Position Summary: The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Program engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems. The CERT Coordination Center (CERT/CC) supports government customers by developing and transitioning cutting-edge analysis techniques and tools, providing strategic advisement, and supporting tactical operations.
The Senior Capability Solutions Engineer is a member of the CERT/CC technical staff and based in the SEI Office in Pittsburgh, Pennsylvania. The candidate selected to fulfil this role will guide CERT/CC capability and capacity development of Computer Security Incident Response Teams (CSIRT). This support will include defining and effectuating a vision for CSIRT community interaction to include identifying initiatives to achieve this vision; acting as the primary point of contact to sponsors and stakeholders of these efforts; assisting with requirement definition and project planning; and overseeing and contributing to these projects.
Minimum Qualifications and Requirements:
Education/Training: BS in Computer Science, Mathematics, Information Systems, Information Systems Management or related field with ten (10) years’ experience; MS in Computer Science, Mathematics, Information Systems, Information Systems Management or related field with eight (8) years’ experience; PhD in Computer Science, Mathematics, Information Systems, Information Systems Management or related field with five (5) years’ experience; or equivalent combination of training and experience.
Experience: Professional experience should include five (5) or more years of experience supporting the development and sustainment of large organizational or national-level CSIRT capabilities. Experience in creating, assessing, and improving these types of teams, as well as a working knowledge of existing global capabilities and initiatives is desired.
- Ability to function in the role of an advisor and project leader
- Strong problem solving, organizational, and oral and written communication skills
- Ability to work both independently and with teams with members of varying skill sets and levels
- Proven ability to define requirements for, seek support of, and initiate the development and sustainment of large strategic CSIRT operations
- Broad understanding of network, host, and application technology and security issues
- Experience working and engaging people in varying cultural environments, and fostering community interaction and collaboration
- Ability to brief strategic and technical topics to senior management, technical and non-technical audiences
- Knowledge of current challenges and threats faced by network security and intelligence organizations
- Knowledge of existing global CSIRT and related capabilities, services that they provide, constituents, and challenges faced by these teams
- Experience in overseeing work of a team, and proven success in executing projects leveraging personnel from across teams
- Ability to create strategic direction for a technical group
- Experience in working with customers and technical staff for defining work and project planning materials
- Ability to define and deliver technical subject matter in a way that allows it to be easily transitioned for operational implementation, such as course materials
- Vision for organization of knowledge and documentation using varying technical toolsets
- The ability to work with and engage people in diverse cultural environments
Physical Mobility: Primarily sedentary in an office setting with some mobility. Flexibility to travel to sites in the Washington metropolitan area and varying international locations.
Environmental Conditions: Normal office conditions; close contact with computer display for extended periods of time
Mental: The ability to:
- work meticulously with careful attention to detail;
- meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities;
- deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort;
- develop and communicate innovative ideas;
- take leadership role in technical projects; and
- quickly learn new procedures, techniques, and approaches
Other: U.S. Citizenship is required. Applicants will be subject to a security investigation and must meet eligibility requirements for access to classified information, and must be able to pass a background investigation.
Preferred Qualifications and Requirements:
Education/Training: PhD in Computer Science, Mathematics, Information Systems, Information Systems Management or related field with five (5) years’ experience; or equivalent combination of training and experience. Practical security training (e.g. SANS GIAC Level 2 courses, CCNP, CCIE Security)
- Experience working with the government, or within a critical infrastructure sector
- Experience developing briefing materials for senior leadership within government and for international audiences
- History of contributions to the broader computer security industry, research, or operational communities
- Experience deploying, supporting, or otherwise contributing to large-scale CSIRT or related operations
- Experience in a variety of computer security topical areas
- Prior responsibility in managing a body of work consisting of numerous large projects with multiple customers/external sponsors and stakeholders
Accountability: The individual is accountable for:
- Capturing the requirements of and managing relationships with customers and stakeholders
- Setting expectations for the effort and impact based on availability of resources
- Coordinating organizational support of successful completion of tasking
- Creation of papers defining technical and non-technical topic matter for customers and stakeholders
Direction: The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work.
Decisions: The individual is expected to participate in the decision-making and problem-solving processes of defining, designing, implementing, and sustaining national-level CSIRT and related operations; suggesting and implementing policies and procedures to support these activities; and creating and sharing information regarding the state of the practice for broad dissemination.
Supervisory Responsibilities: This position does not formally supervise others. However, the individual may will act in a technical leadership (non-supervisory) role in regard to specific work products, projects, and activities.
Job Functions or Responsibilities:
70% Lead support to diverse customer and stakeholder base in the areas of strategy; process/policies; requirements definition; definition and design of teams and programs; operations implementation and sustainment; communication and collaboration; outreach; and training.
20% Ensure successful completion of customer tasking by coordinating project management, resource allocation, and task execution with necessary management and technical staff.
10% Capture knowledge from the engagements undertaken, integrate it with lessons learned from other similar work, and help transfer that knowledge through relevant artifacts.
100% TOTAL EFFORT
Organization Chart: Program Director, CERT < Technical Director, CERT/CC < Deputy Technical Director, CERT/CC < Senior Capability Solutions Engineer
Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran