Position Summary: The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Program engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the US Department of Defense, federal civilian agencies, private sector organizations and their networked information systems. CERT supports government customers by developing and transitioning cutting-edge analysis techniques and tools, providing strategic advisement, and supporting tactical operations.
The International Cybersecurity Analyst is a member of the CERT technical staff and based either in the SEI Office in Pittsburgh, Pennsylvania or in Arlington, Virginia. The candidate selected to fulfil this role will provide technical subject matter expertise in CERT support of International cybersecurity efforts and associated capability and capacity development efforts. This support will include assisting with the development and pursuit of CERT strategic drivers for engaging in these initiatives and vision for cybersecurity community interaction, regularly interacting with sponsors and stakeholders of these efforts, and execution of efforts as directed by the International CSIRT Initiatives Team Lead to ensure that the work being performed drives toward sponsor goals and CERT strategic drivers.
Minimum Qualifications and Requirements:
Education / Training: Bachelor’s Degree in Computer Science or scientific/technical field with three (3) years of experience or a MS/MA in a scientific or technical field with one (1) year of experience or equivalent combination of training and experience.
Experience: Professional experience should include three (3) or more years of experience supporting or managing large organizational or national-level CSIRT capabilities to include incident response, incident analysis, and development and implementation of mitigation actions and proactive security measures. This should include experience:
- in creating, assessing, and improving these types of teams, as well as a working knowledge of existing global capabilities, advanced technology solutions and initiatives;
- as an operational cybersecurity analyst, incident handler, or operations specialist;
- working with and engaging people in diverse cultural environments, and;
- fostering interaction and collaboration amongst peer organizations.
Skills / Abilities:
- knowledge of current and effective CSIRT organizational and functional structures and the technical operations performed by these teams.
- ability to work independently or within a team with members of varying skill sets and levels.
- broad understanding of enterprise technology security issues.
- broad working knowledge of commonly deployed computer network defense tools and processes to include leading vendor solutions.
- ability to brief strategic and technical topics to senior management, technical and non-technical audiences.
- knowledge of current operational challenges and technical threats faced by network security and intelligence organizations.
- familiarity with project planning and management best practices.
- ability to write / create clear, understandable documentation that translates complicated technical processes to a target audience (a writing sample is required).
Physical Mobility: Possibly sedentary, long periods of sitting, flexibility to travel to other campus locations or customer sites, frequent travel between Pittsburgh and Virginia offices, international travel as required.
Environmental Conditions: Normal office conditions, close contact with computer display for prolonged periods of time.
Mental: Ability to:
- Work meticulously with careful attention to detail.
- Meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities.
- Deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort.
- Develop and communicate innovative ideas.
- Take leadership role in technical projects.
- Quickly learn new procedures, techniques, and approaches.
Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.
Preferred Qualifications and Requirements:
Education / Training: MS/MA in a scientific or technical field with one (1) year of experience.
Licenses: CISSP, CEH, CISM, CompTIA, or similar.
- Participation in broad public forums through activities such as standards, open source development, or publication.
- Experience publishing research and academic papers.
- Experience working with the government, or within a critical infrastructure sector.
- Active in regional or international trade-related organizations such as the Forum of Incident Response and Security Teams (FIRST), North American Network Operators' Group (NANOG), Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), Anti-Phishing Working Group (APWG), etc.
- Demonstrable experience effectively deliver training to technical and management level audiences on subject matter related to computer incident response team (CSIRT) development, incident response operations.
- Background in international capacity and community building.
Accountability: This position is accountable for ensuring that the International CSIRT Initiatives team delivers on the execution of the statement of work for customers sponsoring capability building efforts. The individual is accountable for aligning cybersecurity operations projects with customer needs and re-prioritizing efforts as appropriate, in close coordination with the International CSIRT Initiatives Team Lead.
Direction: The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work.
Decisions: The individual is expected to participate in the decision-making and problem-solving processes of defining, designing, implementing, and sustaining national-level cybersecurity and related operations; suggesting and implementing policies and procedures to support these activities; and creating and sharing information regarding the state of the practice for broad dissemination.
Supervisory Responsibilities: This position will not formally supervise any personnel.
Job Functions or Responsibilities:
70% Create framework and methodology documents, both general and specific to individual stakeholder groups, intended to facilitate the organizational and technical capacity development of international partners.
20% Support planning, development, and execution of customer led and/or supported development activities, planning discussions, and awareness raising exercises. Through partnership, awareness, and action evaluate the need for, develop blueprints for, and assist with the implementation of national-level CYBERSECURITY capabilities.
10% Capture knowledge from the engagements undertaken, integrate it with lessons learned from other similar work, and help transfer that knowledge for the betterment of the global CYBERSECURITY community.
100% TOTAL EFFORT
Organizational Chart: CERT Program Director < Monitoring and Response Technical Director < Security Operations Technical Manager < International CSIRT Initiatives Team Lead < International Cybersecurity Analyst.
Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran