Position Summary: The successful candidate will be a member of the Enterprise Threat and Vulnerability Management (ETVM) team, which focuses on assisting organizations in improving their security posture and incident response capability by researching technical threat areas; developing information security assessment methods and techniques; and providing information, solutions and training for preventing, detecting, and responding to illicit activity. ETVM team members are domain experts in insider threat and incident response, and team capabilities include threat analysis and modeling; development of security metrics and assessment methodologies; and creation and delivery of training, courses, and workshops.
The successful candidate will be a Team Lead, responsible for the management and oversight of the Technical Solutions team within ETVM. The Technical Solutions team lead is responsible for the creation, development, and management of novel cybersecurity solutions that support customer driven operational and research missions. The Technical Solutions team will interact with US Government departments and agencies, industry representatives, contractors, and others to identify gaps in cybersecurity tools, techniques, and procedures, create prototype capabilities to fill the gaps, and transition the prototype solutions to customers and partner organizations. The team prepares technical reports and briefings for all customer funded work. The Team Lead is responsible for developing and communicating a technical vision, developing tasking and budget data for project work statements, generating new work and customers, working with business development staff, executing work with high degree of customer satisfaction, and supervising staff. The successful candidate will conduct research on best practices on difficult information technology solutions and provide reference architecture papers to assist Federal agencies in deploying those solutions.
The successful candidate must have proven experience conducting and leading research efforts in support of the US Federal Government and Department of Defense; managing technical teams; be self-directed, have a track record of creating interdisciplinary approaches to problem solving, and demonstrate exceptionally strong presentation and writing skills. The candidate must also be able to interact with clients and staff of all levels in a highly professional and competent manner.
The successful candidate will be responsible for the personnel management of the Technical Solutions team, including hiring, performance evaluations, professional development, and mentoring of their team members. The Technical Solutions Team Lead will work with other SEI teams to encourage inter-departmental collaboration on projects, and assure the widest range of expertise is brought to each solution developed.
Minimum Qualifications and Requirements:
Education/Training: BS in Computer Science, Information Science, Information Systems Management with ten (10) years applicable experience, MS in Computer Science, Information Technology with eight (8) years applicable experience or combination of training and experience.
Experience: Experienced professional with excellent technical skills, knowledge to successfully manage project work, and a proven track record leading technical projects. Experience with: Working in or with the DOD, intelligence community, or law enforcement in a classified environment; both physical and cyber security; working in a team environment on collaborative projects in critical infrastructure sectors involving network, system or data security; eight plus (8+) years of software design, development and test; writing device drivers; writing application/OS patches and working with international standards agencies.
Skills/Abilities: System administration and network administration skills and familiarity with Windows,UNIX,LINUXoperating systems. Software/application development in at least two of the following languages: Java, Perl, Python, C, C++, C# and the .NET Framework. Knowledge of core Internet protocols (TCP/IP, UDP, ICMP, DNS, FTP, SMTP, HTTP, SNMP, etc.). Ability to understand and configure Ethernet based switches, routers, firewalls, and VPN concentrators. Knowledge of modern versioning control systems and integrated development environments. Understanding of network design and implementation at LAN and WAN levels. Broad understanding and application of multi-tiered enterprise client/server architectures, design, implementation and security. Software / systems development lifecycle, QA testing, build process, revision control, and change management practices. Software / systems testing, including unit, system and integration testing process and implementation. Proven ability to innovate, develop, implement, and effectively document complex technical systems and approaches. Proven ability to integrate multiple technologies, standards and data sources into a consolidated solution. Knowledge of common attack methodologies; common types of security vulnerabilities; basic computer security forensics. Strong oral and written communications skills (e.g., technical writing, user guide development, requirements analysis) and ability to interact effectively with technical and non technical audiences, as well as present in front of small and large groups; participate in external customer and sponsor meetings. Ability to: travel to various locations within the SEI and CMU community, customer sites, and offsite meetings with weekly/monthly frequency to travel on overnight and on-site assignments; work in varied and diverse situations requiring analytical, interpretative, evaluative and constructive thinking; manage workload and priorities on multiple scheduled assessments; function independently or in teams depending on the project; work under pressure; deal with stress; deal with difficult individuals while maintaining composure; exercise tact and discretion when handling highly sensitive and confidential issues; maintain confidentiality while working with highly confidential and sensitive matters; handle sensitive data according to project and USG data handling procedures; interpret and communicate information about government regulations and university policies; quantitative and qualitative analytical skills, to trouble shoot problems proactively and to answer questions and handle issues as they arise; effective time management skills and strong problem solving skills; handle change and be flexible with respect to functions and responsibilities; experience managing/supervising a technical teams performance reviews, and dealing with employee issues.
Environmental Conditions: Close contact with computer monitor for extended periods of time.
Other: Candidate must be able to pass a background investigation, obtain a TS SCI security clearance, and be a US citizen.
Preferred Qualifications and Requirements:
Education/Training: MS in Computer Science Information Science with 15 years applicable experience, Information Systems Management with six years applicable experience; Current Information System Security Profession (CISSP) or similar certification is desired. Advanced understanding of computer operating systems (e.g. Windows8 /7 and Windows XP), and computer networking (TCP/IP). Various computer related training or certifications (e.g. MCSA, Cisco, etc.). Thorough understanding of relevant operating systems and their security principles (Windows, Mac OS X, Linux, Solaris).
Experience: Leadership experience with software development and/or system administration in large-scale, distributed computing environments. Experience with wide-area network design, deployment, and troubleshooting. Experience with: Developing materials for senior leadership in government or industry; interfacing with the DOD; US federal civilian government, intelligence community, or law enforcement; advanced Windows and/or Linux system administration skills; working in a classified environment.
Skills/Abilities: Project management experience. Leadership and mentoring skills. Proven skills working in a team environment on collaborative projects in US government, critical infrastructure sectors involving network, system or data security.
Other: Active TS SCI security clearance.
Accountability: The individual will be accountable for leading projects, including development and management of budgets and project plans, and managing schedules with sponsors. The individual will also be accountable for managing sensitive, and possibly classified, customer information.
Direction: The individual is expected to act independently following CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work, and to adhere to any additional sponsor-specified requirements related to the projects involved.
Decisions: The individual must make sound decisions with little supervision in leading and managing project team work. The individual must accurately represent the program in interactions with external customers, sponsors, and the public.
Supervisory Responsibilities: This position will be responsible for supervising a team of 4-8 staff. Within this context, the candidate will work with staff in setting goals and objectives, appraise performance, mentor staff professional development, and manage staff work assignments.
JOB FUNCTIONS OR RESPONSIBILITIES:
25% Set, manage, and contribute to the technical direction for the group. Lead the planning process and contribute to the development of the ETVM research agenda. Contribute to the development of SEI and CERT strategic plans. Ensure regular updates to the agenda; review feasibility of the agenda, identify risks and define risk mitigation strategy. Articulate vision for internal and external audiences.
35% Manage group to effectively implement the research agenda and SEI plan commitments. Set goals and objectives and manage operational and functional business activities. Develop, implement and track short and long term operational plans (financial, staffing, infrastructure, project).
15% Publish findings, deliver technical briefings, and meet with stakeholders.
15% Provide guidance to and monitor the success of technical staff in meeting strategic and operational goals. Assess performance of direct reports and make salary recommendations for all staff within areas of responsibility. Responsible for recruitment, hiring, development and retention of all technical and support staff.
10% Identify opportunities for new technical projects and manage start-up of new, high-priority technical areas of work. Work with Technical Manager & PDT business development managers to develop and implement a funding and transition plan for new work areas.
100% TOTAL EFFORT
ORGANIZATIONAL CHART: CERT Director < Cyber Security Solutions, Technical Director < Enterprise Threat & Vulnerability Management, Technical Manager < Technical Team Lead, ETVM Technical Solutions
Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran