Position Summary: The CERT Situational Awareness group researches and develops cutting-edge technical solutions for operational use in high-impact environments. The CERT Situational Awareness Security Solutions Engineer will:
- Provide strategic technical support to senior decision makers
- Lead teams in the development of security architectures
- Provide systems engineering, systems requirements development, technology evaluation and deployment guidance
- Participate in technical efforts, including development and prototyping of new analysis techniques, tools, and platforms, preparation of analytic reports, and contributions to research publications
- Be respected as a subject matter expert by customers, commercial vendors, and the Internet community as a whole
- Be expected to appreciably advance the state of art of cybersecurity architectures
Minimum Qualifications and Requirements:
Education/Training/: Bachelor’s Degree in Computer Science or related scientific/technical field with ten (10) years’ experience in network operations, security operations, or network security research; Master’s Degree in Computer Science or related scientific/technical field with eight (8) years’ experience in network operations, security operations, or network security research; PhD in Computer Science or related discipline with two (2) years’ experience in network operations, security operations, or network security research; or equivalent combination of training and experience.
Professional Experience: Professional experience should include supporting technical decision-making, acquisition and management of large-scale enterprise network security or middleware systems. Experience with full life-cycle management, from costing, design, deployment, operation, maintenance, and retirement for enterprise scale systems is desired.
Skills/Abilities: Ability to function in the role of a consultant, subject matter expert and project manager. Proven ability to research, compare, test and evaluate alternative technical solutions, and communicate results. Planning and organizational skills; strong problem solving skills; excellent oral and written communication skills. Ability to work both independently and with teams. Proven ability to research, compare, test and evaluate alternative technical solutions, and communicate the results. Broad understanding of network, host and application security issues. Experience in various architecture roles (e.g. solution, system, enterprise) and architectures frameworks (e.g. TOGAF, DoDAF, etc.). Ability to brief strategic and technical topics to senior management and non-technical audiences. Knowledge of current challenges and threats faced by USG network security and intelligence organizations. Ability to contribute to strategic direction for a technical group. Expertise in enterprise level systems in network security. Experience in enterprise level transaction systems. Experience in enterprise scale storage with a focus on performance. Familiarity with various Internet protocols (e.g., TCP/IP, HTTP, DNS, SMTP, BGP, TLS).
Physical Mobility: Primarily sedentary in an office setting with some mobility. Flexibility to travel to various locations within the SEI and CMU community, including sponsor sites, conferences, and meetings.
Environmental Conditions: Normal office conditions; close contact with computer display for extended periods of time.
Mental: Ability to work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; ability to participate in conversations collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to develop and communicate innovative ideas; ability to take leadership role in technical projects; ability to quickly learn new procedures, techniques, approaches, etc.
Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.
Preferred Qualifications and Requirements:
Licenses: Practical network security training (e.g. SANS GIAC Level 2 courses, GIAC Certifications, CCNP, CCIE Security, CISSP, CEH, CISM).
Skills/Abilities: Experience with: working with the government, or within a critical infrastructure sector; developing briefing materials for senior leadership within government or industry; deploying or supporting large-scale network security monitoring infrastructures; working with cloud platform delivery and service models; familiarity with distributed computing and/or big data platforms. Prior responsibility in managing a body of work consisting of numerous large scale projects and multiple customers/external sponsors. History of contributions to the broader industry or research community and experience in a variety of network security areas.
Accountability: The individual is accountable for: Active participation in the overall Situational Awareness R&D effort; Participating in the production of original publications in network security analysis; Participating in public speaking engagements, including at remote locations.
Direction: The individual is expected to act with minimal direction using CMU, SEI, CERT and Monitoring and Response defined policies, practices, and procedures – within the scope of assigned work.
Decisions: The individual is expected to participate in the decision-making and problem-solving processes of basic requirements elicitation and validation participation in fundamental research in network security.
Supervisory Responsibilities: This position does not formally supervise others. However, the individual will act in a technical leadership or project lead role in regard to specific work products and activities both at CMU and at the customer site.
Job Functions and Responsibilities:
75% Leads support to the customer program office in the areas of strategy; process/policies; requirements elicitation; design and architecture; operations; outreach; and training.
15% Enable the transition and appropriate focus of NetSA analysis and engineering approaches and tools into operational environments.
10% Design, prototype, and transition tactical analysis studies and tools appropriate for operational use in situational awareness.
100% TOTAL EFFORT
Organizational Chart: CERT Director < Monitoring and Response Technical Director < Situational Awareness Technical Manager < Solutions Team Lead < Sr. Security Solutions Engineer
Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran