Position Summary: The Secure Coding Team, of the world renowned CERT division of the Software Engineering Institute, is a pioneer of the identification and development of secure coding and secure software development practices. We are looking for exceptional candidates to help us continue our legacy of ground-breaking improvements for securing software during development. Software has never been more important to our lives and our national security, nor has software insecurity ever been a greater risk.
Joining the Secure Coding team, you will work with world-class cyber security experts to help software developers and software development organizations reduce vulnerabilities resulting from coding errors before they are deployed. We identify common programming errors that lead to software vulnerabilities, establish standard secure coding standards, develop tools to evaluate and improve software, educate software developers, and advance the state of the practice in secure coding that leads to secure software systems.
The successful candidate will lead and participate in research and engineering projects that identify and implement best practices for organizations to develop secure software systems. This will include developing and applying guidelines for writing secure code in C, C++, Java, and other popular languages. It also includes developing and using tools to verify that software is developed securely. The candidate will work directly with customers to: develop and provide training in secure coding practices; evaluate, extend, and use tools to improve and automate source code analysis; review and improve code bases to ensure that best practices are being followed; and enhance the customers’ organizational capabilities to produce secure software systems. The candidate will be expected to write reports and deliver presentations that explain the findings of research and software evaluations, helping customers improve their software to meet the security and privacy needs of their users.
Minimum Qualifications and Requirements:
Education/Training: BS in Computer Science, Software Engineering, Information Science, or Information Systems Management with ten (10) years applicable experience.
Skills/Abilities: Successful candidates will have the ability to:
Develop and analyze source code in common programming languages such as C, C#, C++, Java, and Python, with a focus on secure coding principles and practices
Use static and dynamic analysis tools to evaluate software to find and remove vulnerabilities
Build and configure various software build enviornments, and build custom tools to integrate and automate the use of software building and analysis tools
Develop and implement novel and advanced software analysis techniques
Develop and modify compilers and interpreters, understanding the underlying computer and compiler architectures, algorithms, performance trade-offs, and impact of optimization techniques on security issues
Lead projects in a team environment with other team members with varying skills, experience and locations
Plan and organize the evaluation approach for projects, including the collection and analysis of data from multiple sources, generate defensible results, and represent them in reporting products and interactions with customers, sponsors, and the public
Recognize and deal appropriately with confidential and sensitive information such as source code and software weaknesses and vulnerabilities
Develop and explain technical decisions and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements
Work meticulously with careful attention to detail required to identify defects and weaknesses in large software systems, and to identify development process improvement opportunities.
Be self-motivated and capable of self-learning to maintain a working knowledge of the ever-changing software development landscape.
Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI and Carnegie Mellon community, customer sites, conferences, and offsite meetings with some frequency.
Environmental Conditions: Normal office conditions, close contact with computer for prolonged periods of time.
Mental: Ability to work under pressure and changing priorities; pay attention to detail; meet inflexible deadlines; deal with challenges while maintaining composure; work with sensitive information.
Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.
Preferred Qualifications and Requirements:
Education/Training: MS in Computer Science, Software Engineering, Information Science, or Information Systems Management with eight (8) years applicable experience; or PhD in those disciplines with five (5) years applicable experience.
Work with DoD and other US Government software-intensive systems programs and software maintenance groups, understanding their unique needs, proposing and closing work to meet their needs, and lead projects to develop solutions that address their secure software development and acquisition needs.
Representing DoD and US Government program constituency and perspective based on experience to other team members to aid in developing relevant research and development proposals and solutions.
Transitioning knowledge, tools, and other work products from research projects to DoD and other US Government partners.
Develop approaches to address software assurance in the risk management framework context.
Develop and analyze software for specific platforms, such as mobile platforms and embedded systems.
Evaluate software assurance using a range of methods, such as dynamic and binary analysis, model checking, assertions, and semantic formalizations.
Accountability: Contributes to program objectives and plans development.
Direction: Performs under minimal supervision, independent judgment is encouraged. Most normal duties and responsibilities are handled independently with the use of established procedures and policies. Difficult or unique situations are referred to the supervisor. Ability to work directly on-site at a customer location with minimal direct supervision from direct supervisor.
Decisions: Participate in conferences and workshops where security-related issues are discussed as required.
Job Functions or Responsibilities:
40% Lead and directly support customer work in secure coding, verification and validation techniques, and technical training. Tailor our current offerings to provide value to customers by evaluating their software, software development, and software acquisition/procurement practices, and providing improvement recommendations. Communicate the findings of such evaluations through reports and presentations. Build new tools and capabilities that improve our ability to meet customer needs.
30% Contribute to internally funded research projects, developing experimentation environments, evaluating secure software development practices, and communicating results internally and externally in reports and presentations.
15% Codify knowledge that has been gained through customer and research projects to expand and update knowledge transfer materials, such as Secure Coding guidelines, training materials, and tools.
15% Develop knowledge and understanding of SEI capabilities; influence new SEI capabilities to be more applicable to customer problems; work directly with other SEI staff supporting the community with disciplines related to secure coding and secure development, sometimes in leadership role.
100% TOTAL EFFORT
Please visit “Why Carnegie Mellon” to learn more about becoming part of an institution inspiring innovations that change the world.
Carnegie Mellon University is an Equal Opportunity Employer/Disability/Veteran.
About Software Engineering Institute
Pursue your passion and work alongside world-recognized leaders in the field of software engineering. Our staff works with the highest levels of U.S. government and industry to secure the nation's critical infrastructure, improve mission-critical systems, and advance the state of the art.
Interested in working with us? To browse employment opportunities and apply for a position at the SEI, see our list of open positions at http://www.sei.cmu.edu/careers/. You can also visit the Carnegie Mellon site to learn about benefits for eligible employees, search for open positions that match your interests, and create a Job Agent that will notify you by e-mail when jobs that meet your criteria become available.
Resumes from recruiting firms will not be accepted.
Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran