Share Email Opening

Insider Threat Researcher - 2004594 

EOE StatementCarnegie Mellon University - Software Engineering Institute considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.

Position Summary: The goal of the Enterprise Threat and Vulnerability Management (ETVM) team is to assist organizations in improving their security posture and incident response capability by researching technical threat areas; developing information security assessment methods and techniques; and providing information, solutions and training for preventing, detecting, and responding to illicit activity. ETVM team members are domain experts in insider threat and incident response, and team capabilities include threat analysis and modeling; development of security metrics and assessment methodologies; and creation and delivery of training, courses, and workshops.

The selected individual will participate in the examination, analysis, documentation, modeling, and assessment of insider threat and electronic (cyber) and physical crime activity and information security risks to critical infrastructure systems. The selected individual will analyze technical and behavioral issues (potential risk indicators (PRIs) of insiders, and examine privacy concerns regarding organizational practices for identifying and mitigating insider threats.  The individual will work as a member of collaborative project teams in researching and implementing one or more projects composing these studies. This position will involve close work with customers from a variety of organizations, including government agencies and critical infrastructure providers.


Minimum Qualifications and Requirements:

Education/Training:  BS in computer science, software engineering, information systems, or a related technical field with three (3) years experience or equivalent; MS in computer science, software engineering, information systems, a related technical field, or an advanced degree in psychology or other field that will assist in insider threat behavioral identification.

Experience:  Experience in research in a field relevant to insider threat (cyber and behavioral) or experience as a system/network administrator, information systems analyst, or behavioral psychologist.


  • basic knowledge of scientific research and design methodologies
  • broad understanding of network, database and application security issues
  • knowledge of privacy, intellectual property, technology, and legal issues
  • knowledge of insider threat vulnerability assessment criteria
  • ability to apply reasoning and problem-solving skills to conduct analytical studies and investigations
  • understanding of information technology and telecommunications systems
  • strong oral and written communications skills and ability to interact effectively with technical and non-technical audiences, as well as present in front of small and large groups; participate in external customer and sponsor meetings
  • reasoning and problem-solving skills
  • ability to work independently with limited supervision
  • ability to recognize and deal appropriately with confidential and sensitive information
  • participate in conferences and meetings
  • contribute to customer presentations and technology transfer activities
  • strong interest in security analysis R&D
  • ability to create instructional materials and conduct training
  • effective time management skills; and strong problem solving skills

Mobility:  Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites & various critical infrastructure sites.

Environmental Conditions:  Close contact with CRT for extended periods of time.


  • ability and interest in addressing security issues in a holistic manner, addressing both organizational and technical policies and practices; as well as behavioral and organizational issues
  • ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities
  • ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff

Other:   Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.


Preferred Qualifications and Requirements:

Education/Training:  MS in computer science, software engineering, information systems, or a related technical or behavioral field with at least one (1) years experience preferred;  Knowledge of intellectual property or technology law. Certified Information Systems Security Professional (CISSP) or similar certification is desired.


  • Insider Threat Vulnerability Assessor Certificate
  • Insider Threat Program Manager Certificate


  • experience working in or with the DOD, intelligence community, or law enforcement in a classified environment
  • experience in both physical and cyber security; experience in auditing or conducting assessments
  • experience performing insider threat vulnerability assessments
  • experience performing insider threat program evaluations
  • working in a team environment on collaborative projects in critical infrastructure sectors involving network, system or data security
  • experience employing software engineering techniques in designing and developing distributed, secure software, and experience with / knowledge of any of the following: system administration; networking; firewalls, intrusion detection systems, and other security technologies; application development/programming; relational databases
  • experience working with law enforcement and the intelligence community


  • working knowledge of network security/survivability
  • demonstrated ability to prepare papers and presentations for technical and non-technical audiences
  • knowledge of and experience with sound software engineering practices and best practices for information security
  • working knowledge of systems dynamic modeling techniques and modeling applications and tools
  • experience with statistical techniques
  • project management experience
  • leadership and mentoring skills


Accountability: The individual will implement and participate in the planning and execution of projects leading to technical results (this may include the detailed examination and analysis of law enforcement or classified case files). The individual will also contribute to project, department, or program objectives and planning document development. The individual will keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution.

Direction: The individual is expected to act independently using CMU, SEI, and CERT’s defined policies, practices, and procedures – within the scope of assigned work, and to adhere to any additional sponsor-specified requirements related to the projects involved..

Decisions: The individual must make sound technical decisions with little supervision. The individual must accurately represent the program in interactions with customers, sponsors, and the public. The individual is expected to perform analysis on-site at critical infrastructure locations and immediately assess potential vulnerabilities requiring further investigation.

Supervisory Responsibilities: This position could involve the training and supervision of graduate students as well as serve in a mentor role for new employees. 


Job Functions or Responsibilities:

60%     Participate in the examination, analysis, documentation, modeling, and assessment of insider threat and electronic crime activity (in the form of criminal case files, media reports, court transcripts, and other); examine cases and data on secure information technology risks and problem areas and propose mitigation alternatives.

30%     Participate in the development and delivery of security analysis and risk assessment approaches with customers and partners; participate in research, analysis, and documentation of physical/cyber security vulnerabilities at critical infrastructure sites.

10%     Contribute to conferences and meetings; participate in marketing calls on clients; give talks, lectures and workshops as appropriate



Organizational Chart: CERT Program, Director < Cyber Risk & Resiliency (CRR), Technical Director < Enterprise Threat & Vulnerability Management (ETVM), Technical Manager < Technical Team Lead – Enterprise Threat & Vulnerability Management


Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran


Job Categories Cyber Security 

This position is currently not accepting applications.

To search for an open position, please go to

Follow us See who works here:

AppOne.comTM   copyrightŠ1999-2017 HR Services, Inc.
Click here for technical assistance.