Position Summary: The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Program engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems. The CERT Coordination Center (CERT/CC) supports government customers by developing and transitioning cutting-edge analysis techniques and tools, providing strategic advisement, and supporting tactical operations.
The Capability Development Team Analyst is a member of the CERT/CC technical staff and based in the SEI Office in Pittsburgh, Pennsylvania. The candidate selected to fulfil this role will provide technical subject matter expertise to CERT/CC support of Computer Security Incident Response Team (CSIRT) and associated capability and capacity development efforts. This support will include assisting with the development and pursuit of CERT/CC strategic drivers for engaging in these initiatives and vision for CSIRT community interaction, regularly interacting with sponsors and stakeholders of these efforts, and execution of efforts as directed by the Capability Development Team Lead to ensure that the work being performed drives toward sponsor goals and CERT/CC strategic drivers.
Minimum Qualifications and Requirements:
Education/Training: Bachelor’s Degree in Computer Science or scientific/technical field with (8) eight years of experience; MS/MA in a scientific or technical field with five (5) years of experience; PhD in a scientific or technical field with two (2) years of experience; or equivalent combination of training and experience.
Experience: Professional experience should include five (5) or more years of experience supporting or managing large organizational or national-level CSIRT capabilities to include incident response, incident analysis, and development and implementation of mitigation actions and proactive security measures. This should include experience:
- in creating, assessing, and improving these types of teams, as well as a working knowledge of existing global capabilities, advanced technology solutions and initiatives
- as an operational CSIRT security analyst, incident handler, or operations specialist
- working with and engaging people in diverse cultural environments, and
- fostering interaction and collaboration amongst peer organizations
- Knowledge of current and effective CSIRT organizational and functional structures and the technical operations performed by these teams
- Ability to work independently or within a team with members of varying skill sets and levels
- Broad understanding of enterprise technology security issues
- Broad working knowledge of commonly deployed computer network defense tools and processes to include leading vendor solutions
- Ability to brief strategic and technical topics to senior management, technical and non-technical audiences
- Knowledge of current operational challenges and technical threats faced by network security and intelligence organizations
- Familiarity with project planning and management best practices
Physical Mobility: Primarily sedentary in an office setting with some mobility. Flexibility to travel monthly to sites in the Washington metropolitan area and international locations.
Environmental Conditions: Normal office conditions; close contact with computer display for extended periods of time
Mental: The ability to:
- work meticulously with careful attention to detail;
- meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities;
- deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort;
- develop and communicate innovative ideas;
- take leadership role in technical projects; and
- quickly learn new procedures, techniques, and approaches.
Other: U.S. Citizenship is required. Applicants will be subject to a security investigation and must meet eligibility requirements for access to classified information, and must be able to pass a background investigation.
Preferred Qualifications and Requirements:
Education/Training: MS/MA in a scientific or technical field with five (5) years of experience; PhD in a scientific or technical field with two (2) years of experience; or equivalent combination of training and experience.
Licenses: CISSP, CEH, CISM, CompTIA, or similar.
- Participation in broad public forums through activities such as standards, open source development, or publication
- Experience publishing research and academic papers
- Experience working with the government, or within a critical infrastructure sector
- Active in regional or international trade-related organizations such as the Forum of Incident Response and Security Teams (FIRST), North American Network Operators' Group (NANOG), Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), Anti-Phishing Working Group (APWG), etc.
- Demonstrable experience effectively deliver training to technical and management level audiences on subject matter related to CSIRT development, incident response operations
Accountability: This position is accountable for ensuring that the CSIRT Operations team delivers on the execution of the statement of work for customers sponsoring capability building efforts. The individual is accountable for aligning CSIRT Operations projects with customer needs and re-prioritizing efforts as appropriate, in close coordination with the Capability Development Team Lead.
Direction: The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work.
Decisions : The individual is expected to participate in the decision-making and problem-solving processes of defining, designing, implementing, and sustaining national-level CSIRT and related operations; suggesting and implementing policies and procedures to support these activities; and creating and sharing information regarding the state of the practice for broad dissemination.
Supervisory Responsibilities: This position will not formally supervise any personnel.
Job Functions or Responsibilities:
70% Create framework and methodology documents, both general and specific to individual stakeholder groups, intended to facilitate the organizational and technical capacity development of large CSIRTs.
20% Support planning, development, and execution of customer led and/or supported development activities, planning discussions, and awareness raising exercises. Through partnership, awareness, and action evaluate the need for, develop blueprints for, and assist with the implementation of national-level CSIRT capabilities
10% Capture knowledge from the engagements undertaken, integrate it with lessons learned from other similar work, and help transfer that knowledge for the betterment of the global CSIRT community.
100% TOTAL EFFORT
Organizational Chart: Program Director, CERT < Technical Director, CERT/CC < CSIRT Operations Technical Manager, CERT/CC < Capability Development Team Lead < Capability Development Analyst
Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran