Position Summary: The CERT Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University with offices in Pittsburgh, Pennsylvania and Arlington, Virginia. The CERT Program engages in cutting-edge research, development, testing, and evaluation to improve the state of cybersecurity. As Cybersecurity Risk Management Technical Manager, you will lead a team of technical staff in developing and transitioning cybersecurity capabilities to both government and the private sector with a focus to benefit the US Department of Defense (DoD).
You have both a breadth and diversity of experience with applied research, technology, information assurance, risk management, and technology lifecycle in DoD/Government domains. You are considered an expert source in risk management for your team, and you continue to acquire and expand your knowledge. You enjoy spending time with customers and practitioners to understand their problems and find innovative solutions.
You know how to lead teams (both co-located and geographically dispersed) of senior level engineers and complex projects – to supervise and review their work products, to guide their career paths, and to ease administrative burdens so that they can achieve jointly-developed technical goals. You know how to identify and propose new business development opportunities. You know how to manage a diverse portfolio of work products and customers. You also bring advanced problem-solving and consulting skills in your role as a conduit and representative of the SEI with the community. You enjoy presenting to groups, publishing written works, and teaching/training others, and as a member of the Carnegie Mellon University community, you will have the opportunity to work with world-renowned faculty members and experts in cybersecurity.
As a member of our management team, you work with your Director and other Technical Managers to develop a Directorate-wide strategy, then you roll up your sleeves to develop and execute an implementation plan for your team to meet these goals, thereby assessing and improving the cybersecurity posture of the DoD, US Federal Government, Critical Infrastructure, and Industry.
Minimum Qualifications and Requirements:
Education/Training: BS in computer science, software engineering, information systems, or a related scientific/technical field with ten (10) years’ experience or equivalent combination of training and experience.
Experience: Familiarity with process improvement models that contain the essential elements of effective management, development, and acquisition processes for one or more disciplines (e.g. the SEI’s CMMI) and experience transitioning these models into organizational practice; three or more years of leadership experience with responsibility for project and budget management.
- Consulting skills and experience.
- Demonstrated ability to develop and deliver training courses.
- Project management experience.
- Leadership and mentoring skills.
- Strong knowledge of cybersecurity standards and related bodies of practice.
- Experience with DoD customers.
- Background in process improvement and capability measurement.
- Ability to collaborate with other team members to accomplish organizational goals.
- Critical-thinking skills.
- Excellent written and verbal communications skills.
Physical/Mobility: Primarily sedentary in an office setting with some mobility. Ability to travel frequently to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings.
Environmental Conditions: Close contact with computer for extended periods of time.
Mental: Strong interest in the human, managerial, and technical aspects of cyber security is critical for this position as are these abilities: take or share leadership role in technical projects; work meticulously with careful attention to detail; meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to understand the big picture, direction, and goals of an effort; ability to develop and communicate innovative ideas; ability to demonstrate initiative and to quickly learn new procedures, techniques, approaches, etc.
Accountability: The individual will implement and participate in the planning and execution of projects leading to technical products and results. The individual will also contribute to project, department, and program objectives and planning document development. The individual will keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution.
Direction: The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work.
Decisions: The individual must make sound technical decisions with little supervision. The individual must accurately represent the program in interactions with customers, sponsors, and the public. The individual is expected to perform analysis on-site at customer locations and immediately assess potential vulnerabilities requiring further investigation.
Supervisory Responsibilities: This position could involve the training and oversight of the work of other staff members, graduate students, resident affiliates, visiting scientists, and independent contractors. Depending on research project or customer work plan, position may involve task leadership.
Other: Must have a strong interest in cyber security and critical infrastructure protection, applied research, and development. Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.
Preferred Qualifications and Requirements:
Education/Training: MS in computer science, software engineering, information systems, or a related scientific/technical field with eight (8) years’ experience; PhD in computer science, software engineering, information systems, or a related scientific/technical field with five (5) years’ experience, or equivalent combination of training and experience.
Licenses: CISSP, CISM, GIAC, or similar; certifications from the audit discipline (such as CISA) are also acceptable.
Skills/Abilities: In addition to the minimum skills/abilities above, preferred skills/abilities include: demonstrated ability to develop and deliver coursework and training.
Job Functions or Responsibilities:
30% Manages team to effectively implement and accomplish the SEI Program Plan, the CERT Division strategic plan, and the directorate strategic plan. Sets goals and objectives and manages operational and functional business activities. Develops, implements and tracks short and long term operational plans (financial, staffing, infrastructure, project).
30% Provides guidance to and monitors the success of team/technical leads in meeting strategic and operational goals. Assesses performance of direct reports and makes salary recommendations for all staff within areas of responsibility. Provides oversight of team/technical leads and their supervisory responsibilities of technical staff. Conducts performance reviews. Responsible for recruitment, hiring, development and retention of all technical and support staff for the CRM team.
20% Sets technical direction for team. Leads strategic planning process and contributes to the development of the CRR, CERT, and SEI strategic and program plans. Ensures annual update of plan; reviews feasibility of plan, identifies risks and defines risk mitigation strategy. Articulates vision for internal and external audiences.
10% Identifies opportunities for new technical projects and manages start-up of new, high-priority technical areas of work. Works with Technical Director and business management personnel to develop and implement a funding and transition plan for new work areas.
10% Directs organizational effectiveness and staff training and development plans. Identifies operational success measures and process improvements. Leads corrective actions.
Organizational Chart: Director CERT Program < Technical Director, Cybersecurity Risk & Resilience Directorate < Technical Manager, Cybersecurity Risk Management
Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran