Share Email Opening

Senior Vulnerability Researcher - 2008729 

EOE StatementCarnegie Mellon University is an Equal Opportunity Employer/Disability/Veteran.

What We Do:

The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Our core purpose is to help organizations improve software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

Position Summary: The CERT Division of the Software Engineering Institute (SEI) is seeking an applicant for the role of a Senior Vulnerability Researcher for the Threat Analysis directorate. The SEI is a federally funded research and development center at Carnegie Mellon University. The work of the Threat Analysis directorate includes:

  • Developing state of the art approaches for analyzing executable code.

  • Applying these approaches to understanding systemic vulnerabilities in software systems and how attackers adapt their tradecraft to exploit those vulnerabilities.

  • Studying and influencing the software security and vulnerability disclosure ecosystems.

  • Evaluating the effectiveness of tools, techniques and processes developed by industry and the security research community.

You are interesting in uncovering some of the fundamental assumptions underlying current best practice in software security. You will develop models, tools and data sets that can be used to characterize the threats to, and vulnerabilities in, software systems, and publish those results. You will also use these results to aid in the testing, evaluation and transition of technologies developed by government-funded research programs.


  • BS in Computer science, Software Engineering, information systems, or a related technical field with ten (10) years of experience; MS in computer science or technical/engineering field with eight (8) years of experience or equivalent combination of training and experience; PhD in computer science or technical/engineering field with five (5) years of experience; or equivalent combination of training and experience.

  • Requires travel to various domestic locations within the SEI and CMU community to include the SEI Pittsburgh office, sponsor sites, conferences, and offsite meetings with routine frequency (1-2 trips a month).

  • You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance.

About you:

  • You have a deep interest in cybersecurity, intellectual curiosity and a desire to make an impact beyond your organization

  • You enjoy developing and communicating innovative ideas and thinking creatively to solve tough problems

  • You can work under stress and adapt to shifting priorities

  • You relate collaboratively and diplomatically with people inside and outside the organization

  • You can organize and plan complex projects

  • You can recognize and properly handle confidential and sensitive information

Knowledge, Skills and Abilities:

  • Understanding of research methods in computer science, engineering and security, and related fields

  • Understanding of Internet fundamentals including network protocols, provider operations and governance

  • Ability to apply knowledge of technology, systems architecture and security best practice to practical problems in enterprise security

  • Ability to advise on a range of security topics based on research and expert opinion

  • Ability to work independently with limited supervision, lead project teams and mentor peers

  • Ability to objectively compare, and evaluate alternative technical solutions, and communicate results

  • Facility communicating complex system designs, technical approaches and road maps to sponsors, project managers and technical staff

  • Ability to distill the implications of complex research results, and apply those results to government operations

  • Knowledge of USG networks, security operations, and policy and governance

Desired Experience:

  • Experience in vulnerability research, analysis, disclosure, and mitigation

  • Experience applying modern data-driven research methods to cost-effectiveness analysis, risk analysis and information security decision making

  • Experience collaborating on industry and academic community projects

  • Ability to develop software in Python and other modern programming languages

  • Background in mathematical programming, statistical modeling or machine learning

Job Function Breakdown:

60% Function as an advisor on one or more engagements with research organizations. This includes advising government research programs on test and evaluation approaches, developing or adapting data sets, and supporting colleagues in the development and adaptation of related tools, data and research to the needs of particular programs.

20% Work with colleagues on research studies and prototypes, and help assemble reports and briefings on various security topics related to the application of threat research to a variety problems.

15% Contribute to conferences and meetings; participate in marketing/engagement calls and technical exchanges with clients; analyst technical exchanges, training sessions and public speaking engagements; participate on working groups for subjects of interest

5% Engage in professional development activities to maintain and grow expertise.

100% total effort

More Information

Please visit “Why Carnegie Mellon” to learn more about becoming part of an institution inspiring innovations that change the world.

A listing of employee benefits is available at:

Carnegie Mellon University is an Equal Opportunity Employer/Disability/Veteran.

Job Categories Cyber Security 

This position is currently not accepting applications.

To search for an open position, please go to

Follow us See who works here:

AppOne.comTM   copyrightŠ1999-2019 HR Services, Inc.
Click here for technical assistance.