This position is located in Linthicum, Maryland
What We Do: The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Our core purpose is to help organizations improve software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.
Position Summary: The CERT Division of the Software Engineering Institute (SEI) is seeking an applicant for the role of a Vulnerability Coordination Advisor for the Threat Analysis directorate. The SEI is a federally funded research and development center at Carnegie Mellon University. The work of the Threat Analysis directorate includes:
- Developing state of the art approaches for analyzing executable code.
- Applying these approaches to understanding systemic vulnerabilities in software systems and how attackers adapt their tradecraft to exploit those vulnerabilities.
- Studying and influencing the software security and vulnerability disclosure ecosystems.
- You will work with a government partner located in Linthicum, Maryland, supporting operations for a government vulnerability coordination program, helping us translate our research into operational improvements to the program.
- BS in Computer science, Software Engineering, information systems, or a related technical field with eight (8) years of experience; MS in computer science or technical/engineering field with five (5) years of experience or equivalent combination of training and experience; PhD in computer science or technical/engineering field with two (2) years of experience; or equivalent combination of training and experience..
- Requires travel to various domestic locations within the SEI and CMU community to include the SEI Pittsburgh office, sponsor sites, conferences, and offsite meetings with routine frequency (1-2 trips a month)
- You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance.
- You have a deep interest in cybersecurity, intellectual curiosity and a desire to make an impact beyond your organization
- You enjoy developing and communicating innovative ideas and thinking creatively to solve tough problems
- You can work under stress and adapt to shifting priorities;
- You relate collaboratively and diplomatically with people inside and outside the organization
- You can organize and plan complex projects;
- You can recognize and properly handle confidential and sensitive information
- Knowledge, Skills and Abilities:
- Understanding of Internet fundamentals including network protocols, provider operations and governance
- Ability to apply knowledge of technology, systems architecture and security best practice to practical problems in enterprise security
- Ability to advise on a range of security topics based on research and expert opinion
- Ability to work independently with limited supervision, lead project teams and mentor peers;
- Ability to objectively compare, and evaluate alternative technical solutions, and communicate results;
- Facility communicating complex system designs, technical approaches and road maps to sponsors, project managers and technical staff;
- Ability to distill the implications of complex research results, and apply those results to government operations;
- Knowledge of USG networks, security operations, and policy and governance.
- Experience in vulnerability research, analysis, disclosure, and mitigation
- Experience applying modern data-driven research methods to business strategy, risk analysis and information security decision making
- Experience collaborating on industry and academic community projects
- Ability to develop software in Python and other modern programming languages
- Background in mathematical programming, statistical modeling or machine learning
Job Function Breakdown:
60% Act as a lead for one or more engagements. This includes advising government partners on technical issues, understanding their needs, advising on improvements to operational processes, and supporting colleagues in the development and transition of new analysis methods and tools.
20% Work with colleagues on research studies and prototypes, and help assemble reports and briefings on various security topics related to the application of threat research to problems in vulnerability coordination and remediation.
15% Contribute to conferences and meetings; participate in marketing/engagement calls and technical exchanges with clients; analyst technical exchanges, training sessions and public speaking engagements; participate on working groups for subjects of interest
5% Engage in professional development activities to maintain and grow expertise.
100% total effort
Please visit “Why Carnegie Mellon” to learn more about becoming part of an institution inspiring innovations that change the world.
A listing of employee benefits is available at: www.cmu.edu/jobs/benefits-at-a-glance/.
Carnegie Mellon University is an Equal Opportunity Employer/Disability/Veteran.