The CERT Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University (CMU) in Pittsburgh, Pennsylvania. CERT engages in state of the art R&D activities in computer security. The CERT Security Automation Directorate, Secure Lifecycle Solutions (SLS) group delivers innovative engineering methods and solutions to challenging cybersecurity problems. By demonstrating in-house technical expertise and long-standing collaborations with leading researchers from special academic institutions, SLS authorities develop custom methods and systems to meet customer needs. The SLS team applies ground breaking research and technologies to provide secure software solutions that bring real value to support the mission of our government and industry partners and advance the current state of practice.
Position Summary: Expertise in DevOps processes and tools, resilient system design and implementation, and requirements gathering and analysis enables team to develop comprehensive practices engineering processes tailored to rare customer needs, or improve existing processes to meet evolving challenges by demonstrating new technologies. Built on confirmed SEI software engineering methodologies and CERT cyber security expertise, SLS engineering processes lead to efficient, successful, and secure product development and deployment.
You will participate in all phases of the application development lifecycle, and will be involved in key decisions regarding software design and technology selection including hands on development activities.
Minimum Qualifications and Requirements:
Education/Training: BS in computer science, software engineering, computer engineering, or a related quantitative field of study with ten (10) years of applicable experience.
Experience: Experience as a software developer working on software applications in a professional environment required:
- Hands on experience in an Ops/DevOps role with an emphasis on deploying and handling environments in cloud platforms (AWS, Azure, or similar)
- Hands-on experience with configuration management tools, chef, Puppet, or similar.
- Experience and proficiency with Linux administration and operation (preferably RHEL/CentOS)
- Experience developing in object oriented programming on Java, C#, C++
- Experience with scripting languages such as Python, Ruby, Perl, and Bash
- Experience setting up continuous integration & continuous delivery, log collection and analysis, software build & release, and performance monitoring/tuning
- Experience with modern web frameworks such as Django, Angular JS, React
- Experience with SDLC deployment packages Maven, Ant, Docker, etc
- Experience with source code repository Git, Mercurial, SVN, or TFS
- Experience with monitoring and logging tools such as Kibana, NewRelic, Nagios, Splunk, Graphite, Graphana, etc
- Experience fixing software applications and reading stack traces
- Knowledge of network switches, firewalls and routers
- Familiarity with system and task automation
- Familiarity with risk and security assessments
- Collaboration skills, with written and spoken communication skills
- Excellent troubleshooting and problem solving capabilities
- Deep knowledge of software engineering including detailed knowledge of at least three of the following strengths: requirements, architecture and design, program and acquisition management, performance improvement, assurance, and/or security
- Relevant experience within the last 5 years in working on a large software development program
- Deep familiarity with general Linux operating system concepts, development pipeline tools, etc.
- Knowledge of how to apply system engineering principles to system software development
- Ability to execute network assessments and report results, write documentation.
- Understanding of basic computer systems, and network, database and application security issues
- Excellent written and verbal communication skills
- Excellent reasoning and problem-solving skills
- Ability to work effectively and manage time without supervision
- Ability to attend customer meetings and respond to customer requirements
- Highly motivated Self-starter individual with ability to multi-task, prioritize and be actionable
- Review and development of performance and capacity plans (operational capacity and load requirements)
- Experience with application disaster recovery, migration, roll-back plans, expansion, routine deployments, and system upgrade
Mobility: Will be required to travel on overnight assignments, occasionally for several days.
Environmental Conditions: Usual office setting, including extended work at a computer screen.
Mental: Ability to work meticulously with careful attention to detail; ability to meet target dates while working on multiple tasks – shifting priorities; ability to deal reciprocally, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort; ability to quickly learn new procedures, techniques, approaches, etc.
Other: The candidate will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.
Education/Training: Master's degree in CS, Information Systems, systems and /or engineering, acquisition management, or equivalent combination of training and experience.
Accountability: The member will be directly accountable for understanding DoD technical needs, applying new technologies, and establishing delivery capabilities to meet the needs of the sponsoring organization and the DevOps community.
Direction: As a technical staff member, he/she will be expected to operate with minimum supervision using CMU and SEI defined practice, policies and procedures, in concert with the SEI mission.
Decisions: Required to work with government program offices to identify strengths and weaknesses within the acquisition program and their contractor base and build solutions to address the weaknesses and recognize and the strengths.
Supervisory Responsibilities: To be able to lead and supervise others.
Job Functions or Responsibilities:
85% Participate as a leader or member of dynamic technical teams in support of application development & delivery and DevOps assessment capabilities.
10% Identify and support the implementation strategies for the collection and application of learning and knowledge transfer from assignments (e.g. Dissemination of research results, case studies, guides, reports, presentations, articles, workshops, courses, and blog entries).
5% Perform other duties as assigned by the SLS Technical Manager, or Team Leads
100% total effort
Organizational Chart: Manager, CERT < Technical Director< Technical Manager < Senior Software Engineer
CMU is an EEO/Affirmative Action Employer – M/F/Disability/Veteran