What We Do: Our team provides technical guidance in the areas of capability and capacity development to Security Operations Centers (SOCs) and incident management teams (Computer Security Incident Response). Our partners include Federal agencies, academic institutions, foreign governments, private industry, and non-profit organizations. We develop and implement strategic and operational procedures for the cybersecurity community and regularly interact with sponsors and partners. This position can be located in either Pittsburgh, PA or Arlington, VA.
Our team participates in and leads technical efforts by developing and prototyping new methods of evaluating and measuring operational and mission success. We implement and lead training and engagement efforts across various organizational components such as National Incident Response Teams, Product Security Teams, Security Operation Centers, and general incident management programs.
Who we are: The CERT Security Operations team seeks to develop cutting edge solutions to address critical and emerging challenges encountered by the DoD, DHS, DoS and the International Community. Key to our success is a diverse team of analysts, researchers, and engineers with a passion for understanding the implications of emerging technologies and best practices on US Government defensive missions.
Who we are looking for: A strong technical leader with a solid background in Security Operations and Incident Management. Responsible for the development and execution of strategic and operational procedures for the cybersecurity community, and research that advances the state of the art and practice of cyber operations and a member of a diverse team working across the following areas:
Knowledge of current and effective Incident Response and Security Operations organizational and functional structures and the technical operations performed by these teams.
Capable of conducting and supporting analytical studies and investigations of risk, threat, and security data.
Operational knowledge and significant understanding of methods for evaluating mission operations and success.
Familiarity with machine learning and natural language processing concepts and activities.
Ability to work independently or within a team with members of varying skill sets and levels.
Deep understanding of enterprise technology security issues.
Broad knowledge of commonly deployed computer network defense tools and processes to include leading vendor solutions.
Ability to brief strategic and technical topics to senior management, technical and non- technical audiences.
Experience with current operational challenges and technical threats faced by network security and intelligence organizations.
Familiarity with project planning and management standard methodologies.
Ability to write / craft clear, understandable documentation that translates complicated technical processes to a target audience (A writing sample may be requested).
Team deliverables include technical publications; industry and government conference presentations; course development and delivery; direct customer engagement; and prototype tools and techniques.
BS in in Computer Science or scientific/technical field, or related discipline with ten (10) years of experience; MS is the same fields with eight (8) years of experience; PhD in the same fields with five (5) years of experience or equivalent combination of training or experience.
Demonstrated technical proficiency with contemporary computing hardware, software and network technologies.
Willingness to travel to various locations to support the SEI’s overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Moderate travel (25%)
You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance.
Experience effectively developing and delivering training to technical and management level audiences on subject matter related to computer incident response team (CSIRT) development, incident response operations, and security operations centers.
Background in international capacity and community building.
Experience publishing research and academic papers.
Experience with big data analytics and data science concepts.
Familiarity with metrics and measurement and assessment concepts and practices.
Experience working with the government, or within a critical infrastructure sector.
Experience working within or in collaboration with a national Incident Response or Security Operations organization.
Active in regional or international trade-related organizations such as the Forum of Incident Response and Security Teams (FIRST), North American Network Operators' Group (NANOG), Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), Anti-Phishing Working Group (APWG), etc.
Participation in broad public forums through activities such as standards, open source development, or publication.
Preferred Qualifications and Requirements:
CISSP, CEH, CISM, CompTIA, or similar.
Job Function Breakdown:
45% Create framework and methodology documents, both general and specific, intended to facilitate the organizational and technical capacity development of international partners.
25% Create and deliver training and education materials, exercises, and workshops; along with performing assessments or outreach activities such as developing blogs, podcasts or presentations.
20% Support planning, development, and execution of customer led and/or supported development activities, planning discussions, and awareness raising exercises. Through partnership, awareness, and action evaluate the need for, develop blueprints for, and assist with the implementation of national-level Cybersecurity capabilities.
10% Capture knowledge from engagements, integrate it with lessons learned from other similar work, and help transfer that knowledge for the betterment of the global Cybersecurity community.
TOTAL = 100%
Please visit “Why Carnegie Mellon” to learn more about becoming part of an institution inspiring innovations that change the world.
Carnegie Mellon University is an Equal Opportunity Employer/Disability/Veteran.
About Software Engineering Institute
Pursue your passion and work alongside world-recognized leaders in the field of software engineering. Our staff works with the highest levels of U.S. government and industry to secure the nation's critical infrastructure, improve mission-critical systems, and advance the state of the art.
Interested in working with us? To browse employment opportunities and apply for a position at the SEI, see our list of open positions at http://www.sei.cmu.edu/careers/. You can also visit the Carnegie Mellon site to learn about benefits for eligible employees, search for open positions that match your interests, and create a Job Agent that will notify you by e-mail when jobs that meet your criteria become available.
Resumes from recruiting firms will not be accepted.
Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran