization technologies, particularly VMWare ESX server is highly desired. Programming experience in C, C++, C#, Python, and Java is also highly desirable.

Physical Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites.

Environmental Conditions: Close contact with computer for long periods of time.

Mental: Ability to pay close attention to detail, meet deadlines, work under pressure, and communicate effectively.

Other:  Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training: BS and MS in Computer Science; training in enterprise security tools (i.e. McAfee ePO/HIPS, ArcSight, etc.)

Licenses: CISSP, Network+, Security+ and/or other industry standard certifications

Experience: US military service in a series of positions involving information technology, cyber security, and management of large scale government networks.

Skills/Abilities: Strong presentation/platform skills and excellent writing skills.

 

Accountability:  The incumbent is accountable for the definition, creation, and maintenance of final deliverables and products and may manage unclassified/classified DoD projects in excess of $3M annually.

Direction:  The incumbent is expected to act independently using CMU and SEI defined policies, practices, and procedures.

Decisions: The incumbent must use good judgment to solve customer and personnel problems and is required to envision, design, develop, pilot, and deliver new capabilities, products, and services.  Candidate will also be required to accurately represent SEI/CERT and its technical work in interactions with customers, sponsors, and the public.

Supervisory Responsibilities:  The incumbent may have at least 2 direct reports as well as up to 15 secondary reports and will be required to provide performance management, career guidance, and take personnel corrective actions as required.

 

Job Functions or Responsibilities:

10%      Design and develop technical documents and instructional materials.

10%      Research, evaluate, develop, install/configure hardware and software including promising new technologies that require examination for cyber security research and development.

10%      Deliver technical and management training to customers.

55%      Mentor, guide and interact with team and other staff.

15%      Contribute to transition planning and strategy.

100% TOTAL EFFORT

 

Organizational Chart: Director, CERT Division < Technical Director, Cyber Security Solutions Directorate < Technical Manager, Cyber Workforce Development Initiative < Cyber Workforce Development Team Lead < Cyber Security Engineer - Exercise Developer

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

02 May
2016
Instructional Designer/Developer - 2003010
Pittsburgh, PA

Position Summary: This position reports to the manager of the eLearning Team in the OCOS/Transitions Services area of the Software Engineering Institute (SEI).  The Instructional Developer position is responsible for the design, development, implementation and maintenance of SEI eLearning training content that is hosted in multiple learning management platforms. 

The individual must have experience applying instructional design methodology and techniques necessary to the development of effective online training and the technical skill required to implement course content.

The Instructional Developer works closely with Subject Matter Experts within the SEI, as directed by the eLearning Team manager. The candidate must have excellent interpersonal, communication and organizational skills and be able to work both independently and as part of a team in a fast-pasted, global environment.

Major duties include designing and developing clear and engaging educational materials that effectively meet the training needs of our learners, in accordance with the SEI’s mission to transition new technology. Collaborating with subject matter experts within the Institute the Instructional Developer must translate complex information and concepts into easy-to-understand learning materials that are technically accurate and culturally appropriate.The Instructional Developer participates in all aspects of training development including the definition of learning outcomes, organization of content, and creation of materials, including the following:

  • Develop online training content using Storyline©, Camtasia©, SnagIt©, and other content authoring applications as needed.
  • Develop learning assessments and online examinations.
  • Develop alternate assets to accommodate accessibility needs.
  • Test online products for conformance to SEI eLearning quality standards.
  • Maintain a library/repository of educational assets and developed training products.

This position works closely with Transition Services learning management systems administrators and course administrators to assist with online learner support as needed; trains new developers/implementers in SEI content implementation; may lead and direct the work of others on project teams as assigned by eLearning Team manager.

 

Minimum Qualifications and Requirements:

Education/Training: Bachelor’s degree in the area of Instructional Design, Education Technology or related field; and recent training in eLearning design and development.

Experience:  One to three (1-3) years’ experience developing asynchronous training content employing audio and video elements; designing live-online training; working with learning management systems/student recordkeeping systems.

Skills/Abilities: Comprehensive knowledge of competency based instructional techniques applicable to web-based and instructor-led online learning programs; strong eLearning design/storyboarding experience; ability to collaborate with subject matter experts and represent learner needs; excellent verbal, written and interpersonal communication skills; strong writing, editing and visual design skills; project planning and time management skills essential for managing multiple complex projects and deadlines; enterprising, diplomatic and proactive problem solver; ability to meet deadlines and function successfully in a stressful, competitive environment.

Software Skills: Proficient in Storyline© and Camtasia©, or equivalent authoring tools; experienced with audio, video, and screen capture tools; proficient in Microsoft suite particularly Word and PowerPoint; knowledge of HTML5 a plus.

Mobility:  Usually sedentary but requires some travel between offices and outside of the University.

Environmental Conditions:  Work is usually performed in an office setting.  There may be close contact with a computer for long periods of time.

Mental:   Ability to pay close attention to detail, use problem solving skills, critically evaluate work product, meet inflexible deadlines, remain calm during difficult situation, work under pressure, work with frequent interruptions, and communicate effectively with others.

Other:  Evening and weekend hours may occasionally be required depending on deadlines.  Travel within the United States and outside of the United States may occasionally be necessary depending up customer needs.  Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training:  Masters Degree in Education, Instructional Design, Communications, or related area.

Experience:  Five (5) years of prior experience in developing and facilitating synchronous online instruction.

Skills/Abilities: Proficiency in HTML5; experience with video editing and production.

Mental:  Ability to work effectively with minimal supervision.

 

Accountability: Manages project assignments to meet the SEI, Carnegie Mellon, and internal and external customer requirements for SEI eLearning education and training products.  Works with SEI Subject Matter Experts as directed by the manager of the eLearning Team.  Focuses on the design and development of SEI online training products and product components in order to expand SEI eLearning product offerings and enhance the quality of SEI training supporting the status of the SEI as a provider of choice for continuing professional development. Responsible for acting in the best interest of the SEI when interacting with eLearning vendors, outside Subject Matter Experts, SEI Partners, and learners. Responsible for product testing and maintenance to insure product quality consistent with SEI quality standards.

Direction: Reports directly to the eLearning Team manager. Performs under minimal supervision.  All normal duties and responsibilities are handled independently.  Only the most difficult or unique situations are referred to the supervisor.  Represents Transition Services and SEI training customer interests on cross-functional project teams. Independently documents work processes and recommends best practices for adoption.

Decisions: Decides on the priority and scheduling of work based upon eLearning Team targeted release dates. Decides on how to implement product components given design requirements. Decides on product quality acceptability for release.

Supervisory Responsibilities: May have responsibility for distributing work and supervising others on cross-functional project teams; may oversee work processes and products in order to ensure that projects are completed according to specification, on time and within budget.

 

Job Functions or Responsibilities:

25%     Design online, web-based training components in collaboration with SEI Subject Matter Experts.  Work with SEI technical programs to create new SEI eLearning products including courses, job aids, study guides, online assessments and exams, and executive overviews.

50%     Develop training components of SEI eLearning products using Storyline©, Camtasia©, and other content authoring software applications as needed. Test developed products for quality consistent with SEI eLearning product standards, and maintain a repository of training assets.

10%     Consult with SEI technical programs on potential eLearning product development based upon potential reuse of existing artifacts.

10%     Monitor and insure the quality of SEI eLearning training products.

5%       Determine and document SEI eLearning design and development best practices.

100% TOTAL EFFORT

 

Organizational Chart: Manager, Transition Services, Manager, eLearning Team, Instructional Designer and Developer

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

 

02 May
2016
User Services Consultant - 2003012
Pittsburgh, PA

Position Summary: The Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University, seeks a highly motivated and technically skilled individual to join the User Services staff within its Information Technology department. This position is responsible for providing advanced tier-one technical support and help desk services within the SEI including Windows, Mac and Linux operating systems.  Desirable candidates will be able to demonstrate excellent customer service skills as well as possess the ability to troubleshoot a wide variety of technical issues.

Duties of this position include diagnosing, troubleshooting and providing solutions for technical user problems. Must also be able to install, configure and troubleshoot system and application software including email clients, office applications, and approved customer related requests.  Areas of support include, but are not limited to Windows, Linux, Macs, mobile phones, tablets, audio and video teleconferencing, account management, printing and networking and a wide variety of technical issues that deal with the hardware and software.

 

Minimum Qualifications and Requirements:

Education/Training:  Associates degree in a technical field or equivalent.

Experience:  

  • 0 - 1 year of related experience with Help Desk and end user support.
  • Working knowledge of computer operating systems and common tools including networking, email clients, and web browsers.

Skills/Abilities:

  • Excellent troubleshooting, problem solving, interpersonal, and reasoning skills.
  • Excellent oral and written communication skills.
  • Ability to work remotely on After Hours coverage.
  • Ability to organize work in order to meet deadlines and user demands.
  • Ability to understand and follow directions.
  • Ability to interact well with customers with varying needs from government, business, and education spectrums.
  • Ability to assess support issues and either resolve or escalate to the appropriate resource for resolution.
  • Ability to communicate with users, including insuring that the user understands what the incumbent has communicated.
  • Being able to use our online tracking Service Desk System to track and document incidents and requests is required.

Mobility:

  • Able to sit for extended periods.
  • Able to move between office locations in Pittsburgh, (if needed) on a rotational basis.

Environmental Conditions:

  • Close contact with a monitor for prolonged periods.

Mental:                      

  • Ability to work well under pressure.
  • Ability to pay attention to detail.
  • Ability to meet inflexible deadlines.
  • Ability to deal with difficult individuals while maintaining composure.

Other:

  • Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.
  • Expected to perform under minimum supervision. Most duties and responsibilities are handled independently with the use of established procedures and policies; only the most difficult or unique situations are referred to the manager.

 

Preferred Qualifications and Requirements:

Education/Training:

  • Bachelor's degree in Computer Science, Information Systems or related field or equivalent combination of training and experience.

Licenses:

  • Certifications from CompTIA A+, CompTIA Networking+, CompTIA Security+.

Skills/Abilities: 

  • Ability to create, develop and maintain documentation and training materials.
  • Ability to assist users by consulting on how to apply new technology to perform their job more efficiently.
  • Ability to handle new user training as needed.
  • Ability to answer help desk phone as needed.
  • Ability to work with other members of SEI Information Technology staff to resolve user problems and provide consistent and reliable help desk services.

 

Accountability: The individual is expect to provide excellent customer service while providing a solution that meets the users’ needs or coming up with alternatives for the user that adhere to the policies set forth by I.T.

Direction: This individual is expected to perform under minimum supervision. Most duties and responsibilities are handled independently with the use of established procedures and policies. Only the most difficult or unique situations are referred to the manager.

Decisions: The individual will need to assess a wide variety of support issues and either resolve them or escalate them to the appropriate resource for resolution. 

Supervisory Responsibilities: The individual will need to determine how work should be distributed among other IT staff members.  This position could involve the training and oversight of student workers, resident affiliates, visiting scientists and independent contractors.

 

Job Functions Or Responsibilities:

40%     Directly responds to and resolves user problems. Consults with users on best use of applications and how to’s.

20%     Trains users in system, network or software capabilities and functions. Training can be one-on-one or in a classroom setting. Assists in developing user documentation.

10%     Installs software. Assists in product evaluations and makes recommendations for software purchases.

10%     Updates skills as needed.  Researches new technology to evaluate its use in the SEI computing environment or IT’s.

10%     Account administration

SECONDARY FUNCTIONS

10%     Other duties as assigned, including meetings, providing additional help desk coverage as needed.

100% TOTAL EFFORT

 

Organizational Chart: IT Director < User Services and Hardware Support Manager < User Services Consultant.

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

21 Apr
2016
Data Integration Analyst - 2002940
Pittsburgh, PA or Arlington, VA

Position Summary: The CERT Threat Analysis (TA) group is part of the CERT Program in the Software Engineering Institute.  This technical area:

  • Analyzes, reverse engineers, and finds relationships between malicious code.
  • Identifies and studies actors, threats, and vulnerabilities to form cyber intelligence.
  • Builds organic capability in USG operational organizations, and participates in the broader security community.

Within the group, the Data Integration Analyst manages the technical aspects of operationalizing the tools and techniques of the directorate.  This operational capability accelerates the discovery and transition of actionable data to the analysis community.  The team is responsible for the collection, storage, and aggregation of data sources.  They additionally work in concert with analysis to streamline automated analysis.

 

Minimum Qualifications and Requirements:

Education/Training:  BS in a scientific or technical field with eight (8) years’ experience; MS in a scientific or technical field with five (5) years’ experience.

Experience: Experience listed above should include some work in operational security or incident response; software development or analysis. Experience in an operational environment and systems deployment.

Skills/Abilities:

  • File system deployment and operations
  • Relational database systems
  • Virtualization and Container technologies
  • System automation with a scripting language ie: BASH, Python, Perl, Ruby
  • Application development in one of following: JavaScript, JAVA, Python
  • Parallel and distributed computing environments
  • DevOps tools and methodologies
  • Integrated change management
  • Integrated configuration management
  • System monitoring
  • Internet protocols, operations, and governance

Mobility: Primarily sedentary in an office setting with some mobility.  Requires travel to various domestic locations within the SEI and CMU community to include the SEI DC office; sponsor sites; conferences; and offsite meetings with routine frequency (2-3 trips a month).

Environmental Conditions:  Normal office conditions; close contact with computer display for extended periods of time.

Mental:  The ability to:

  • envision operational application of fundamental and applied research ideas;
  • elicit technical requirements and direct capability development based on collaboration with executive, non-technical, or domain-expert stakeholders;
  • communicate complex designs or plans to executive staff, sponsors, project managers and technical staff in clear concise language tailored to the audience;
  • meet deadlines while working on multiple tasks often with shifting priorities; and
  • deal collaboratively and successfully with customers, co-workers and other professional colleagues, managers, and staff.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training: PhD in a related technical field with two (2) years’ experience.

Skills/Abilities: 

  • Big Data platforms (Hadoop, HBASE)
  • Virtualization and Container technologies
  • Parallel and distributed computing environments
  • Current challenges and threats faced by USG intelligence, defense, law enforcement, and civilian organizations
  • Knowledge of USG organizational policies and missions areas/owners in cyber security

 

Accountability: The individual is accountable for the definition, creation, operations of data inject and archival and analysis systems.  

Direction: The individual in this position is expected to act autonomously using CMU and SEI defined policies, practices, and procedures.  Additionally, this position will define those set for TA and influence those set for CERT.

Decisions: The individual must make sound technical decisions with little supervision. The individual must accurately represent the program in interactions with customers and sponsors.

Supervisory Responsibilities: This position could involve the training and oversight of the work of other staff members, graduate students, and independent contractors.

 

Job Functions or Responsibilities:

30%     Manages the data integration platform to including hardware and software assets.

35%     Provides mentoring to and monitors the success of team members in meeting operational goals.

35%     Evaluates and selects technology to support the analytic mission of the directorate.

100% TOTAL EFFORT

 

Organizational Chart:  CERT Program Director < Threat Analysis (TA) Technical Director < Malware Analysis Technical Manager < Data Integration Analyst.

                     

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

                                                                                        

21 Apr
2016
Data Integration Analyst - 2002942
Pittsburgh, PA or Arlington, VA

Position Summary:  The CERT Threat Analysis (TA) group is part of the CERT Program in the Software Engineering Institute.  This technical area:

  • Analyzes, reverse engineers, and finds relationships between malicious code.
  • Identifies and studies actors, threats, and vulnerabilities to form cyber intelligence.
  • Builds organic capability in USG operational organizations, and participates in the broader security community.

Within the group, the Data Integration Analyst manages the technical aspects of operationalizing the tools and techniques of the directorate.  This operational capability accelerates the discovery and transition of actionable data to the analysis community.  The team is responsible for the collection, storage, and aggregation of data sources.  They additionally work in concert with analysis to streamline automated analysis.

 

Minimum Qualifications and Requirements:

Education/Training:  BS in a scientific or technical field with three (3) years experience; MS in a scientific or technical field with one (1) year experience.

Experience: Experience listed above should include some work in operational security or incident response; software development or analysis. Experience in an operational environment and systems deployment.

Skills/Abilities:

  • File system deployment and operations.
  • Relational database systems.
  • Virtualization and Container technologies.
  • System automation with a scripting language ie: BASH, Python, Perl, Ruby.
  • DevOps tools and methodologies.
  • Integrated change management.
  • Integrated configuration management.
  • System monitoring.
  • Internet protocols, operations, and governance.

Mobility: Primarily sedentary in an office setting with some mobility.  Requires travel to various domestic locations within the SEI and CMU community to include the SEI DC office; sponsor sites; conferences; and offsite meetings with routine frequency (2-3 trips a month).

Environmental Conditions:  Normal office conditions; close contact with computer display for extended periods of time.

Mental:  The ability to:

  • envision operational application of fundamental and applied research ideas;
  • elicit technical requirements and direct capability development based on collaboration with executive, non-technical, or domain-expert stakeholders;
  • communicate complex designs or plans to executive staff, sponsors, project managers and technical staff in clear concise language tailored to the audience;
  • meet deadlines while working on multiple tasks often with shifting priorities; and
  • deal collaboratively and successfully with customers, co-workers and other professional colleagues, managers, and staff.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Skills/Abilities: 

  • Big Data platforms (Hadoop, HBASE)
  • Virtualization and Container technologies
  • Parallel and distributed computing environments
  • Current challenges and threats faced by USG intelligence, defense, law enforcement, and civilian organizations
  • Knowledge of USG organizational policies and missions areas/owners in cyber security

 

Accountability: The individual is accountable for the definition, creation, operations of data inject and archival and analysis systems.  

Direction: The individual in this position is expected to act autonomously using CMU and SEI defined policies, practices, and procedures.  Additionally, this position will define those set for TA and influence those set for CERT.

Decisions: The individual must make sound technical decisions with little supervision. The individual must accurately represent the program in interactions with customers and sponsors.

Supervisory Responsibilities: This position could involve the training and oversight of the work of other staff members, graduate students, and independent contractors.

 

Job Functions or Responsibilities:

30%     Manages the data integration platform to including hardware and software assets.

35%     Provides mentoring to and monitors the success of team members in meeting operational goals.

35%     Evaluates and selects technology to support the analytic mission of the directorate.

100% TOTAL EFFORT

 

Organizational Chart:  CERT Program Director < Threat Analysis (TA) Technical Director < Malware Analysis Technical Manager < Data Integration Analyst.

                     

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

 

21 Apr
2016
Project Manager - 2002939
Arlington, VA

Position Summary:  The CERT Division is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Division engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems. 

A CERT Project Manager is a member of the CERT Delivery Management team that guides the development and execution of technical projects throughout the lifecycle.  The successful candidate will work closely with PMO Manager to plan and establish organizational project management processes to achieve needs of different departments.  The candidate will: develop project management processes and create improvement plans to meet business and project needs, perform administrative and PM duties, and be responsible for the management and completion of projects.  Activities will include oversight of all aspects of projects, setting deadlines, assigning responsibilities, monitoring progress, and producing reports for management.

Responsibilities:

  • Process Development & Continuous Improvement
    • Develop a systematic management approach for projects in alignment with the organization’s strategic business goals
    • Improve consistency in project management across the organization to promote collaboration and mobility
    • Increase collaboration, ease administration, and align with customer needs
    • Use feedback, direct experience, and new opportunities to improve and expand the capabilities of the project management office
  • Project Management
    • Lead team in creating and estimating a product backlog
    • Develop WBS, prioritize tasks, and setup sprints
    • Understand and communicate cost and schedule constraints to team
    • Work with teams to produce cost estimates, schedules, and financial reporting artifacts
    • Assist in managing the activities of non-organic employees and subcontractors who serve on the project team to ensure completion and acceptance of deliverables
    • Inform and capture resource allocation decisions for competing priorities across the organization
    • Assemble project plans and, in conjunction with the technical lead, direct and monitor the work
    • Resolve or escalate risks related to cost, quality, and schedule
    • Responsible for reporting progress, status, and issues to CERT management and government program managers.
  • Project Tools Administrator
    • Use Atlassian tool suite, specifically Confluence and JIRA for managing project information
    • Develop Kanban boards, Sprint Reports, Epic Reports, and Velocity Charts
    • Create Business Intelligence Reports (SQL)

 

Minimum Qualifications and Requirements:

Education/Training:   MBA or MS in Computer Science, Software Engineering, Information Systems or related field; or combination of training and experience.

Certifications (minimum):   PMI certification, Certified Scrum Master, or equivalent.

Certifications (preferred): PMI-ACP, Certified Scrum Professional, CISM, and CISSP.

Experience:  Designing, developing, or implementing information technology projects for government clients; exceptional interpersonal and technical writing skills; developing organizational project management processes and tools infrastructure. Candidate should have five to eight (5-8) years of project management experience with customer-focused technology projects such as product or service development, research and development or technical transition.

Skills/Abilities:   Working knowledge of Confluence and JIRA; analytical and technical problem-solving skills; possess strong customer service skills; motivated to tackle challenging problems; excellent organizational skills; communicate effectively within a team environment.

Physical Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI and Carnegie Mellon community, customer sites, conferences, and offsite meetings with some frequency.

Environmental Conditions:  Normal office conditions, close contact with computer for prolonged periods of time.

Mental: Ability to work under pressure and changing priorities; pay attention to detail; meet inflexible deadlines; deal with difficult individuals while maintaining composure.

Other:   Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.  Applicants must be willing to travel to the offices in Pittsburgh, PA; Arlington, VA; and customer sites in the Washington D.C. / Northern Virginia metro area. Candidate will be required to travel on overnight assignments.

 

Accountability: The Individual is accountable for: accurately capturing project requirements and managing projects through the lifecycle; working closely with technical project leads and CERT/SEI financial managers to ensure projects are accurately represented, managed and controlled.

Direction:  Performs under minimal supervision, independent judgment is encouraged.  Most normal duties and responsibilities are handled independently with the use of established procedures and policies.  Difficult or unique situations are referred to the supervisor.

Decisions:  Accurately represents the program and individual projects in interactions with internal branches, customers and sponsors.  The individual is expected to participate in the decision-making and problem-solving processes surrounding building accurate project plans, understanding the SEI financial system and making CERT decisions regarding effort allocations, sub-contract negotiations and purchasing.

Supervisory Responsibilities:  This position may include supervision of one of more Project Administrators.

 

Job Functions and Responsibilities:

40%     Project Manager, Scrum Master, Agile Facilitator.

20%     Process development and continuous improvement.

20%     Financial & Customer Management.

10%     Contributing to and participating in business development, CERT management, and sponsor meetings.

10%     Develop knowledge and understanding of SEI capabilities; learning how SEI capabilities can be applied to customer problems.

100%      TOTAL EFFORT

 

Organizational Chart:  CERT Director < Associate Director < PMO Manager

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

19 Apr
2016
Computer Security Information Analyst - 2002910
Arlington, VA

Position Summary: This position is with the CERT Division of the Software Engineering Institute (SEI), a federally funded research and development center (FFRDC) operated by Carnegie Mellon University. CERT is world renowned for excellence in neutral, unbiased expert analysis and opinion on technical issues involving cyber security, and has played a key role in internet security since 1988. The location for the position will be at or near the SEI office in Arlington Virginia.

This position is highly technical, and will involve working with the Department of Homeland Security (DHS), Critical Infrastructure and Key Resources (CIKR) entities, and other organizations to build effective information sharing and analysis capabilities to better protect national security interests from computer security threats.

Role: As a Computer Security Information Analyst, your work will contribute in a significant way towards the achievement of national level objectives to increase the quality, impact, and timeliness of cybersecurity information sharing between US Government and the private sector. You will work closely with cyber security analysts in the public and private sectors to support information sharing, risk management, incident analysis, and response activities. You will often collaborate with these entities to analyze incident and threat information, develop technical mitigations, and produce reporting to disseminate this information to designated stakeholders. You will also work with mature critical owner/operators and government stakeholders to develop models for sector-wide cybersecurity information sharing and analysis capabilities.

In addition, you will have an opportunity to explore new and innovative ways in which SEI's technical competencies and capabilities can be applied to current and future technical challenges faced by the constituency. This includes, but is not limited to areas such as malicious code, vulnerability, network traffic, and incident analysis.

Responsibilities:

  • Contribute to advancing the impact and effectiveness of the DHS Cyber Information Sharing and Collaboration (CISCP) program.
  • Contribute to the plan for secure automated sharing of cybersecurity threat information.
  • Continually improve the tools, processes, and systems utilized within DHS and the community.
  • Develop materials to mentor both public and private sector stakeholders.
  • Mentor others in conducting effective analysis and objectives of information sharing.
  • Maintain cooperative relationships with sponsors and collaborators, and assist them in strengthening their analysis and cyber defense capabilities, providing on-site support as necessary.
  • Participate in stakeholder analyst-to-analyst feedback processes to understand the needs of the constituency.
  • Foster collaboration and information sharing amongst entities within the community.
  • Engage critical infrastructure stakeholders to identify their requirements for participation in cyber information sharing and collaboration programs with DHS and help the DHS leads to meet these requirements.
  • Participate in conferences and workshops where security-related issues are discussed as required.
  • Maintain awareness of the national level policies, legislation, and executive orders that impact cybersecurity information sharing.
  • Provide SEI and DHS leadership with situational awareness of team strategic projects, and respond appropriately to changing priorities or requirements.
  • Explore new ways to leverage and apply SEI's expertise to protect critical infrastructure and other national security interests.

 

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science, Information Science, Information Systems Management, or a related field with eight (8) years applicable experience.

Experience: Candidate should have computer security engineering, incident handling and threat analysis experience, and be able to demonstrate knowledge in the following areas:

  • Knowledge of methods employed by intruders to attack systems and networks, and common mitigation methodologies.
  • Understanding of security vulnerabilities and the impact that they can have on information systems.
  • Understanding of TCP/IP networking, and Windows and Unix/Linux environments.
  • Understanding of how to read and interpret malware analysis reports. 
  • Identification and analysis of actionable computer security information.
  • Developing technical threat intelligence reports and conducting research using multiple data sources.
  • Understanding and managing risk in large enterprise infrastructures.
  • Understanding of processes for administering, maintaining, and securing a computer network.
  • Developing materials for senior leadership in government or industry.
  • Developing strategies to defend systems and networks from attacks.
  • Theoretical underpinnings of computer security.

Skills/Abilities: Successful candidates will:

  • Be skilled in communicating complex technical issues to technical and non-technical audiences via both verbal and written communications.
  • Be able to identify areas for program improvements, prototype solutions, and communicate requirements.
  • Have a strong interest in and knowledge of network and computer security issues.
  • Understand commonly utilized network communications protocols.
  • Possess excellent analytical, problem solving, and organizational skills.
  • Be motivated to tackle challenging problems.
  • Have excellent organizational skills and be able to effectively prioritize work.
  • Be able to work meticulously with careful attention to detail.
  • Recognize and deal appropriately with confidential and sensitive information.
  • Ability to communicate effectively in a team environment with other team members with varying skillsets and competencies.
  • Be able to make decisions independently and in a self-directed manner in support of the goals of the team and organization.
  • Possess strong customer service skills.

Physical Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI and Carnegie Mellon community, customer sites, conferences, and offsite meetings with some frequency.

Environmental Conditions:  Normal office conditions, close contact with computer for prolonged periods of time.

Mental: Ability to work under pressure and changing priorities; pay attention to detail; meet inflexible deadlines; deal with difficult individuals while maintaining composure.     

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance. Candidate must be able to work full-time at a customer site in the Washington D.C. / Northern Virginia metro area. Candidate will occasionally be required to travel on overnight assignments.

 

Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science, Information Science, Information Systems Management with five (5) years applicable experience or Ph.D. in Computer Science, Information Science, Information Systems Management with two (2) years applicable experience.

Licenses: Information systems, information security, incident response and analysis, and other similar certifications are desired (e.g., CISSP, CISM, CEH, GSEC, and similar)

Experience: Ideal candidates will have advanced knowledge of areas expressed above in “minimum requirements” as well as experience or substantial knowledge in many of the following additional areas:

  • Experience in security aspects of system and/or network administration in a U.S. government agency or contractor environment and/or experience as a cyber (technical) analyst in a computer network defense, intelligence, counterintelligence or law enforcement role.
  • Experience developing and implementing CONOPs, information security policies and standard operating procedures.
  • Advanced understanding of security vulnerabilities and cyber adversary TTPs.
  • Advanced malware, forensic, or digital media analysis experience.
  • Extensive incident response experience.

 

Accountability:  Contributes to program objectives and plans development.  Accountable for meeting established deadlines and project milestones with a commitment to decisions that have been made. Maintains confidentiality of sensitive information such as security and vulnerability information.

Direction: Performs under minimal supervision, independent judgment is encouraged.  Most normal duties and responsibilities are handled independently with limited guidance from team lead. Ability to work at a customer location with minimal direct supervision from direct supervisor.

Decisions: Has input to decisions involving project scope, objectives, deliverables, expectations, schedule, and resources, while considering multiple factors (e.g., technical, ethical, resources, legal, political, reputation, environment, customer & community impact). Must accurately analyze data from multiple sources, generate defensible results, and represent them in reporting products and interactions with customers, sponsors, and the public.

Supervisory Responsibilities: This position has no supervisory responsibilities.

 

Job Functions or Responsibilities:

65%     Perform duties as a technical cyber analyst and technical liaison. Review, analyze and correlate threat data from various sources. Create innovative reporting products based on available information and capabilities. Produce standardized reports, metrics, threat, activity, and mitigation information products. Mentor others in conducting effective analysis, and develop standardized processes for performing analysis.  Manage projects, including production of standardized reports, metrics, project status, and other reports as required. Deliver reports, briefings, and assessments to leadership, facilitating understanding of cyber threat entities and environments. Coordinate and collaborate on cyber threat tracking with partner and counterpart organizations. Deliver reports, briefings, and assessments to leadership, facilitating understanding of cyber threat entities and environments. Support information assurance and cyber threat mitigation decision-making.

15%     Work to build collaborative relationships and foster information sharing among partner entities in the interest of improving cyber situational awareness and response capabilities.

15%     Work directly with SEI staff supporting the community with incident, vulnerability, network, or malicious code analysis work.

5%       Develop knowledge and understanding of SEI capabilities; learning how SEI capabilities can be applied to customer problems. Develop knowledge and understanding of the function of FFRDCs, operating in the public interest and serving as trusted advisers to our government sponsors.

100 % Total Effort

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

 

19 Apr
2016
Senior Computer Security Information Analyst - 2002911
Arlington, VA

Position Summary: This position is with the CERT Division of the Software Engineering Institute (SEI), a federally funded research and development center (FFRDC) operated by Carnegie Mellon University. CERT is world renowned for excellence in neutral, unbiased expert analysis and opinion on technical issues involving cyber security, and has played a key role in internet security since 1988. The location for the position will be at or near the SEI office in Arlington Virginia.

This position is highly technical, and will involve working with the Department of Homeland Security (DHS), Critical Infrastructure and Key Resources (CIKR) entities, and other organizations to build effective information sharing and analysis capabilities to better protect national security interests from computer security threats.

Role: As a Senior Computer Security Information Analyst, your work will contribute in a significant way towards the achievement of national level objectives to increase the quality, impact, and timeliness of cybersecurity information sharing between US Government and the private sector. You will work closely with cyber security analysts in the public and private sectors to support information sharing, risk management, incident analysis, and response activities. You will often collaborate with these entities to analyze incident and threat information, develop technical mitigations, and produce reporting to disseminate this information to designated stakeholders. You will also work with mature critical owner/operators and government stakeholders to develop models for sector-wide cybersecurity information sharing and analysis capabilities.

In addition, you will have an opportunity to explore new and innovative ways in which SEI's technical competencies and capabilities can be applied to current and future technical challenges faced by the constituency. This includes, but is not limited to areas such as malicious code, vulnerability, network traffic, and incident analysis.

Responsibilities:

  • Contribute to advancing the impact and effectiveness of the DHS Cyber Information Sharing and Collaboration (CISCP) program.
  • Contribute to the plan for secure automated sharing of cybersecurity threat information.
  • Continually improve the tools, processes, and systems utilized within DHS and the community.
  • Develop materials to mentor both public and private sector stakeholders.
  • Mentor others in conducting effective analysis and objectives of information sharing.
  • Maintain cooperative relationships with sponsors and collaborators, and assist them in strengthening their analysis and cyber defense capabilities, providing on-site support as necessary.
  • Participate in stakeholder analyst-to-analyst feedback processes to understand the needs of the constituency.
  • Foster collaboration and information sharing amongst entities within the community.
  • Engage critical infrastructure stakeholders to identify their requirements for participation in cyber information sharing and collaboration programs with DHS and help the DHS leads to meet these requirements.
  • Participate in conferences and workshops where security-related issues are discussed as required.
  • Maintain awareness of the national level policies, legislation, and executive orders that impact cybersecurity information sharing.
  • Provide SEI and DHS leadership with situational awareness of team strategic projects, and respond appropriately to changing priorities or requirements.
  • Explore new ways to leverage and apply SEI's expertise to protect critical infrastructure and other national security interests.

 

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science, Information Science, Information Systems Management, or a related field with ten (10) years applicable experience.

Experience: Candidate should have advanced computer security engineering, incident handling and threat analysis experience, and be able to demonstrate knowledge in the following areas:

  • Knowledge of methods employed by intruders to attack systems and networks, and common mitigation methodologies.
  • Understanding of security vulnerabilities and the impact that they can have on information systems.
  • Understanding of TCP/IP networking, and Windows and Unix/Linux environments.
  • Understanding of how to read and interpret malware analysis reports. 
  • Identification and analysis of actionable computer security information.
  • Developing technical threat intelligence reports and conducting research using multiple data sources.
  • Understanding and managing risk in large enterprise infrastructures.
  • Understanding of processes for administering, maintaining, and securing a computer network.
  • Developing materials for senior leadership in government or industry.
  • Developing strategies to defend systems and networks from attacks.
  • Theoretical underpinnings of computer security.

Skills/Abilities: Successful candidates will:

  • Be skilled in communicating complex technical issues to technical and non-technical audiences via both verbal and written communications.
  • Be able to identify areas for program improvements, prototype solutions, and communicate requirements.
  • Have a strong interest in and knowledge of network and computer security issues.
  • Understand commonly utilized network communications protocols.
  • Possess excellent analytical, problem solving, and organizational skills.
  • Be motivated to tackle challenging problems.
  • Have excellent organizational skills and be able to effectively prioritize work.
  • Be able to work meticulously with careful attention to detail.
  • Recognize and deal appropriately with confidential and sensitive information.
  • Ability to communicate effectively in a team environment with other team members with varying skillsets and competencies.
  • Be able to make decisions independently and in a self-directed manner in support of the goals of the team and organization.
  • Possess strong customer service skills.

Physical Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI and Carnegie Mellon community, customer sites, conferences, and offsite meetings with some frequency.

Environmental Conditions:  Normal office conditions, close contact with computer for prolonged periods of time.

Mental: Ability to work under pressure and changing priorities; pay attention to detail; meet inflexible deadlines; deal with difficult individuals while maintaining composure.     

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance. Candidate must be able to work full-time at a customer site in the Washington D.C. / Northern Virginia metro area. Candidate will occasionally be required to travel on overnight assignments.

 

Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science, Information Science, Information Systems Management with eight (8) years applicable experience or Ph.D. in Computer Science, Information Science, Information Systems Management with five (5) years applicable experience.

Licenses: Information systems, information security, incident response and analysis, and other similar certifications are desired (e.g., CISSP, CISM, CEH, GSEC, and similar).

Experience: Ideal candidates will have advanced knowledge of areas expressed above in “minimum requirements” as well as experience or substantial knowledge in many of the following additional areas:

  • Experience in security aspects of system and/or network administration in a U.S. government agency or contractor environment and/or experience as a cyber (technical) analyst in a computer network defense, intelligence, counterintelligence or law enforcement role.
  • Experience developing and implementing CONOPs, information security policies and standard operating procedures.
  • Advanced understanding of security vulnerabilities and cyber adversary TTPs.
  • Advanced malware, forensic, or digital media analysis experience.
  • Extensive incident response experience.

 

Accountability: Contributes to program objectives and plans development.  Accountable for meeting established deadlines and project milestones with a commitment to decisions that have been made. Maintains confidentiality of sensitive information such as security and vulnerability information.

Direction: Performs under minimal supervision, independent judgment is encouraged.  Most normal duties and responsibilities are handled independently with limited guidance from senior management. Ability to work at a customer location with minimal direct supervision from direct supervisor.

Decisions: Has input or direct responsibility for decisions involving project scope, objectives, deliverables, expectations, schedule, and resources, while considering multiple factors (e.g., technical, ethical, resources, legal, political, reputation, environment, customer & community impact). Must accurately analyze data from multiple sources, generate defensible results, and represent them in reporting products and interactions with customers, sponsors, and the public.

Supervisory Responsibilities: This position has no formal supervisory responsibilities, however may function as a team leader for defined tasks and will provide feedback on the performance of the team to the Manager or Technical Director as requested.

 

Job Functions or Responsibilities:

65%     Perform duties as a technical cyber analyst and technical liaison. Review, analyze and correlate threat data from various sources. Create innovative reporting products based on available information and capabilities. Produce standardized reports, metrics, threat, activity, and mitigation information products. Mentor others in conducting effective analysis, and develop standardized processes for performing analysis.  Manage projects, including production of standardized reports, metrics, project status, and other reports as required. Deliver reports, briefings, and assessments to leadership, facilitating understanding of cyber threat entities and environments. Coordinate and collaborate on cyber threat tracking with partner and counterpart organizations. Deliver reports, briefings, and assessments to leadership, facilitating understanding of cyber threat entities and environments. Support information assurance and cyber threat mitigation decision-making.

15%     Work to build collaborative relationships and foster information sharing among partner entities in the interest of improving cyber situational awareness and response capabilities.

15% Work directly with SEI staff supporting the community with incident, vulnerability, network, or malicious code analysis work.

5% Develop knowledge and understanding of SEI capabilities; learning how SEI capabilities can be applied to customer problems. Develop knowledge and understanding of the function of FFRDCs, operating in the public interest and serving as trusted advisers to our government sponsors.

100 % Total Effort

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

 

31 Mar
2016
Associate Cyber Security Engineer - Insider Threat - 2002835
Pittsburgh, PA or Arlington, VA

Position Summary: The CERT Division is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Division engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.

The individual in this position will work as a member of the Enterprise Threat and Vulnerability Management (ETVM) team, which focuses on assisting organizations in improving their insider threat mitigation and incident management practices and developing capabilities for preventing, detecting, deterring, and responding to evolving insider threats. ETVM team members are domain experts in insider threat and incident response, and team capabilities include threat analysis and modeling; development of security metrics and assessment and evaluation methodologies; and creation and delivery of controls, training, courses, and workshops.  

The individual in this position will be a part of the Technical Solutions team within ETVM. The Technical Solutions Team is responsible for the creation, development, and management of novel cybersecurity solutions that support customer driven operational and research missions. The Technical Solutions Team interacts with US Government departments and agencies, industry representatives, contractors, academia and others to identify gaps in cybersecurity tools, techniques, and procedures; create prototype capabilities to fill the gaps, and transition the prototype solutions to customers and partner organizations. The team frequently communicates their work to the community by publishing technical reports and white papers, and presenting at conferences, symposia, and other working groups.

 

Minimum Qualifications and Requirements:

Education/Training: BS in computer science, software engineering, information systems, or a related technical field with three (3) years of experience or equivalent, or MS in computer science, software engineering, information systems, or a related technical field with one (1) year of experience or equivalent.

Experience: 

  • professional experience in software engineering or cyber security.
  • experience applying the engineering process to solve complex real-world challenges. 
  • experience using analytical skills and an ability to interpret established standards and guidelines to solve problems.

Skills/Abilities:

  • system administration and network administration skills and familiarity with Windows, UNIX, LINUX operating systems.
  • software development in at least two of the following languages: C, C++, Java, Perl, and Python.
  • knowledge of core Internet protocols (TCP/IP, UDP, ICMP, DNS, FTP, SMTP, HTTP, SNMP, etc.).
  • knowledge of modern version control systems and integrated development environments.
  • understanding of network design and implementation at LAN and WAN levels.
  • broad understanding and application of multi-tiered enterprise client/server architectures, design, implementation and security.
  • software / systems development lifecycle, QA, testing, build process, revision control, and change management practices.
  • proven ability to innovate, develop, implement, and effectively document complex technical systems and approaches.
  • proven ability to integrate multiple technologies, standards and data sources into a consolidated solution.
  • knowledge of common cyber attack methodologies; common types of security vulnerabilities; basic computer security forensics.
  • strong oral and written communications skills (e.g., technical writing, user guide development, requirements analysis) and ability to interact effectively with technical and non-technical audiences, as well as present in front of small and large groups; participate in external customer and sponsor meetings.
  • ability to travel to various locations within the SEI and CMU community, customer sites, and offsite meetings with weekly/monthly frequency to travel on overnight and on-site assignments; ability to work in varied and diverse situations requiring analytical, interpretative, evaluative and constructive thinking;
  • manage workload and priorities on multiple scheduled assessments;
  • able to function independently or in teams depending on the project;
  • work under pressure; deal with stress;
  • deal with challenging individuals while maintaining composure;
  • ability to exercise tact and discretion when handling highly sensitive and confidential issues;
  • maintain confidentiality while working with highly confidential and sensitive matters.
  • handle sensitive data according to project and/or USG data handling procedures.
  • ability to interpret and communicate information about government regulations and university policies.
  • quantitative and qualitative analytical skills.
  • ability to trouble shoot problems proactively and to answer questions and handle issues as they arise.
  • effective time management skills; and strong problem solving skills.

Environmental Conditions:  close contact with computer monitor for extended periods of time.

Other:  Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training:  MS in Computer Science with one (1) years applicable experience; Current Associate Certified Information System Security Profession (CISSP), IEEE Professional Software Engineering Master Certification, or similar certification is desired.

Experience: 

  • experience with software development and/or system administration in large-scale, distributed computing environments.
  • experience developing materials for senior leadership in government or industry.
  • experience interfacing with the DOD, US federal civilian government, intelligence community, or law enforcement.
  • experience working in a classified environment.

Skills/Abilities: 

  • data mining.
  • machine learning. 
  • text and natural language processing.
  • proven skills working in a team environment on collaborative projects in US government, critical infrastructure sectors involving network, system or data security.

 

Accountability: The individual will be accountable for meeting established deadlines and project milestones. The individual will also be accountable for managing sensitive, and possibly classified, customer information.

Direction: The individual is expected to act in accordance with direct supervision from management and senior staff, as well as follow CMU, SEI, and CERT defined policies, practices, and procedures, and to adhere to any additional sponsor-specified requirements related to the projects involved.

Decisions:The individual must make sound decisions, and demonstrate a commitment to those decisions. The individual must also be able to escalate out-of-scope problems to more experienced team members. The individual must accurately represent the program in interactions with external customers, sponsors, and the public.

Supervisory Responsibilities: The individual may be responsible for managing student interns.

 

Job Functions or Responsibilities:

60%     Develop, deploy, and transition technical solutions for insider threat prevention, detection, and response.

15%     Participate in research into cutting-edge strategies for insider threat data collection and analysis techniques.

10%     Design and develop training materials for insider threat program practitioners.

10%     Contribute to conferences and meetings; participate in marketing calls and technical exchanges with clients; give talks and lectures as appropriate; participate on working groups for subjects of interest.

5%       Provide assistance and input to other teams and projects within the SEI.

100% TOTAL EFFORT

 

Organizational Chart: CERT Program, Director < Risk and Resilience Directorate, Technical Director < Enterprise Threat & Vulnerability Management, Technical Manager < Technical Solutions, Technical Team Lead < Associate Cyber Security Engineer.

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

31 Mar
2016
Deputy Technical Director - 2002836
Pittsburgh, PA

Position Summary:  The individual in this position will work as the Deputy Technical Directors within CERT’s Response and Monitoring Directorate (RM).  This candidate will be responsible for assisting the RM Technical Director with the creation, development, funding, and management of a sustained research and technical agenda consistent with and directly supporting the US Department of Defense’s strategic challenges and emerging threats, as well as the ongoing operational and financial management of the RM Directorate.  Primary to this position, the Deputy Technical Director is the direct back-up for the Technical Director in the planning, implementation, and governance of all RM teams and personnel, and in the absence of the Technical Director, is able to assume responsibilities of the Technical Director as required.  In addition to supporting the Technical Director, Deputy Technical Directors are responsible for working with RM Technical Managers in developing and communicating a technical vision, developing tasking and budget data for project work statements, managing initiative finances and accounting, generating new work and customers, working with business development staff, executing work with high degree of customer satisfaction, and supervising staff.

The successful candidate must have proven experience conducting and leading technical efforts in support of the US Federal Government and Department of Defense; managing technical teams; be self-directed, have a track record of creating interdisciplinary approaches to problem solving, and demonstrate exceptionally strong presentation and writing skills. The candidate must also be able to interact with clients and staff of all levels in a highly professional and competent manner.

 

Minimum Qualifications and Requirements:

Education/Training: BS in computer science, software engineering, information systems, or a related technical field with ten (10) years of experience; MS in computer science or technical/engineering field with eight (8) years of experience; PhD in computer science or technical/engineering field with five (5) years of experience or equivalent combination of training and experience.  Other educational backgrounds of a technical nature with experience as described may be considered.

Experience: Total of ten (10) years of progressive experience in management/leadership roles working with or for the United State Federal Government. Experience with and substantial knowledge of: International partnerships/cooperation, legal process, cyber investigation principles and methods; network security; project planning and management; strategic planning; fundamental financial management and accounting; government funding methods and cycles; USG and DoD cybersecurity tools, techniques, methods, and operations; USG and DoD cybersecurity policies and directives.

Skills/Abilities:   Must have the following abilities and skills:  Mastery of information technology concepts, cyber security best practices and standards, information security evaluation methods, computer security incident management lifecycle and methodologies; risk management; and security policy development; excellent analytical, organizational, reasoning and problem solving skills; outstanding written and oral communication skills; outstanding financial and resource management skills; demonstrated ability to prepare papers and presentations for technical and non-technical audiences; ability to interact effectively with diverse constituencies internally and externally, including senior executives and managers in government and industry, especially USG COTR personnel or similar roles; ability to recognize and deal appropriately with confidential and sensitive information, and where appropriate, ability to obtain and hold a security clearance; active involvement in professional societies.

Physical Mobility: Primarily sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites.

Environmental Conditions: Normal office conditions; however close contact with CRT for prolonged periods.

Mental: Leadership:  Ability to influence, motivate, and inspire others to create positive organizational change; ability to set ethical and performance standards by example; ability to build consensus and commitment to achieve the organization’s vision.  Initiative:  Ability to work independently without being prompted; ability to consistently exceed performance expectations, especially by initiating and implementing new projects; ability to anticipate problems and proactively address issues; ability to continually improve work processes; ability to demonstrate and lead others through change. 

Teamwork:  Ability to contribute and participate in a group environment to meet common goals; ability to promote a congenial work environment; ability to identify conflict and bring it to a productive conclusion; ability to show leadership in putting the team’s agenda above any personal agenda; ability to display a positive and productive attitude.  Customer Service:  Ability to continually meet or exceed the expectations of customers; ability to respond to customers in a timely and productive manner; ability to keep customers informed and to monitor satisfaction; ability to address customer service problems promptly and non-defensively; ability to continually take more than routine action to assist a customer.  Communication:  Ability to effectively speak in individual or group situations; ability to write clearly and convincingly; ability to communicate across all levels of the organization; ability to make effective presentations; ability to gain respect quickly and build trust and credibility; ability to confront interpersonal issues and quickly resolve conflict; ability to provide specific and timely feedback and constructive criticism.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Experience:  Familiarity with process improvement models that contain the essential elements of effective management, development, and acquisition processes for one or more disciplines and experience transitioning these models into organizational practice; three or more years of leadership experience with responsibility for project and budget management. Demonstrated working knowledge of the US Intelligence Community (USIC) and Federal Law Enforcement, their functions, authorities (e.g. Executive Orders, Titling, etc.), responsibilities, and missions.

Skills/Abilities:  Demonstrated consulting and advising skills and experience; project management experience; leadership and mentoring skills; strategic planning skills. Accountability: Implement and participate in the planning, execution, and transition of projects leading to technical results.  Contribute to department or program objectives and plans development.  Keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution. Demonstrate responsible project and financial management of a portfolio of work exceeding $5 million dollars.

 

Direction: The individual is expected to act independently and develop and execute a research and technical agenda that adheres to CMU and SEI defined policies, practices, and procedures.  The incumbent is expected to demonstrate leadership for and support of CMU, SEI, CERT, and RM organizational objectives, policies, practices, and procedures through example and direction. 

Decisions: The individual in this position is expected to make strategic choices regarding the direction of the team that will be distilled into a research and technical agenda funded by a defined set of existing and new customers and implemented by a team hired to execute the specific tasking. The individual in this position is also required to work effectively with CERT project managers to ensure proper coverage of work tasks, proper funding for personnel, and identification and tracking of customer and project milestones and deliverables.  The individual in this position is required to accurately represent the CERT Division and its technical work in interactions with customers, sponsors, and the public.

Supervisory Responsibilities: Advises and oversees hiring decisions of program staff; responsible for performance reviews, salary adjustments, and work allocation to staff.

 

Job Functions or Responsibilities:

30%     Assists the Technical Director in overseeing and governing the implementation and accomplishment of the SEI Program Plan, the CERT Division strategic plan, the RM directorate strategic plan, and the overall technical program of work.  Sets goals and objectives and manages and improves day-to-day operational and functional business activities.   Oversees and tracks short and long term operational plans (financial, staffing, infrastructure, project).  Acts in the role of the Technical Director when required. 

30%   Provides direct guidance to and monitors the success of Technical Managers in meeting strategic and operational goals. Assesses performance of technical teams and participates in and oversees salary administration for all staff within areas of responsibility.  Provides oversight of Technical Managers and their supervisory responsibilities of technical staff and conducting performance reviews. Provides oversight over recruitment, hiring, development and retention of all technical and support staff.

20%   Oversees and approves the technical direction for teams.  Leads strategic planning process and contributes to the development of the RM, CERT, and SEI strategic and program plans.  Ensures annual update of plan; reviews feasibility of plan, identifies risks and defines risk mitigation strategy.  Articulates vision for internal and external audiences.

15%   Identifies opportunities for new technical projects and manages start-up of new, high-priority technical areas of work. Works with Technical Director, Technical Managers, CERT leadership, & business management personnel to develop and implement a funding and transition plan for new work areas.

5%    Directs organizational effectiveness and staff training and development plans. Identifies operational success measures and process improvements.  Leads corrective actions.

100% Total Effort

 

Organizational Chart:  CERT Division Director < Technical Director, Response and Monitoring Directorate < Deputy Technical Director, Response and Monitoring Directorate 

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

31 Mar
2016
Program Business Development Manager - 2002839
Pittsburgh, PA or Arlington, VA

Position Summary: The CERT Division comprises a large part of the Software Engineering Institute (SEI), a Federally Funded Research and Development Center (FFRDC) operated by Carnegie Mellon University in Pittsburgh, Pennsylvania. CERT engages in cutting-edge research, development and operations in the cyber security area.

The CERT DoD Business Development Manager will be responsible for proactive identification, qualification and pursuit of new Department of Defense and other government technical alliances where CERT technical expertise can be brought to bear in long-term, mutually beneficial, funded relationships.  The BD Manager will have the ability to recognize areas of need within the target customer environment and, in coordination with the technical staff, develop effective approaches to the target customer leading to funded relationships involving successful research, operational cyber support and integration opportunities.

 

Minimum Qualifications and Requirements:

Education/Training: Bachelors Degree in engineering or technically-focused business degree with eight to ten (8-10) years’ experience.

Experience:

  • Business development experience gained in pursuit of government large projects dealing with operational cyber security, applied research/development or other similar activities.
  • Experience on or working closely with OSD staff, Pentagon, Service MAJCOM acquisition, cyber operations or similar activities.

Skills/Abilities:

  • Recent, working knowledge of USG cyber missions and their mission owners.
  • Working knowledge of information assurance, network security, risk management, and software and systems development and procurement.
  • Self-sufficient team player.
  • Proven leadership skills with medium to large technical teams.
  • Ability to assess initiatives against programmatic, technical, and operational goals.
  • Ability to develop business plans, project management tracking and reporting systems.
  • Ability to prepare and conduct management briefings with senior government leaders and customers.
  • Ability to engage government leaders and customers to distill capability gaps and needs.
  • Ability to work with technical staff to establish tailored approaches, goals and schedules.
  • Ability to recognize and deal appropriately with confidential and sensitive information.
  • Outstanding written and oral communication skills.
  • Strong reasoning and problem-solving skills.
  • Ability to work independently.

Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel up to 50% to customer sites.

Environmental Conditions: Close contact with computer for extended periods of time.

Mental: Ability to work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort; ability to quickly learn new procedures, techniques, approaches, etc.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training:  MS or MBA with four to eight (4-8) years’ experience.

Licenses/Certifications:  Project Management Professional.

Experience:  Prior business development (or similar) experience at an FFRDC, Service Laboratory or senior DoD acquisition service. Demonstrated business development and customer relationship success in high-tech consulting firms.

 

Accountability: The individual will work with the CERT technical staff to find and develop funded engagements and oversee the business development and project management aspects of a portion of the CERT technical body of work.  Additionally, this individual will lead DoD business planning activities in support of the CERT technical vision and be responsible to the Associate Director for CLI to achieve CERT’s overall revenue goals.

Direction: The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures.

Decisions:The individual must make sound business decisions to include deciding which business opportunities to pursue; negotiating the scope of work with customers; and monitoring and controlling deliverables, budget, and schedules. The individual will be capable of providing sound leadership and advice to the technical and project teams to enable effective pursuit of business and technical objectives in support of customer goals.

Supervisory Responsibilities: This position does not supervise others.

 

Job Functions or Responsibilities:

80%     Develop and manage customer business development and outreach activities for a select customer group.

20%     Contribute to strategic business planning activities to include outreach to targeted customers and collaborators.

100% TOTAL EFFORT

 

Organizational Chart: CERT Division Director < CERT Deputy Director < Associate Director, CERT Customer Lifecycle Initiatives < CERT DoD Business Development Manager

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

31 Mar
2016
Senior Cyber Security Engineer - Insider Threat - 2002834
Arlington, VA

Position Summary: The CERT Division is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Division engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.

The individual in this position will work as a member of the Enterprise Threat and Vulnerability Management (ETVM) team, which focuses on assisting organizations in improving their insider threat mitigation and incident management practices and developing capabilities for preventing, detecting, deterring, and responding to evolving insider threats. ETVM team members are domain experts in insider threat and incident response, and team capabilities include threat analysis and modeling; development of security metrics and assessment and evaluation methodologies; and creation and delivery of controls, training, courses, and workshops.  

The individual in this position will be a part of the Technical Solutions team within ETVM. The Technical Solutions Team is responsible for the creation, development, and management of novel cybersecurity solutions that support customer driven operational and research missions. The Technical Solutions Team interacts with US Government departments and agencies, industry representatives, contractors, academia and others to identify gaps in cybersecurity tools, techniques, and procedures; create prototype capabilities to fill the gaps, and transition the prototype solutions to customers and partner organizations. The team frequently communicates their work to the community by publishing technical reports and white papers, and presenting at conferences, symposia, and other working groups.

The successful candidate must have proven experience conducting and leading research efforts in support of the US Federal Government and Department of Defense; managing technical teams; be self-directed, have a track record of creating interdisciplinary approaches to problem solving, and demonstrate exceptionally strong presentation and writing skills. The candidate must also be able to interact with clients and staff of all levels in a highly professional and competent manner. 

 

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science, Information Science, Information Systems Management with ten (10) years applicable experience or MS in Computer Science, Information Technology with eight (8) years applicable experience.

Experience: 

  • experienced professional with excellent technical skills, knowledge to successfully manage project work, and a proven track record leading technical projects.  
  • experience working in or with the DOD, intelligence community, or law enforcement in classified environments.
  • experience in both insider threat mitigation and cyber security at large.
  • working in a team environment on collaborative projects in critical infrastructure sectors involving network, system or data security.
  • 8+ years of software, hardware, or network design, development and test.
  • experience working with international standards agencies.

Skills/Abilities:

  • system administration and network administration skills and familiarity with Windows, UNIX, LINUX operating systems.
  • software development in at least two of the following languages: C, C++, Java, Perl, and Python
  • knowledge of core Internet protocols (TCP/IP, UDP, ICMP, DNS, FTP, SMTP, HTTP, SNMP, etc.).
  • ability to understand and configure Ethernet based switches, routers, firewalls, and VPN concentrators.
  • knowledge of modern version control systems and integrated development environments.
  • understanding of network design and implementation at LAN and WAN levels.
  • broad understanding and application of multi-tiered enterprise client/server architectures, design, implementation and security.
  • software / systems development lifecycle, QA testing, build process, revision control, and change management practices.
  • software / systems testing, including unit, system and integration testing process and implementation.
  • proven ability to innovate, develop, implement, and effectively document complex technical systems and approaches.
  • proven ability to integrate multiple technologies, standards and data sources into a consolidated solution.
  • knowledge of common attack methodologies; common types of security vulnerabilities; basic computer security forensics.
  • strong oral and written communications skills (e.g., technical writing, user guide development, requirements analysis) and ability to interact effectively with technical and non-technical audiences, as well as present in front of small and large groups; participate in external customer and sponsor meetings.
  • ability to travel to various locations within the SEI and CMU community, customer sites, and offsite meetings with weekly/monthly frequency to travel on overnight and on-site assignments; ability to work in varied and diverse situations requiring analytical, interpretative, evaluative and constructive thinking;
    • manage workload and priorities on multiple scheduled assessments;
    • able to function independently or in teams depending on the project;
    • work under pressure; deal with stress;
  • deal with challenging individuals while maintaining composure;
  • ability to exercise tact and discretion when handling highly sensitive and confidential issues;
  • maintain confidentiality while working with highly confidential and sensitive matters.
  • handle sensitive data according to project and/or USG data handling procedures.
  • ability to interpret and communicate information about government regulations and university policies.
  • quantitative and qualitative analytical skills.
  • ability to trouble shoot problems proactively and to answer questions and handle issues as they arise.
  • effective time management skills; and strong problem solving skills;

Environmental Conditions:  close contact with computer monitor for extended periods of time.

Other:  Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training:  PhD in Computer Science with five (5) years applicable experience; or MS in Computer Science Information Science with eight (8) years applicable experience; six years applicable experience in Information Systems Management; Current Certified Information System Security Profession (CISSP) or similar certification is desired.

Experience: 

  • advanced understanding of computer operating systems (e.g. Windows8 /7), and computer networking (TCP/IP).
  • various computer related training or certifications (e.g. MCSA, Cisco, etc.).
  • thorough understanding of relevant operating systems and their security principles (Windows, Mac OS X, Linux, Solaris)
  • leadership experience with software development and/or system administration in large-scale, distributed computing environments. Experience with wide-area network design, deployment, and troubleshooting.
  • experience developing materials for senior leadership in government or industry.
  • experience interfacing with the DOD, US federal civilian government, intelligence community, or law enforcement.
  • advanced Windows and/or Linux system administration skills.
  • experience working in a classified environment.

Skills/Abilities: 

  • leadership and mentoring skills.
  • proven skills working in a team environment on collaborative projects in US government, critical infrastructure sectors involving network, system or data security.

 

Accountability: The individual may be accountable for leading projects, including development and management of budgets and project plans, and managing schedules with sponsors. The individual will also be accountable for managing sensitive, and possibly classified, customer information.

Direction: The individual is expected to act independently following CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work, and to adhere to any additional sponsor-specified requirements related to the projects involved.

Decisions: The individual must make sound decisions with little supervision. The individual must accurately represent the program in interactions with external customers, sponsors, and the public.

Supervisory Responsibilities: This position may be responsible for hiring and managing student interns.

 

Job Functions or Responsibilities:

40%     Develop, deploy, and transition technical solutions for insider threat prevention, detection, and response.

30%     Manage and participate in technical bodies of work and represent the SEI in technical discussions and decision making processes; Perform the role of technical liason between DoD, US Federal Government, and Industry partners and the CERT program.

10%     Participate in research into cutting-edge strategies for insider threat data collection and analysis techniques.

10%     Contribute to conferences and meetings; participate in marketing calls and technical exchanges with clients; give talks and lectures as appropriate; participate on working groups for subjects of interest.

10% Provide assistance and input to other teams and projects within the SEI.

100% TOTAL EFFORT

 

Organizational Chart: CERT Program, Director < Risk and Resilience Directorate, Technical Director < Enterprise Threat & Vulnerability Management, Technical Manager < Technical Solutions, Technical Team Lead < Cyber Security Engineer

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

31 Mar
2016
Senior Research Scientist - 2002838
Pittsburgh, PA

Position Summary:  The SEI Emerging Technology Center is focused on matching state-of-the-art software capabilities with critical U.S. Government (USG) needs. This position will support the Center’s mission by capturing government needs and identifying, shaping, and guiding research that matches these needs and operationalizing research concepts in a realistic USG environment. If you are a researcher passionate about big data, cloud computing, human information interaction, analytics/machine learning/data mining/knowledge discovery, or scalability, and you are committed to bringing innovation to government and beyond, then this is the position for you.

Duties include: The SEI Emerging Technology Center Research Scientist will: Work with the Center’s leadership team to plan, develop and implement an overall research strategy, initiate and conduct novel research in-line with the Center’s broad technical focus of “data-intensive scalable computing,” and lead and collaborate with other research and development technical staff in the Center and across the SEI; Directly participate in the formation of a research agenda and assist the SEI Emerging Technology Center in establishing a national agenda in future technology; Develop research ideas in collaboration with sponsors and customers, collaborate with world leaders in the academic community, lead and conduct hands-on research, and direct research staff to advance ideas in support of the Center’s current and future customer needs; Work closely with the SEI Emerging Technology Center Director to define near-term and strategic research approach and agenda, as well as lead, conduct, and direct research projects for the Center. This position will afford the opportunity to participate in strategic planning for the whole of the Center along with an interdisciplinary team of highly talented visionaries. The work requires a deep understanding of technical challenges and emerging trends in computing and information science and awareness of the potential opportunities in industry and government. It also requires effective formulation and presentation of forward looking ideas. While deep technical knowledge in one or more fields is desirable, a demonstrated track record of research contributions across multiple fields is preferred. The SEI Emerging Technology Center and the Center customers are inherently interdisciplinary.

Specific responsibilities include: Interface directly with USG customers to identify, capture, and articulate critical software-related capability needs, specifically in the domain of data-intensive scalable computing; Identify, shape, and guide research activities directed at filling critical USG computing and information needs; Leverage research ideas to design, document, and oversee the development of solutions relevant to critical government needs; Oversee interdisciplinary development teams from problem definition to solution concept to solution development, test and evaluation, and technology transition; Develop and operationalize novel transition strategies for taking solutions from research concept to operational capability; Promote and practice user-centered design methodologies throughout the solution life-cycle, from research concept to operational capability; Publish and promote Center research to contribute to raising awareness and impact of the Center and the SEI; and Mentor other Center staff and collaborators on research methods, technical areas of expertise, user-centered design concepts, and solution design principles.

 

Minimum Qualifications and Requirements:

Education/Training: Bachelors of Science in Computer Science, Information Systems, or related field with ten (10) years’ experience or equivalent, Masters of Science in Computer Science, Information Systems, or related field with eight (8) years’ experience or equivalent, or Doctor of Philosophy in Computer Science, Engineering, Mathematics, Information Systems, or related field with five (5) years of experience or equivalent combination of training and experience.

Experience: Professional experience listed above to include the following areas: Leading research and research teams; capturing and documenting user/customer needs and requirements in complex technical areas under uncertainty and changing requirements and priorities; conducting research and applying scientific methods; basic and applied research; facilitating participatory design and innovation sessions for all aspects of software, solutions, and research design concepts; software development in support of research and taking software capabilities from the lab to operations; hands on modeling and simulation, data analysis/analytics, and large-scale computing; proven capabilities in the visual communications of complex ideas and concepts; preparing and delivering technical proposals, papers, and presentations; conducting user-centered design activities including user studies, novel prototyping capabilities, and exploring multiple solution concepts in parallel; design of information architectures for complex human-centered software systems; experience working with DARPA, IARPA, Service Labs, or other government research sponsors is a plus. Ideal candidates have: Three to five years of progressively responsible experience in a technology- or research-based organization in government, industry or higher education; three to five years’ experience in researching, developing, or applying data-intensive scalable computing in a commercial or DoD/government-related environment; experience in building and managing high technology research teams. The candidate should have in-depth knowledge of software and systems engineering. Demonstrated success in formulating and delivering successful research proposals to the federal government and in leading the resulting projects. Demonstrated record of publications and contributions to the science and technology community. Demonstrated management experience with responsibility for projects, people, budgets and contracts.

Skills/Abilities: Knowledge of: Software engineering including design, architecture, development, testing, and deployment; human-computer interaction, Human-machine interaction, and Human-information interaction; modern computing, data, and storage solutions, data processing architectures (MapReduce, Hadoop, NoSQL); cloud Computing; analytics, data mining, machine learning, knowledge discovery; knowledge of information analysis, visualization, and manipulation tools and techniques; must be visionary, with strong sense of purpose; prior academic center research experience; a reputation for applied and/or theoretical research with a track record of valuable publications; track record of accomplishment in leading the research agenda for technology-based organizations; reputation for highest level of integrity; high comfort level with ambiguity; success at building consensus within a matrixed organization; excellent oral, written and presentation skills; able to make decisions and recommendations that significantly change important public policies or scientific programs; understanding and appreciation for the interplay between technology and policy; ability to influence, work and manage technical staff; able to respond quickly and effectively to changing priorities; excellent analytical, organizational, supervisory, reasoning and problem solving skills; ability to interact effectively with diverse constituencies internally and externally; excellent verbal and written communication skills.

Physical Mobility: Primarily sedentary in an office setting with some mobility. Flexible to travel to various locations within the SEI and CMU community, sponsor sites, conferences, and offsite meetings potentially with routine frequency.

Environmental Conditions: Normal office conditions; close contact with computer screen for extended periods of time.

Mental: The ability to: Design and develop detailed problem formulations and research approaches based on requirements elicitation from internal and external stakeholders; communicate with software developers, analyst, and non-technical experts; work meticulously with attention to detail; remain calm during difficult situations; meet inflexible deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities and frequent interruptions; deal collaboratively, diplomatically, and successfully with customers, co-workers, and other professional colleagues, managers, and staff; grasp the big picture, direction, and goals of an effort; interface with world-class research community; develop and communicate innovative ideas; take leadership role in technical projects; oversee the technical activities of teams of 3-4 researchers, developers, and designers; quickly learn new procedures, techniques, and approaches.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training: Doctor of Philosophy in Computer Science, Engineering, Mathematics, Information Systems, or related field with five (5) years of experience, or equivalent combination of training and experience.

 

Accountability: This position will be responsible for transforming vague and uncertain customer needs and requirements into clear problem statements and research programs. Research will always be conducted with a solutions and outcome focus. This includes matching problems to research ideas, technology capabilities, and ultimately solutions.

Direction: This position is expected to act with minimal supervision in accordance with SEI procedures and policies, such as those involving product development, team interaction, and confidentiality.

Decisions: This position will conduct research, make decisions about research approaches and ideas, explore and specify solutions and designs and make implementation choices for a wide-range of data-intensive scalable computing problems.

Supervisory Responsibilities: This position may include supervisory responsibilities for a small (2) to medium (10) sized team of researchers or research programmers.

 

Job Functions or Responsibilities:

60%     Serve as the an interface with USG technical and research customers to understand, capture, and translate USG problems to the research community and other SEI staff focused on developing meaningful research problems, conducting research, and developing solutions. Lead, conduct, and facilitate exploration and innovation sessions and workshops to elicit clear definition of USG challenges and concepts. Craft and conduct research in partnership with USG customers, academic partners, SEI staff, and industry collaborators were appropriate.

15%     Serve as a principal advocate for the research portion of the SEI Emerging Technology Center. Formulate and evolve the research strategy and work with Center management to implement that strategy. Assist with formation and growth of the research team and recruiting appropriate talent.

15%     Serve as liaison to internal CMU/SEI functions and programs in active and potential areas of research. Builds external relationships to foster research collaborations. Represents the Center to the S&T community by participation in S&T community events and forums. Work with Center management to identify critical research areas and research opportunities that support the needs of Center’s current and future customers.

10%     Mentor internal researchers, designers and software developers; communicate the design of solutions to internal stakeholders; and provide technical guidance on integration and design to external stakeholders.

100% TOTAL EFFORT

 

Organizational Chart: SEI Emerging Technology Center Director < Chief Scientist < Research Scientist

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

 

 

 

29 Mar
2016
Systems Engineer - 2002718
Pittsburgh, PA

Position Summary: CERT is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT engages in cutting-edge research and development, and provides robust programs focused on ensuring that software developers, internet security experts, network and system administrators, and others are able to resist, recognize, and recover from attacks on networked systems.

This position is responsible for supporting users and maintaining software and equipment in the CERT Program Managed Enclaves. This includes understanding the needs of the teams using the enclaves, installing and configuring software and hardware to meet those needs, configuration and maintenance of equipment, and assisting in experiments as needed.  You will need to be able to work in a rapidly changing environment, tolerate ambiguity, and demonstrate problem-solving skills.

 

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science, Information Science, Computer Engineering or equivalent with three (3) years of applicable experience, or MS in Computer Science, Information Science, Computer Engineering or equivalent with one (1) year of applicable experience.

Experience:  Three (3) years of experience; Windows/Linux systems administration, as well as experience with the configuration and deployment of associated hardware and software, including storage administration, scripting, and coding.

Skills/Abilities:  Ability to effectively manage conflicting priorities, while still delivering concrete, high quality, and timely results to multiple projects. Posses strong planning and organizational skills, including the ability to; work independently and with teams, interact effectively with technical and non-technical audiences both written and verbally. Strong problem solving skills. Possess an applied understanding of core internet protocols (e.g., TCP/IP, IP, UDP, ICMP, DNS, SMTP, HTTP, etc.) and Windows/Linux systems administration practices.  An understanding of Software / systems development lifecycle, QA testing, revision control, and change management practices.

Mobility:  Primarily sedentary, long periods of sitting, may have to travel to other campus locations, as well as, travel to customer sites, some bending, stretching and lifting up to 50 lbs. above head. Moving and setting up computer equipment.

Environmental Conditions:  Normal office conditions; however close contact with CRT for prolonged periods of time. Also occasional work in machine room (loud and extreme office temperatures 55F-90F).

Mental:  Ability to work under pressure and meet deadlines; ability to prioritize tasks; strong learning capability; ability to assist users of varying competency; ability to interact effectively with vendors, managers, and technical staff. Good technical problem-solving skills; strong information organization skills; good oral and written communication skills. Maintain confidentiality of sensitive information.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Experience:  Experience with applications such as JIRA, Confluence, Jenkins, and Rhodecode. Experience in the scription such as Bash, Python, Perl, and PowerShell. Experience with storage administration such as NetApp, Lustre Filesystem, Gluster Filesystem, iSCSI, and NFS. Experience with Hadoop Administration and Database Administration (MySQL, Postgress, MongoDB).

Skills/Abilities:  Ability to define and build tools in various scripting and programming languages. Knowledge of and experience with operating systems other than UNIX or Windows.

 

Accountability: Develop and implement project technical results. Contribute to technical area goals and objectives. Keep in confidence sensitive information such as security, vulnerability, and site information.

Direction:  Expect to act with minimal supervision in accordance with SEI and CERT program procedures and policies, such as those involving project development, team interaction, and confidentiality.

Decisions:  Must accurately represent the program in interactions with customers, sponsors, and the public. Participate in conferences and workshops where security-related issues are discussed as required.

Supervisory Responsibilities: This position does not formally supervise others.

 

Job Functions or Responsibilities:

10%     Perform Tier 1 support for CERT Program Managed Enclave services and systems.

10%     Test, and evaluate new hardware and software for the CERT Program Managed Enclaves in consultation with SEI IT and users.

25%     Work within CERT and SEI IT to develop and/or implement tools and processes for managing and maintaining software and hardware in the CERT Program Managed Enclaves, including the set-up for experiments.

35%     Conduct routine software and hardware maintenance of CERT Program Managed Enclaves equipment. Install and configure new equipment.

10%     Develop procedures and practices for the use and maintenance of the CERT Program Managed Enclaves.

10%     Participate in the broader security community through collaboration, papers, and presentations.

100% TOTAL EFFORT

 

Organizational Chart:  CERT Program, Director < Secure Automation Director < Technical Manager < Systems Engineer

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

29 Mar
2016
Systems Engineer - 2002719
Pittsburgh, PA

Position Summary: CERT is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT engages in cutting-edge research and development, and provides robust programs focused on ensuring that software developers, internet security experts, network and system administrators, and others are able to resist, recognize, and recover from attacks on networked systems.

This position is responsible for supporting users and maintaining software and equipment in the CERT Program Managed Enclaves. This includes understanding the needs of the teams using the enclaves, designing and developing services to meet those needs, planning equipment acquisitions, overseeing configuration and maintenance of equipment, overseeing set-up and breakdown of equipment for experiments, assisting in experiments as needed.  You will need to be a self-starter who can work in a rapidly changing environment, tolerate ambiguity, and demonstrate problem-solving skills.

 

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science, Information Science, Computer Engineering or equivalent with eight (8) years of applicable experience, MS in Computer Science, Information Science, Computer Engineering or equivalent with five (5) years of applicable experience, or Ph.D. in Computer Science, Information Science, or equivalent with two (2) years of applicable experience.

Experience:  System administrator level of knowledge for both UNIX and Windows operating systems, as well as experience with the selection, configuration and deployment of associated hardware and software. Experience and knowledge in using system administration tools to manage dozens of machines and configurations.  Network administrator knowledge of network technologies including: TCP/IP, UDP, Ethernet, 802.11, routing protocols, DNS, VPN. Experience in network architecture and implementation. Storage administration and scripting/coding experience.

Skills/Abilities:  Ability to manage heavy workload and effectively manage priorities. Strong problem solving skills. Excellent oral and written communications skills.  Ability to work both independently and with teams.  Ability to effectively manage multiple projects.  Ability to elicit technical requirements from management and staff.

Mobility:  Primarily sedentary, long periods of sitting, may have to travel to other campus locations, as well as, travel to customer sites, some bending, stretching and lifting up to 50 lbs. above head. Moving and setting up computer equipment.

Environmental Conditions:  Normal office conditions; however close contact with CRT for prolonged periods of time. Also occasional work in machine room (loud and extreme office temperatures 55F-90F).

Mental:  Ability to work under pressure and meet deadlines; ability to prioritize tasks; strong learning capability; ability to assist users of varying competency; ability to interact effectively with vendors, managers, and technical staff. Good technical problem-solving skills; strong information organization skills; good oral and written communication skills. Maintain confidentiality of sensitive information.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Experience:  Experience using and managing virtual computing environments such as VEEAM, VMWare, or VirtualBox. Experience with applications such as JIRA, Confluence, Jenkins, and Rhodecode. Experience in the scription such as Bash, Python, Perl, and PowerShell. Experience with storage administration such as NetApp, Lustre Filesystem, Gluster Filesystem, iSCSI, and NFS. Experience with Hadoop Administration and Database Administration (MySQL, Postgress, MongoDB).

Skills/Abilities:  Ability to define and build tools in various scripting and programming languages. Knowledge of and experience with operating systems other than UNIX or Windows.

 

Accountability:  Responsible for managing requests from users, including high priority requests originating from a sponsor.

Direction:  The person in this position will work closely with the SEI Infrastructure Team on developing processes for managing hardware and software. The person will also work closely with users in determining needs and planning experiments.

Decisions:  Example 1: A user needs to test vulnerability in a specific piece of software. A test environment needs to be developed to allow for testing at the required version/patch level. The equipment needs to be prepared and configured appropriately to provide a suitable test environment.

Example 2: A group of software developer needs an automated build, test, and deployment environment and the environment needs to be integrated with the already existing source code repository.  An evaluation of suitable tools is conducted, based on developer requirements. Based on the selection, a server is setup and tested in order to demonstrate the integration and functionality.  Then assistance is provided to developers as they begin using the system, including the adoption of changing requirements and configuration needs.

Supervisory Responsibilities:  This position mentors and provides technical direction to other CERT Program Managed Enclave employees.

 

Job Functions or Responsibilities:

15%     Collects user requirements for CERT Program Managed Enclave equipment software and services needed for the CERT.

15%     Test, evaluate, and select new hardware and software for the CERT Program Managed Enclave in consultation with the SEI IT and users.

15%     Work with the CERT and SEI IT staff to develop and/or implement tools and processes for managing and maintaining software and hardware in the CERT Program Managed Enclave, including the set-up for experiments.

40%     Infrastructure operations and maintenance including: backups, patching, Failure Recovery, log review, security auditing, and other user support.

10%     Develop procedures and practices for the use and maintenance of the CERT Program Managed Enclave.

Secondary Functions

5%       Participate in the broader security community through collaboration, papers, and presentations.

100% TOTAL EFFORT

 

Organizational Chart:  CERT Program, Director < Secure Automation Director < Technical Manager < Systems Engineer

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

 

24 Mar
2016
Malware Reverse Engineer - 2002795
Pittsburgh, PA or Arlington, VA

Position Summary:  The CERT Threat Analysis group aims to improve malware analysis capability while addressing active and emerging threats.  The successful candidate will reverse engineer malicious code in support of high-impact customers, design and develop new analysis methods and tools, work to identify and address emerging and complex threats, and effectively participate in the broader security community.

Responsibilities: Perform in-depth reverse engineering of malicious code, document and transition results in reports, presentations, and technical exchanges; Design, prototype, and transition new analysis methods and tools; Identify and document high-impact, emerging, and complex active security threats; design and pursue solutions; and transition results in tools, reports, presentations, and technical exchanges Participate in the broader security community through collaboration, papers, and presentations.

 

Minimum Qualifications and Requirements:

Education/Training: Bachelor of Science in Computer Science, Software Engineering, Information Systems, or related field with three (3) years of experience, or equivalent; Master’s Degree in Computer Science, Software Engineering, Information Systems, or related field with one (1) year of experience.

Experience:                               

  • Reverse engineering software binaries.
  • Using disassemblers (ie. IDA Pro).
  • Using debuggers (ie. OllyDbg, Immunity, gdb, WinDbg).
  • Using hex editors and tools (ie. BinDiff).
  • C/C++ development.
  • x86 assembly language.
  • Windows Portable Executable (PE) file format Technical Writing Solid understanding of programming languages and operating system concepts.

Skills/Abilities:                  

  • technical writing.
  • analytical and problem solving skills.
  • develop and explain technical decisions.
  • prioritize work.
  • recognize and deal appropriately with confidential and sensitive information.
  • communicate effectively under normal and stressful situations.
  • handle shifting priorities.
  • mentoring/training skills.
  • interact effectively with technical and non-technical audiences both written and verbally.
  • work within a closely coordinated team.
  • work calmly and well under pressure.
  • maintain composure while dealing with difficult people.

Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI and Carnegie Mellon community, customer sites, conferences, and offsite meetings with some frequency.

Environmental Conditions:  Normal office conditions, close contact with computer for prolonged periods of time.

Mental: Ability to work under pressure and changing priorities; pay attention to detail; meet inflexible deadlines; deal with difficult individuals while maintaining composure.     

Other: Candidate will be required to travel on overnight assignments. Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Experience:         

  • YARA.
  • IDAPro plug-in or IDAPython development.
  • Other assembly languages (ie. ARM, x86_64).
  • Python or Java development.
  • Assembly development.
  • Linker and/or Loader development or analysis Executable and Linker Format (ELF) file format Windows, Linux or Mac OS X.
  • APIs and security models.
  • Internet Protocols.
  • Cryptographic algorithms.
  • Kernel-level debugging (ie. WinDbg).
  • Device driver development.
  • Mobile device development.
  • Mobile device reverse engineering.
  • Software vulnerability analysis.
  • VirtualBox or VMWare admin or development Network packet captures (ie. Wireshark, pcap formats).

 

Accountability: Develop and implement project technical results.  Contribute to program objectives and plans development.  Keep in confidence sensitive information such as security, vulnerability, and site information.

Direction: The individual is expected to act independently in accordance with Carnegie Mellon, Software Engineering Institute, CERT Program, and CERT Threat Analysis procedures and policies, such as those involving product development, team interaction, and confidentiality.

Decisions: Must accurately represent the program in interactions with customers, sponsors, and the public.  Participate in conferences and workshops where security-related issues are discussed as required.

Supervisory Responsibilities: This position has no supervisory responsibilities.

 

Job Functions or Responsibilities:       

50%   Perform in-depth reverse engineering of malicious code, document and transition results in reports, presentations, and technical exchanges;

20%   Design, prototype, and transition new analysis methods and tools;

20%   Identify and document high-impact, emerging, and complex active security threats; design and pursue solutions; and transition results in tools, reports, presentations, and technical exchanges.

10%   Participate in the broader security community through collaboration, papers, and presentations.

100%      TOTAL EFFORT

 

Organizational Chart: CERT Program Director < CERT Threat Analysis Technical Director < CERT Malware Analysis Technical Manager < Malware Reverse Engineer.

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

24 Mar
2016
Malware Reverse Engineer - 2002796
Pittsburgh, PA or Arlington, VA

Position Summary:  The CERT Threat Analysis group aims to improve malware analysis capability while addressing active and emerging threats.  The successful candidate will reverse engineer malicious code in support of high-impact customers, design and develop new analysis methods and tools, work to identify and address emerging and complex threats, and effectively participate in the broader security community.

Responsibilities: Perform in-depth reverse engineering of malicious code, document and transition results in reports, presentations, and technical exchanges; Design, prototype, and transition new analysis methods and tools; Identify and document high-impact, emerging, and complex active security threats; design and pursue solutions; and transition results in tools, reports, presentations, and technical exchanges Participate in the broader security community through collaboration, papers, and presentations.

 

Minimum Qualifications and Requirements:

Education/Training: Bachelor of Science in Computer Science, Software Engineering, Information Systems, or related field with eight (8) years of experience, or equivalent; Master’s Degree in Computer Science, Software Engineering, Information Systems, or related field with five (5) year of experience; PhD in Computer Science, Software Engineering, Information Systems, or related field with two (2) year of experience.

Experience:                               

  • Reverse engineering software binaries.
  • Using disassemblers (ie. IDA Pro).
  • Using debuggers (ie. OllyDbg, Immunity, gdb, WinDbg).
  • Using hex editors and tools (ie. BinDiff).
  • C/C++ development.
  • x86 assembly language.
  • Windows Portable Executable (PE) file format Technical Writing Solid understanding of programming languages and operating system concepts.

Skills/Abilities:                  

  • technical writing.
  • analytical and problem solving skills.
  • develop and explain technical decisions.
  • prioritize work.
  • recognize and deal appropriately with confidential and sensitive information.
  • communicate effectively under normal and stressful situations.
  • handle shifting priorities.
  • mentoring/training skills.
  • interact effectively with technical and non-technical audiences both written and verbally.
  • work within a closely coordinated team.
  • work calmly and well under pressure.
  • maintain composure while dealing with difficult people.

Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI and Carnegie Mellon community, customer sites, conferences, and offsite meetings with some frequency.

Environmental Conditions:  Normal office conditions, close contact with computer for prolonged periods of time.

Mental: Ability to work under pressure and changing priorities; pay attention to detail; meet inflexible deadlines; deal with difficult individuals while maintaining composure.     

Other: Candidate will be required to travel on overnight assignments. Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Experience:         

  • YARA.
  • IDAPro plug-in or IDAPython development.
  • Other assembly languages (ie. ARM, x86_64).
  • Python or Java development.
  • Assembly development.
  • Linker and/or Loader development or analysis Executable and Linker Format (ELF) file format Windows, Linux or Mac OS X.
  • APIs and security models.
  • Internet Protocols.
  • Cryptographic algorithms.
  • Kernel-level debugging (ie. WinDbg).
  • Device driver development.
  • Mobile device development.
  • Mobile device reverse engineering.
  • Software vulnerability analysis.
  • VirtualBox or VMWare admin or development Network packet captures (ie. Wireshark, pcap formats).

 

Accountability: Develop and implement project technical results.  Contribute to program objectives and plans development.  Keep in confidence sensitive information such as security, vulnerability, and site information.

Direction: The individual is expected to act independently in accordance with Carnegie Mellon, Software Engineering Institute, CERT Program, and CERT Threat Analysis procedures and policies, such as those involving product development, team interaction, and confidentiality.

Decisions: Must accurately represent the program in interactions with customers, sponsors, and the public.  Participate in conferences and workshops where security-related issues are discussed as required.

Supervisory Responsibilities: This position has no supervisory responsibilities.

 

Job Functions or Responsibilities:       

50%   Perform in-depth reverse engineering of malicious code, document and transition results in reports, presentations, and technical exchanges;

20%   Design, prototype, and transition new analysis methods and tools;

20%   Identify and document high-impact, emerging, and complex active security threats; design and pursue solutions; and transition results in tools, reports, presentations, and technical exchanges.

10%   Participate in the broader security community through collaboration, papers, and presentations.

100%      TOTAL EFFORT

 

Organizational Chart: CERT Program Director < CERT Threat Analysis Technical Director < CERT Malware Analysis Technical Manager < Malware Reverse Engineer.

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

16 Mar
2016
Senior Software Assurance Engineer - 2002744
REMOTE - Bedford, MA

Position Summary: The CERT program of the Software Engineering Institute is looking to fill a leadership position improving the cyber security of acquisitions in the Air Force. This high visibility, high impact position will be responsible for helping senior leaders of Air Force programs improve the cyber resiliency of software intensive systems throughout the acquisition lifecycle, from requirements to development to deployment and sustainment.

This Senior Member of the Cyber Security Foundations directorate will be responsible for leading cross functional teams that enable the organizations within the Air Force to enhance the predictable performance and mission assurance in the acquisition, evolution and operations of software-reliant systems. Key activities include understanding customer requirements and key challenge problems and addressing them with tailored solutions; applying, adapting, integrating, verifying and transitioning applicable research and practices to maximize impact; creating, applying and codifying new approaches to support customer needs and advance the software security state of the practice; and maintaining situational awareness in technical and DoD domains. The candidate will coordinate closely with technical staff in CERT and other SEI programs to deliver cyber security technical expertise to customers throughout the life-cycle.

 

Minimum Qualifications and Requirements:

Education/Training: BS or equivalent degree in relevant discipline with ten (10) years applicable experience; MS or equivalent degree in relevant discipline with eight (8) years applicable experience; PhD or equivalent degree in relevant discipline with five (5) years applicable experience, or equivalent combination of training and experience.

Experience: The candidate must have experience in software engineering, development or management, and/or systems engineering. Must be knowledgeable of the software engineering and system engineering disciplines as well as understanding the DoD acquisition processes and relevant cyber security processes, such as the Risk Management Framework (RMF). The candidate should have experience building, leading, managing and participating on cross-functional, high technology teams, should be able to operate effectively with all organizations within the software and acquisition communities and be able to interact diplomatically with partners, customers and sponsors.

Skills/Abilities: Detailed knowledge of cyber security and mission assurance in the acquisition process; detailed knowledge of at least one core competency: requirements, architecture and design, program and acquisition management, performance improvement, or assurance.  Experience in five or more of the following: DoD software systems acquisition on major programs (For the purposes of this announcement, our definition of major is at least 100K SLOC of custom developed code, and/or significant integration of COTS/GOTS products); solid technical breadth and understanding of all aspects of the end-to-end software lifecycle (e.g., requirements, design, implementation, testing, etc.); alternative life cycles (e.g. waterfall, agile); major DoD software acquisition policies and directives; enterprise architecture ; software architecture development and evaluation, software architecture patterns (e.g. SOA) and concepts (e.g. Cloud computing); information Assurance/survivability; systems engineering on software intensive systems; COTS product integration; performance measurement including definition and application of goals, measurements and metric; system of systems engineering; requirements development and management; software integration and test and software/hardware integration; deployment of software intensive systems, especially including transition from legacy systems; cost estimation.

Strong written and verbal communications skills and the ability to present to high visibility stakeholders internal and external to the organization.  Proven program and project management skills including: interfacing with clients, developing proposals, and establishing relationships with new DoD and/or government clients and programmatic and project management skills (e.g., ability to develop project plans, track deliverables, manage risks, perform staff planning, provide budget oversight).  Ability to lead and participate in multidisciplinary teams.

Mobility: Will be required to travel on overnight assignments.

Environmental Conditions: Usual office setting, close contact with computer for prolonged periods of time.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training: Master's degree in Computer Science, Information Systems, Systems Engineering, Software Engineering, or Acquisition Management.

Licenses: Certified DoD Acquisition Professional. Certified PMP.

 

Accountability:  The member will be directly accountable for understanding DoD acquisition and cyber security needs, applying new technologies, and establishing delivery capabilities to meet the needs of the sponsoring organization and the acquisition community.

Direction:  As a technical staff member, he/she will be expected to operate with minimum supervision using CMU and SEI defined practice, policies and procedures, in concert with the SEI mission.

Decisions:  Will be required to work with government program offices to identify strengths and weaknesses within the acquisition program and their contractor base and build solutions to address the weaknesses and recognize and encourage the strengths.

Supervisory Responsibilities:  Must be able to lead and supervise others.

 

Job Functions or Responsibility:

65%  Participate as a leader or member of technical teams in support of government acquisition program offices or participate as a member of a technical team performing research. Identify and support the implementation strategies for the capture and application of learning and knowledge transfer from assignments (e.g. dissemination of research results, case studies, guides, reports, presentations, articles, workshops, courses, and blog entries).

20%  Work with managers, business developers, current customers, and prospective customers to identify and define value-delivering opportunities and capture work.

10%  Other duties as assigned by management.

5%  Serve in an advisory capacity to other SEI technical programs on acquisition or technical issues.

100% TOTAL EFFORT

 

Organizational Chart:  SEI Director’s Office < Director, CERT < Technical Director, Cyber Security Foundations < Technical Manager

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

04 Mar
2016
Cybersecurity Risk Management Product Architect - 2002670
Pittsburgh, PA or Arlington, VA

Position Summary: The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Program engages in cutting-edge research and development to improve the state of cybersecurity. As a Cybersecurity Risk Management Product Architect, you will lead the updates and development of existing and new cybersecurity models, frameworks, and tools. You will build products from existing ideas, and help to develop new ideas based on your industry/government/academic experience, a strong knowledge of cybersecurity standards and practices, and your contact with customers and practitioners. You must possess a unique blend of business and technical savvy proven with prior experience in operationalizing conceptual products or models; a big-picture vision; and the drive to make that vision a reality. You must enjoy spending time with customers and practitioners to understand their problems, and find innovative solutions that will benefit the US Department of Defense and the Nation’s critical infrastructure.

You will collect, analyze, and make decisions based on collaborations with members of the technical staff as you define product requirements and manage the product development lifecycle. You will work with business management to define the go-to-market strategy helping them understand the product positioning, key benefits, and target customers. You will work to ensure that the product and marketing efforts support the organization’s overall mission, strategy, and goals.

Your experience includes a background in process improvement, measurement, and leading development teams. You may have an established role or have at least participated in a standards setting body. As the Product Architect, you will also serve as the internal and external evangelist for the products with opportunities to write technical papers and presentations to highlight your excellent written and oral communication skills. As a member of the Carnegie Mellon University community, you will have the opportunity to work with some world-renowned faculty members and experts in cybersecurity as you innovate and develop risk management products.


Minimum Qualifications and Requirements:

Education/Training: BS in computer science, software engineering, information systems, or a related scientific/technical field with ten (10) years of experience or equivalent combination of training and experience.

Experience: Professional experience as an information security engineer responsible for collecting, analyzing, and executing against requirements in a cybersecurity program.

Skills/Abilities:

  • Strong knowledge of cybersecurity standards and related bodies of practice
  • Demonstrated product lifecycle experience
  • Working knowledge of National Infrastructure Protection Plan and efforts to protect the National Critical Infrastructure
  • Experience with DoD customers
  • Background in process improvement and capability measurement
  • Prior experience leading product development teams
  • Established role or participation in standards setting bodies
  • Experience in evaluating and rating organization capabilities
  • Ability to Interact in a collaborative manner with other team members to accomplish organizational goals
  • Critical-thinking skills
  • Ability to contribute to technical research white papers and reports
  • Ability to prepare papers and deliver presentations to technical and non-technical audiences
  • Excellent written and verbal communications skills

Physical/Mobility: Primarily sedentary in an office setting with some mobility.  Ability to travel frequently to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings.

Environmental Conditions: Close contact with computer for extended periods of time.

Mental: Strong interest in the human, managerial, and technical aspects of cyber security is critical for this position as are these abilities: take or share leadership role in technical projects; work meticulously with careful attention to detail; meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to understand the big picture, direction, and goals of an effort; ability to develop and communicate innovative ideas; ability to demonstrate initiative and to quickly learn new procedures, techniques, approaches, etc.

Other: Must have a strong interest in cyber security and critical infrastructure protection, applied research, and development. Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.


Preferred Qualifications and Requirements:

Education/Training: MS in computer science, software engineering, information systems, or a related scientific/technical field with eight (8) years of experience; PhD in computer science, software engineering, information systems, or a related scientific/technical field with five (5) years of experience, or equivalent combination of training and experience.

Licenses: CISSP, CISM, GIAC, or similar; certifications from the audit discipline (such as CISA) are also acceptable.

Skills/Abilities: In addition to the minimum skills/abilities above, preferred skills/abilities include: demonstrated ability to develop and deliver coursework and training.

 

Accountability: The individual will implement and participate in the planning and execution of projects leading to technical products and results. The individual will also contribute to project, department, or program objectives and planning document development. The individual will keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution.

Direction: The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual must make sound technical decisions with little supervision. The individual must accurately represent the program in interactions with customers, sponsors, and the public. The individual is expected to perform analysis on-site at customer locations and immediately assess potential vulnerabilities requiring further investigation.

Supervisory Responsibilities: This position could involve the training and oversight of the work of other staff members, graduate students, resident affiliates, visiting scientists, and independent contractors. Depending on research project or customer work plan, position may involve task leadership.


Job Functions or Responsibilities:

60%   Responsible for gathering requirements for new and existing products through work with other members of the technical staff, the DoD, and the external cybersecurity community; operationalizing the concepts of cybersecurity risk management and resilience into frameworks, models, and tools for adoption and use by the DoD and Critical Infrastructure sectors.

20%   Participate in SEI research process by identifying long-term DoD needs in cybersecurity risk management and resilience concepts and developing proposals outlining hypotheses and research plans with milestones, budgets, and teams of collaborators.

5%   Deliver courses in operational resilience management, cyber security management, and information security risk management.

5%   Contribute to conferences and meetings; participate in marketing calls and technical exchanges with clients; give talks and lectures as appropriate; participate on working groups for subjects of interest.

5%   Contribute to and review the literature in cyber security, resilience, and software engineering.

5%   Provide assistance and input to other teams and projects within the SEI.

100% TOTAL EFFORT


Organizational Chart: Director CERT Program < Technical Director, Cybersecurity Risk & Resilience Directorate < Cybersecurity Risk Management Product Architect.

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

 

04 Mar
2016
Senior Cyber Security Engineer - 2002669
Pittsburgh, PA or Arlington, VA

Position Summary: The CERT® Division is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT® Division engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.

The individual in this position will work as a member of the Cybersecurity Assurance Team.  The Cybersecurity Assurance team develops solutions (in the form of frameworks, models, tools, policies, practices, technical guidance, and training) that allow organizations to identify, analyze, and manage organizational, operational, and technical risks to mission-critical assets, processes, systems, and infrastructures.  The individual will conduct applied research and perform assessments, diagnostics, and analysis techniques to better understand and mitigate risks to cyber environments and the organizational processes that depend on them.  Activities will include close work with customers from a variety of organizations, including DoD, government agencies, and commercial organizations.

 

Minimum Qualifications and Requirements:

Education/Training: BS in computer science, software engineering, information systems, or a related scientific/technical field with ten (10) years of experience.

Experience: Professional experience as a cybersecurity analyst, enterprise/security architect, or information system security specialist. Experience with and applied knowledge in

  • Information technology and telecommunications systems.
  • Cybersecurity, survivability, and resilience concepts and issues.
  • Software and systems engineering.
  • Building and maintaining DoD customer relationships.
  • Data Analytics and quantitative measures.
  • Strategic Planning and requirements definition.
  • Process Improvement.
  • Business Continuity/Disaster Recovery.
  • Operational Risk Management.
  • Program planning, budgeting, and management.        

Skills/Abilities: Must exhibit the following skills and abilities:

  • understanding of information technology and telecommunications systems.
  • working knowledge of network interoperability, cybersecurity, and survivability issues, including cybersecurity best practices and standards.
  • working knowledge of DHS critical infrastructure sectors and related security and resilience issues.
  • working knowledge of the DoD and Agency resilience needs and cybersecurity roadmaps.
  • development and delivery of information and infrastructure security risk and vulnerability evaluations.
  • ability to conduct analytical studies and investigations.
  • reasoning and problem-solving skills.
  • ability to work independently with limited supervision.
  • ability to interact effectively with diverse constituencies internally and externally.
  • ability to work well as a member of a cooperative team; ability to work in a matrix organizational structure.
  • ability to recognize and deal appropriately with confidential and sensitive information.
  • ability to implement project plans, monitor project budgets, and identify and mitigate project risks.
  • leadership and mentoring skills.
  • excellent written and oral communication skills; ability to contribute to technical research white papers and reports; ability to prepare papers and deliver presentations to technical and non-technical audiences; ability to contribute to customer technical exchanges and marketing presentations.
  • ability to work on customer sites with high-ranking members of the Federal Government and US Military to define customer requirements.
  • participation in professional society activities, particularly IEEE and ACM.

Physical/Mobility:  Primarily sedentary in an office setting with some mobility.  Ability to travel frequently to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings.

Environmental Conditions: Close contact with computer for extended periods of time.

Mental: Strong interest in the human, managerial, and technical aspects of cybersecurity is critical for this position as are these abilities:

  • take or share leadership role in technical projects.
  • work meticulously with careful attention to detail.
  • meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities.
  • deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff.
  • ability to understand the big picture, direction, and goals of an effort; ability to develop and communicate innovative ideas; ability to demonstrate initiative and to quickly learn new procedures, techniques, approaches, etc.

Other

  • Strong interest in cybersecurity and critical infrastructure protection analysis basis research, applied research, and development
  • Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements

Education/Training: MS in computer science, software engineering, information systems, or a related scientific/technical field with eight (8) years of experience.  PhD in computer science, software engineering, information systems, or a related scientific/technical field with five (5) years of experience.

Licenses: CISSP, CISM, CAP, GIAC, or similar; certifications from the audit discipline (such as CISA) are also acceptable.

Experience: In addition to the minimum experience above, preferred experience includes:

  • experience in both physical and cyber aspects of security; familiarity with resilience concepts.
  • familiarity with process improvement models such as CMMI or SixSigma, TQM, ISO9000, CERT-RMM.
  • familiarity with standards for measurement (including ISO 15939).
  • familiarity with NIST 800-series standards for information security.
  • familiarity with the DoD RMF standard for information assurance certification and accreditation.
  • familiarity with standards for security (ISO 27000), business continuity (BS 25999), and IT operations (ISO 20000).
  • working in a team environment on collaborative projects in critical infrastructure sectors involving network, system or data security.
  • experience and/or detailed understanding of the following:
    • networking
    • firewalls, intrusion detection systems, and other security technologies
    • security strategy and policies
    • IT risk management
    • Business continuity and disaster recovery
    • Cyber training development and cyber career management

Skills/Abilities: In addition to the minimum skills/abilities above, preferred skills/abilities include:

  • ability to lead work teams as needed.
  • consulting skills.
  • demonstrated ability to deliver coursework and training.
  • excellent oral and written communication skills.

 

Accountability: The individual will implement and participate in the planning and execution of projects leading to technical results. The individual will also contribute to project, department, or program objectives and planning document development.  The individual will keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution.

Direction: The individual is expected to act independently using CMU, SEI, and NSS defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual must make sound technical decisions with little supervision. The individual must accurately represent the program in interactions with customers, sponsors, and the public. The individual is expected to perform analysis on-site at customer locations and immediately assess potential vulnerabilities requiring further investigation. 

Supervisory Responsibilities: This position could involve the training and oversight of the work of other staff members, graduate students, resident affiliates, visiting scientists, and independent contractors.   Depending on research project or customer work plan, position may involve task leadership.

 

Job Functions or Responsibilities:

30%    Participate in the examination, analysis, and documentation of assessments, diagnostics, and analysis techniques for information and infrastructure security; examine data on cybersecurity and technology risks to identify problem areas and propose mitigation alternatives.

25%    Participate in the delivery of existing NSS cybersecurity, resilience, and risk assessment and analysis approaches with customers and partners;  participate in research, analysis, and documentation of cybersecurity issues, concerns, and risks at customer locations.

20%    Participate in research into innovative and cutting-edge tools, techniques, and methods to improve cybersecurity and resilience; transition research into applied knowledge for customers

10%    Deliver courses in operational resilience management, cybersecurity management, and information security risk management.

SECONDARY FUNCTIONS

5%      Contribute to conferences and meetings; participate in marketing calls and technical exchanges with clients; give talks and lectures as appropriate; participate on working groups for subjects of interest

5%      Contribute to and review the literature in cybersecurity, resilience, and software engineering

5%      Provide assistance and input to other teams and projects within the SEI

100% TOTAL EFFORT

 

Organizational Chart: Director, CERT Division < Technical Director, Cybersecurity Assurance Directorate < Technical Manager, Cybersecurity Assurance < Senior Cybersecurity Engineer.

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

25 Feb
2016
Cyber Security Engineer - Penetration Tester - 2002651
Pittsburgh, PA or Arlington, VA

This position can be located in Pittsburgh, PA or Arlington, VA.

Position Summary:  The CERT Division is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Division engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.

The individual in this position will work as a member of the Cybersecurity Assurance (CA) Team within the Networked Systems Survivability Program. The CA team develops solutions (in the form of frameworks, models, tools, policies, practices, technical guidance, and training) that allow organizations to assess, analyze, and manage organizational, operational, and technical risks to mission-critical assets, processes, systems, and infrastructures.

 

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science (or other technical field) with eight (8) years’ experience, or equivalent combination of training and experience.

Certifications:  Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), and/or Certified Ethical Hacker (CEH)

Experience: Professional experience as a penetration tester, system or network administrator, information systems auditor, software engineer, information systems analyst, or similarly technical occupation.

Experience with and applied knowledge in:

  • Common penetration testing methodologies and tactics (PTES, OWASP testing guide, etc.)

  • Popular penetration testing toolsets (Metasploit framework, vulnerability scanners, web application scanners, Nmap)

  • Knowledge of common networking protocols and services

  • Basic knowledge of exploit development and application fuzzing

  • Windows and Linux Operating System environments, networking devices, and common database platforms

  • Cyber security, survivability, and resilience concepts and issues

  • Software and systems engineering

  • Building and maintaining customer relationships

  • Data analytics and quantitative measures

  • Strategic Planning and requirements definition

  • Process improvement

  • Program planning, budgeting, and management

Skills/Abilities: Must exhibit the following skills and abilities:

  • Understanding of information technology, penetration testing, and telecommunications systems

  • Working knowledge of network interoperability, cyber security, and survivability issues, including cyber security best practices and standards

  • Working knowledge of DHS critical infrastructure sectors and related security and resilience issues

  • Working knowledge of the DoD and Agency resilience needs and cyber security roadmaps

  • Development and delivery of information and infrastructure security risk and vulnerability evaluations

  • Ability to conduct analytical studies and investigations

  • Reasoning and problem-solving skills

  • Ability to work independently with limited supervision

  • Ability to interact effectively with diverse constituencies internally and externally

  • Ability to work well as a member of a cooperative team; ability to work in a matrix organizational structure

  • Ability to recognize and deal appropriately with confidential and sensitive information

  • Ability to implement project plans, monitor project budgets, and identify and mitigate project risks

  • Leadership and mentoring skills

  • Excellent written and oral communication skills; ability to contribute to technical research white papers and reports; ability to prepare papers and deliver presentations to technical and non-technical audiences; ability to contribute to customer technical exchanges and marketing presentations

  • Ability to work on customer sites with high-ranking members of the Federal Government and US

  • Participation in professional society activities, particularly IEEE and ACM 

Physical/Mobility: Primarily sedentary in an office setting with some mobility. Ability to travel frequently to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings.

Environmental Conditions: Close contact with computer for extended periods of time.

Mental: Strong interest in the human, managerial, and technical aspects of cyber security is critical for this position as are these abilities:

  • Take or share leadership role in technical projects

  • Work meticulously with careful attention to detail

  • Meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities

  • Deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff

  • Ability to understand the direction, and goals of an effort; ability to develop and communicate innovative ideas; ability to demonstrate initiative and to quickly learn new procedures, techniques, approaches, etc.

Other: Must be able to work independently and travel as needed; this position requires frequent solo travel by car to customer sites in remote areas. Strong interest in cyber security and critical infrastructure protection analysis basis research, applied research, and development.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information. Candidates must be able to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science (or related technical field) with five (5) years’ experience or equivalent experience.

Certifications:  Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), and Certified Information Systems Auditor (CISA),

Experience: 

  • Expert proficiency with a variety of technical vulnerability analysis tools
  • Advanced penetration testing experience
  • Software development experience and advanced exploit development

Skills/Abilities: Strong presentation/platform skills and excellent writing skills.

 

Accountability: The individual will implement and participate in the planning and execution of projects leading to technical results. The individual will also contribute to project, department, or program objectives and planning document development. The individual will keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution.

Direction: The individual is expected to act independently using CMU, SEI, and NSS defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual must make sound technical decisions with little supervision. The individual must accurately represent the program in interactions with customers, sponsors, and the public. The individual is expected to perform analysis on-site at customer locations and immediately assess potential vulnerabilities requiring further investigation. 

Supervisory Responsibilities: This position could involve the training and oversight of the work of other staff members, graduate students, resident affiliates, visiting scientists, and independent contractors. Depending on research project or customer work plan, position may involve task leadership.

 

Job Functions or Responsibilities:

60% Participate in risk and vulnerability assessments operating in a technical leadership role; analyze assessment data to identify risk areas and propose mitigation alternatives.

15% Participate in research into innovative and cutting-edge tools, techniques, and methods to improve cyber security and penetration testing; transition research into applied knowledge for customers.

10% Deliver courses on offensive security tools and tactics and penetration testing management.

5% Contribute to conferences and meetings; participate in marketing calls and technical exchanges with clients; give talks and lectures as appropriate; participate on working groups for subjects of interest.

5% Contribute to and review the literature in cyber security, resilience, and software engineering.

5% Provide assistance and input to other teams and projects within the SEI.                     

100% Total Effort

 

Organizational Chart:  Director, CERT Division < Technical Director, Cyber Security Solutions Directorate < Deputy Director, Cyber Security Solutions Directorate < Technical Manager, Cybersecurity Assurance Team < Cyber Security Engineer

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

 

 

25 Feb
2016
Cyber Security Engineer - Penetration Tester - 2002652
Pittsburgh, PA or Arlington, VA

This position can be located in Pittsburgh, PA or Arlington, VA.

Position Summary:  The CERT Division is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Division engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.

The individual in this position will work as a member of the Cybersecurity Assurance (CA) Team within the Networked Systems Survivability Program. The CA team develops solutions (in the form of frameworks, models, tools, policies, practices, technical guidance, and training) that allow organizations to assess, analyze, and manage organizational, operational, and technical risks to mission-critical assets, processes, systems, and infrastructures.

 

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science (or other technical field) with eight (8) years’ experience, or equivalent combination of training and experience.

Certifications:  Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), and/or Certified Ethical Hacker (CEH)

Experience: Professional experience as a penetration tester, system or network administrator, information systems auditor, software engineer, information systems analyst, or similarly technical occupation.

Experience with and applied knowledge in:

  • Common penetration testing methodologies and tactics (PTES, OWASP testing guide, etc.)

  • Popular penetration testing toolsets (Metasploit framework, vulnerability scanners, web application scanners, Nmap)

  • Knowledge of common networking protocols and services

  • Basic knowledge of exploit development and application fuzzing

  • Windows and Linux Operating System environments, networking devices, and common database platforms

  • Cyber security, survivability, and resilience concepts and issues

  • Software and systems engineering

  • Building and maintaining customer relationships

  • Data analytics and quantitative measures

  • Strategic Planning and requirements definition

  • Process improvement

  • Program planning, budgeting, and management

Skills/Abilities: Must exhibit the following skills and abilities:

  • Understanding of information technology, penetration testing, and telecommunications systems

  • Working knowledge of network interoperability, cyber security, and survivability issues, including cyber security best practices and standards

  • Working knowledge of DHS critical infrastructure sectors and related security and resilience issues

  • Working knowledge of the DoD and Agency resilience needs and cyber security roadmaps

  • Development and delivery of information and infrastructure security risk and vulnerability evaluations

  • Ability to conduct analytical studies and investigations

  • Reasoning and problem-solving skills

  • Ability to work independently with limited supervision

  • Ability to interact effectively with diverse constituencies internally and externally

  • Ability to work well as a member of a cooperative team; ability to work in a matrix organizational structure

  • Ability to recognize and deal appropriately with confidential and sensitive information

  • Ability to implement project plans, monitor project budgets, and identify and mitigate project risks

  • Leadership and mentoring skills

  • Excellent written and oral communication skills; ability to contribute to technical research white papers and reports; ability to prepare papers and deliver presentations to technical and non-technical audiences; ability to contribute to customer technical exchanges and marketing presentations

  • Ability to work on customer sites with high-ranking members of the Federal Government and US

  • Participation in professional society activities, particularly IEEE and ACM 

Physical/Mobility: Primarily sedentary in an office setting with some mobility. Ability to travel frequently to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings.

Environmental Conditions: Close contact with computer for extended periods of time.

Mental: Strong interest in the human, managerial, and technical aspects of cyber security is critical for this position as are these abilities:

  • Take or share leadership role in technical projects

  • Work meticulously with careful attention to detail

  • Meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities

  • Deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff

  • Ability to understand the direction, and goals of an effort; ability to develop and communicate innovative ideas; ability to demonstrate initiative and to quickly learn new procedures, techniques, approaches, etc.

Other: Must be able to work independently and travel as needed; this position requires frequent solo travel by car to customer sites in remote areas. Strong interest in cyber security and critical infrastructure protection analysis basis research, applied research, and development.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information. Candidates must be able to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science (or related technical field) with five (5) years’ experience or equivalent experience.

Certifications:  Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), and Certified Information Systems Auditor (CISA),

Experience: 

  • Expert proficiency with a variety of technical vulnerability analysis tools
  • Advanced penetration testing experience
  • Software development experience and advanced exploit development

Skills/Abilities: Strong presentation/platform skills and excellent writing skills.

 

Accountability: The individual will implement and participate in the planning and execution of projects leading to technical results. The individual will also contribute to project, department, or program objectives and planning document development. The individual will keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution.

Direction: The individual is expected to act independently using CMU, SEI, and NSS defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual must make sound technical decisions with little supervision. The individual must accurately represent the program in interactions with customers, sponsors, and the public. The individual is expected to perform analysis on-site at customer locations and immediately assess potential vulnerabilities requiring further investigation. 

Supervisory Responsibilities: This position could involve the training and oversight of the work of other staff members, graduate students, resident affiliates, visiting scientists, and independent contractors. Depending on research project or customer work plan, position may involve task leadership.

 

Job Functions or Responsibilities:

60% Participate in risk and vulnerability assessments operating in a technical leadership role; analyze assessment data to identify risk areas and propose mitigation alternatives.

15% Participate in research into innovative and cutting-edge tools, techniques, and methods to improve cyber security and penetration testing; transition research into applied knowledge for customers.

10% Deliver courses on offensive security tools and tactics and penetration testing management.

5% Contribute to conferences and meetings; participate in marketing calls and technical exchanges with clients; give talks and lectures as appropriate; participate on working groups for subjects of interest.

5% Contribute to and review the literature in cyber security, resilience, and software engineering.

5% Provide assistance and input to other teams and projects within the SEI.                     

100% Total Effort

 

Organizational Chart:  Director, CERT Division < Technical Director, Cyber Security Solutions Directorate < Deputy Director, Cyber Security Solutions Directorate < Technical Manager, Cybersecurity Assurance Team < Cyber Security Engineer

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

 

 

21 Jan
2016
Information Security Analyst - 2002470
Pittsburgh, PA

Position Summary:  The individual in this position will work as a member of the IT Network and Infrastructure Engineering Group and have as their primary responsibility the administration of enterprise information security systems and the analysis, auditing, investigation, and follow-up of the data generated by those systems. Information security systems in the purview of this position include Intrusion Detection Systems (IDS), netflow systems, DNS monitoring, email security appliances, vulnerability and web application scanning, and log/event correlation systems. This position will also aid in the development of security practices and participate in the overall information security mission of the organization, for example advising other administrators during system deployments as to proper security considerations. This position will also collaborate closely with research programs within the SEI that perform cutting-edge research on information security topics to integrate their research into practical enterprise-scale applications.

 

Minimum Qualifications and Requirements:

Education/Training:  BS in Computer Science, Information Science, Information Technology with up to (3) three years of experience.  Candidates with a degree in other technical fields (e.g., engineering) and/or years of relevant experience as described above will be considered as well.

Experience: At least three (3) years’ experience in at least some the following information security areas, performed as a primary job task: security-related network flow capture and analysis, Snort/Sourcefire IDS administration with signature development, or forensic investigation and analysis of suspect systems using network-related security indicators as part of the investigation. At least some experience with general network administration and administration of services in a Linux-based environment is required.

Skills/Abilities: Strong skills in basic networking; strong knowledge of Linux and Windows operating systems; some skill in administering Linux-based services such as IDS or log analysis; skill in operating a Snort/Sourcefire IDS system and the ability to develop, deploy, and manage IDS rulesets; skill in operating a vulnerability and/or web application scanning system; familiarity with investigating systems in a basic forensics capacity to determine if a system is compromised and/or operating maliciously; administration and use of a netflow capture and analysis system; some scripting ability in a common language such as Perl or Python.

Mobility:  Daily foot travel between buildings in and around the CMU campus. Infrequent business travel required, usually to the Washington, DC area (approx. 4 times/year). Computer hardware installation and configuration required on a periodic basis, sometimes involving transport of heavy objects (typically under 100 lbs.) short distances using assistance devices, use of hand tools, et cetera. Carrying of light objects (< 20 lbs.) for longer distances (intra-campus; 2-3 city blocks) may also be required.

Environmental Conditions: Ability to use a computer keyboard and display for extended periods of time; periodic work in a computer datacenter or wiring closet environment.

Mental:  Ability to work under pressure and meet deadlines; ability to prioritize tasks; strong learning capability; ability to interact effectively with others of varying technical competency, vendors, managers, and other technical research staff; ability to work effectively with other groups within the SEI and Carnegie Mellon. Strong analytical and technical problem-solving skills. Strong information organization skills as well as good oral and written communication skills are required.

Other:  Ability to work on weekends and after-hours as necessary, especially during security incidents and emergencies.  This position will be infrequently called upon outside of business hours as an escalation point for information security-related issues and incidents.  Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Licenses: CISSP, CISM

Experience:  Use of the SiLK tools, YAF, Analysis Toolkit for netflow analysis.

Skills/Abilities:  SiLK tools; YAF; advanced Perl programming; Cisco IOS and ASA-OS; Juniper JunOS, Wireshark or other tools to process PCAP files; SEIM tools such as QRadar, ArcSight or Splunk; FireEye Email Security; Nessus vulnerability scanner; Acunetix web vulnerability scanner.

 

Accountability:  Employee is accountable for describing, implementing and/or maintaining an efficient, reliable and secure configuration of computing services in support of the SEI initiatives and/or a sponsor/client.  Employee may be responsible for the proper handling/destruction of confidential and sensitive information.

Direction:  Employee will be expected to work under minimum supervision within the defined scope of authority and in accordance with SEI IT operating guidelines.

Decisions:  Under management direction, the employee will decide the appropriate configuration for production computing services. Employee will determine how best to allocate and/or acquire resources necessary to implement and evolve information services.  Employee will determine the cause of computing problems and take corrective action in a timely fashion when a system/service fails or becomes unavailable.  Employee will describe the appropriate procedures to configure and maintain a particular computing system to support one or more critical business functions in a secure manner.

Supervisory Responsibilities:  Employee will provide assistance to staff members / clients in the proper configuration/use of computer hardware and software services and tools.

 

Job Functions or Responsibilities:

70%     Administration of, response to and evolution of the information security systems of the SEI.

15%     Collaboration with other IT groups and SEI programs on various information security-related initiatives.

10%     Maintaining awareness of evolving trends in information security.

5%       Other IT duties as assigned.

100% TOTAL EFFORT

 

Organizational Chart:  ITS Director < Network and Infrastructure Engineering Manager < Information Security Analyst

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

14 Aug
2015
Machine Learning Research Scientist -2001624
Pittsburgh, PA or Arlington, VA

Position Summary: Work with elite cybersecurity experts and university faculty to build new data mining technologies that will influence the national strategy against cyber attacks in the coming decades. Projects may include developing metrics and experimental designs for large-scale cybersecurity research programs, researching human-in-the-loop machine learning, and analyzing cybersecurity incident data. You will co-author research proposals, execute studies, and present findings to DoD sponsors and academic conferences. Consider applying for this position if you are a proven computer science expert with a firm grasp of security principles and statistical theory.

 

Minimum Qualifications and Requirements:

Education/Training: Background in machine learning, security, statistics, or related quantitative field with a Bachelor’s degree and eight (8) years of experience; Master’s degree and five (5) years of experience; PhD and two (2) years of experience; or equivalent combination of training and experience.

Experience: Two plus (2+) years of experience.

Skills/Abilities: An ideal candidate will have expertise in the following areas. Experience with specific methods is less important than evidence that you can learn.

  • Ability to perform computer science research related to cybersecurity
  • Basic grasp of statistical models
  • Comfortable working in the Unix command line
  • Demonstrated ability to work in a multi-disciplinary environment
  • Expert communication

Physical / Mobility:  Mostly sedentary, with occasional meetings in nearby buildings.

Environmental Conditions:  Close contact with computer for extended periods of time.

Mental:  Meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities. Deal collaboratively, diplomatically, and successfully with customers and colleagues.

Other:  Candidates will undergo a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

 

Preferred Qualifications and Requirements:

Education/Training: PhD in machine learning, computer science, statistics, or other related quantitative field.

Experience: Two plus (2+) years of experience in computer science or machine learning.

Skills/Abilities:

  • Expertise implementing machine learning techniques (e.g., K-means, SVM, neural networks)
  • Familiar with at least one mathematical/statistical programming package (e.g., python numpy/scipy/pandas, R, MATLAB, etc.)
  • Strong software engineering skills
  • Cybersecurity or privacy experience
  • Experience supporting test and evaluation for large-scale government research programs is a plus

 

Decisions:  The individual must be able to make decisions about the proper scope of assigned research.  This includes being able to discern applicable paper topics, making decisions regarding experimental design and methods, and exercising strong time management skills.  The individual must accurately represent the program in interactions with customers, sponsors, and the public.

Supervisory Responsibilities:  This position may involve the training and supervision of graduate students and junior employees.

 

Job Functions or Responsibilities:

40%  Data analysis & data analysis tool development.

25%  Other types of research support including designing experiments and metrics.

15%  Participating in the research community, including attending and presenting at conferences, and reading and writing academic papers.

10%  Writing proposals and reports.                 

10%  Consulting and project planning with other groups in the SEI.

100% Total Effort

 

Organizational Chart:  CERT Program, Director > CERT Program, Technical Director for Cyber Security Foundations > Science of Cyber Security Research Manager > Applied Statistician / Data Scientist

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

22 Jan
2015
Senior Engineer - 2000388
Arlington, VA

Position Summary: The Senior Member of the Technical Staff, SSD Washington Operations will function in two roles: (1) providing advice and assistance to the SSD Director and the Associate Director – Washington Operations to better align SEI capabilities, research, and offerings to address DoD priorities at all levels across the information system, C4ISR, and weapon system communities and (2) leading teams and participate as a team member in delivering technical solutions to SEI customers across the DoD, Intelligence Community, federal agencies, states, and industry sector.

Key activities include engagement with and representation of SEI with senior acquisition technical and program leaders and managers in key OSD and other DOD organizations;  assessing evolving acquisition/engineering/operational policies, guidance, and key DoD challenges to enable SEI strategy, program, and business development; enhancing SEI’s ability to achieve better integration of software practices with DoD’s systems engineering framework; leading and working on teams to deliver a range of technical assistance to identify and solve large-scale systems development problems; applying, adapting, integrating, and transitioning the SEI body of knowledge and other bodies of knowledge to maximize impact; creating and institutionalizing new SEI approaches to support customer needs and advance the software engineering state of the practice. The candidate will work closely with the SSD Director and the Associate Director of SSD, Washington Operations and other SSD and SEI organizations and programs.  The scope of this interaction includes senior leadership, the Director of SEI Strategic Initiatives, and other SEI division directors.  The technical staff member will be able to lead and participate in multi-disciplinary teams in support of the SEI and SSD vision and mission.

Minimum Qualifications and Requirements

Education/Training:  Master’s degree in engineering (computer science, information systems, systems engineering, software engineering, other engineering disciplines with eight (8) years of experience; or equivalent combination of training and experience.

Experience: The candidate must have at least ten (10) years’ experience as a program manager and chief engineer (or equivalent such as CIO or deputy) in a major DoD command, organization, or acquisition program. Must be knowledgeable of DoD engineering policy, guidance, and practice, and organizations as well as understand the acquisition and engineering organizations and processes in DoD at a minimum with understanding of the Intelligence Community or federal agency acquisition processes. The candidate should have experience building, leading, managing and participating on cross-functional, technical teams; should be able to operate effectively from the executive to the technical staff level in organizations; and have the demonstrated interpersonal, communication, and representational to deal with customers and OSAD level sponsors.   

Skills/Abilities:  Detailed knowledge of planning, organizing, and managing engineering organizations and functions within a government acquisition program and oversight of contractor engineering efforts for a range of defense systems. 

Experience in five or more of the following:  Civilian Agency or DoD software-intensive systems acquisition or development on large-scale systems.  Solid technical breadth and understanding of all aspects of the end-to-end engineering lifecycle (e.g. requirements, design, implementation, testing etc.). and to effectively leverage architecture concepts such as Enterprise Architecture (e.g. Federal Enterprise Architecture Framework [FEAF], the DoD Architecture Framework [DoDAF]), and Software architecture development and evaluation including quality attributes;  Systems engineering of software-intensive systems and systems of systems; Requirements development and management; Software integration and test and software/hardware integration; COTS product integration;  IT architectures;  Deployment and sustainment of software-reliant systems, including legacy system migration;  knowledge of modern software development languages and platforms.

Strong written and verbal communications skills and the ability to present to high visibility stakeholders internal and external to the organization.  Program and project management skills including Interfacing with clients, developing proposals, and establishing relationships with new DoD and/or government clients and programmatic skills (e.g., ability to develop project plans, scope and track deliverables, manage risks, perform financial management).  Ability to lead and participate in multidisciplinary teams.    

Mobility:  Will be required to travel on overnight assignments.

Environmental Conditions: Usual office setting with extended use of CRT.

Other:   U.S. Citizenship is required.  Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.

 

Preferred Qualifications and Requirements 

Education/Training:  Master's degree in engineering (Computer Science, Information Systems, systems engineering, software engineering, or other discipline with 10 years of experience in DoD Major defense acquisition management.

Licenses/Certifications: DoD Certified Level 3 Program Manager, DoD Certified Level 3 Systems Engineer

Skills/Abilities:  Experience in organizational change management at a leadership/senior leadership level involving project planning and execution, budgeting, and staffing.  Completion of DoD acquisition accreditation levels (Program Management, Systems Engineering, and/or Test).

 

Accountability:  The member will be directly accountable for understanding DoD acquisition needs, applying new technologies, and establishing delivery capabilities to meet the needs of the sponsoring organization and the acquisition community.

Direction: As a technical staff member, he/she will be expected operate with minimum supervision using CMU and SEI defined practice, policies and procedures, in concert with the SEI mission.

Decisions: Will be required to work with government organizations to identify strengths and weaknesses within the acquisition/sustainment program and their contractor base and build solutions to address the weaknesses and recognize and encourage the strengths.

Supervisory Responsibilities:  May supervise others.

 

Job Functions or Responsibilities:

80%              Participate as a leader or member of technical teams in support of government acquisition program offices or participate as a member of a technical team performing research.  Identify and support the implementation strategies for the capture and application of learning and knowledge transfer from assignments (e.g. dissemination of research results, case studies, guides, reports, presentations, articles, workshops, courses, and blog entries).

20%              Duties as assigned by the Director, Software Solutions Division (SSD) and/or the Associate Director SSD, principally business development and relationship development and maintenance.

100% Total Effort

 

Organizational Chart: SSD Director > Associate Director Washington Ops > Senior Engineer
 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran
 

 

Search for Postions

 Interested in working with us?

Search positions

Accessibility Needs for Applicants, Students and Visitors

Carnegie Mellon University makes every effort to provide physical and programmatic access individuals with disabilities. If you require an accommodation to participate in any part of the employment process, please contact Disability Resources by emailing access@andrew.cmu.edu or calling 412-268-3930.

Carnegie Mellon University considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.