Position Summary: The CERT Situational Awareness group researches and develops cutting-edge network security analysis techniques for operational use in high-impact environments. The CERT Situational Awareness Network Defense Analyst will:
- Participate in and lead technical efforts, including development and prototyping of new analysis techniques, tools, and platforms, preparation of analytic reports, and contributions to research publications.
- Be respected as a subject matter expert by customers, commercial vendors, and the Internet community as a whole
- Be expected to appreciably advance the state of art of cybersecurity analytics.
Minimum Qualifications and Requirements:
Education/Training/Professional Experience: Bachelor’s Degree in Computer Science or related scientific/technical field with eight (8) years experience in network operations, security operations, or network security research; Master’s Degree in Computer Science or related scientific/technical field with five (5) years experience in network operations, security operations, or network security research; PhD in Computer Science or related discipline with two (2) years experience in network operations, security operations, or network security research; or equivalent combination of training and experience.
- Capable of conducting and supporting analytical studies and investigations of network security data.
- Significant understanding of and practical experience with various Internet protocols (e.g., TCP/IP, HTTP, DNS, SMTP, BGP).
- Significant knowledge of at least one modern operating system (e.g., Linux, BSD, Solaris, Windows).
- Understanding of network security issues at all protocol layers.
- Understanding of host/operating system security issues.
- Operational knowledge and significant understanding of network security devices such as Intrusion Detection Systems, Firewalls, Security Information Managers, Network Vulnerability Scanners.
- Operational knowledge and understanding of routing and switching protocols, including Internet routing.
- Ability to function in the role of a consultant with some guidance from senior staff members.
- Excellent planning and organizational skills.
- Strong problem solving skills.
- Excellent oral and written communication skills.
- Ability to work well with minimal direction and with teams.
- Ability to think abstractly
- Ability to explain technical terms in business language/solutions
- Ability to translate business requirements into technical requirements
- Strong system-level thinking
- Understanding of levels of architecture (e.g. solution, systems, enterprise)
- Understanding of business process, business transactions, applications, services as they relate to network and security technology
- Ability to work effectively with customers (internal and external), business analysts, developers and system integrators
- Demonstrated ability to communicate and work with senior leaders
Physical Mobility: Primarily sedentary in an office setting with some mobility. Flexibility to travel to various locations within the SEI and CMU community, including sponsor sites, conferences, and meetings.
Environmental Conditions: Normal office conditions; close contact with computer display for extended periods of time.
Mental: Ability to work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; ability to participate in conversations collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to develop and communicate innovative ideas; ability to take leadership role in technical projects; ability to quickly learn new procedures, techniques, approaches, etc.
Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.
Preferred Qualifications and Requirements:
Experience. Stronger candidates will be able to demonstrate past experience working:
- In collaborative environments with team members who have diverse skills and roles
- In the public forum of the broader information security community
- Directly with customers from government and/or industry (multiple critical infrastructure)
- In data visualization
- With specialized technologies such as data mining, clustering, machine learning, neural networks, distributed computing and/or big data platforms
- Scripting and/or programming in a high level language, including participation in sound software engineering (e.g. version control, documentation).
Accountability: The individual is accountable for: Active participation in the overall Situational Awareness R&D effort; Participating in the production of original publications in network security analysis; Participating in public speaking engagements, including at remote locations.
Direction: The individual is expected to act with minimal direction using CMU, SEI, CERT and Monitoring and Response defined policies, practices, and procedures – within the scope of assigned work.
Decisions: The individual is expected to participate in the decision-making and problem-solving processes of basic requirements elicitation and validation participation in fundamental research in network security.
Supervisory Responsibilities: This position does not formally supervise others.
Job Functions and Responsibilities:
60% Participate in studies of data from operational networks, and advise network operators in written reports and presentations on security posture improvements based on those studies.
35% Participate in the development of novel approaches to network security analysis, and create prototype tool implementations.
5% Speak publicly and to customers on work performed.
100% TOTAL EFFORT
Organizational Chart: Monitoring and Response Technical Director < Situational Awareness Technical Manager < Analysis Team Lead < Network Security Analyst
Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran