Position Summary: We are seeking a software engineer to develop Blockchain tools and application software, with a focus on improving the security of Blockchain technology. The CERT division of the Software Engineering Institute is a pioneer and leader in cybersecurity. We are expanding our team of researchers and developers who create and apply tools and techniques for building secure applications. We are looking for top candidates to help us continue our legacy of ground-breaking improvements for securing software during development. Software has never been more important to our lives and our national security, nor has software insecurity ever been a greater risk.
Joining the Cybersecurity Foundations team, you will work with world-class cyber security experts to help software developers and software development organizations reduce vulnerabilities resulting from architecture, design and coding errors before they are deployed. We identify common errors that lead to software vulnerabilities, establish standard secure coding standards, design DSLs and built tools to improve the development process, educate software developers, and advance the state of the practice for building secure software systems.
The successful candidate will participate in research and engineering projects that identify and implement best practices for organizations to develop secure software systems. The candidate will work directly with customers to: apply Blockchain languages and tools, develop and provide training in secure coding practices; evaluate, extend, and use tools to improve and automate source code analysis; review code bases to ensure that best practices are being followed; and enhance the customers’ organizational capabilities to produce secure software systems. The candidate will be expected to develop tools and applications, write reports and deliver presentations that explain the findings of research and software evaluations, helping customers improve their software to meet the security and privacy needs of their users.
Minimum Qualifications and Requirements:
Education/Training: BS in Computer Science, Software Engineering, Information Science, or Information Systems Management with three (3) years applicable experience.
Ideal candidates will:
- Be self-motivated and capable of self-learning to maintain a working knowledge of the ever-changing software development landscape
- Develop applications in or tools for Ethereum (Solidity) or Hyperledger (Fabric via Go or Java) based languages
- Build and configure various software build environments, and build custom tools to integrate and automate the use of software building and analysis tools
- Develop and analyze source code in common programming languages such as C, C#, C++, Java, and Python, with a focus on secure coding principles and practices
- Use static and dynamic analysis tools to evaluate software to find and remove vulnerabilities
- Analyze data from multiple sources, generate defensible results, and represent them in reporting products and interactions with customers, sponsors, and the public
- Contribute in a team environment with other team members with varying skills, experience and locations
- Write and present clear reports
Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.
Preferred Qualifications and Requirements:
Education/Training: MS in Computer Science, Software Engineering, Information Science, Information Systems Management with one (1) year applicable experience.
- Knowledge of compilers and language design
- Previous experience with developing software APIs
- Deep familiarity with Ethereum and/or Hyperledger VM
Job Functions or Responsibilities:
40% Contribute to internally funded research projects, developing experimental tools and applications, evaluating secure software development practices, and communicating results internally and externally in reports and presentations.
30% Directly support customer work in secure coding, verification and validation techniques, and technical training. Tailor our current offerings to provide value to customers by evaluating their software, software development, and software acquisition/procurement practices, and providing improvement recommendations. Communicate the findings of such evaluations through reports and presentations. Build new tools and capabilities that improve our ability to meet customer needs.
15% Codify knowledge that has been gained through customer and research projects to expand and update knowledge transfer materials, such as Secure Coding guidelines, tools and training materials.
15% Develop knowledge and understanding of SEI capabilities; learn how SEI capabilities can be applied to customer problems; work directly with SEI staff supporting the community with disciplines related to secure coding and secure development.
100% TOTAL EFFORT
Organizational Chart: Cert Director>CSF Technical Director>CSF Tech Manager>Tech
Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran