Position Summary: The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Program engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems. The CERT Coordination Center (CERT/CC) supports government customers by developing and transitioning cutting-edge analysis techniques and tools, providing strategic advisement, and supporting tactical operations.
The Capability Development Team Lead is a member of the CERT/CC technical staff and based in the SEI Office in Pittsburgh, Pennsylvania. The candidate selected to fulfil this role will provide technical leadership to CERT/CC support of Computer Security Incident Response Team (CSIRT) and associated capability and capacity development efforts. This support will include assisting with the development and pursuit of CERT/CC strategic drivers for engaging in these initiatives and vision for CSIRT community interaction, regularly interacting with sponsors and stakeholders of these efforts, assisting with requirement definition and project planning, and leading execution of efforts in coordination with the Senior Capability Solutions Engineer to ensure that the work being performed drives toward sponsor goals and CERT/CC strategic drivers. Additionally, the candidate will work with the CSIRT Operations technical manager and peer team leads to ensure resources are properly aligned and prioritized with the needs of sponsors and against apropos project timelines.
Minimum Qualifications and Requirements:
Education/Training: Bachelor’s Degree in Computer Science or scientific/technical field with eight (8) years of ; MS in a scientific or technical field with five (5) years of experience’ PhD in a scientific or technical field with two (2) years of experience; or equivalent combination of training and experience.
Experience: Professional experience should include five (5) or more years of experience supporting or managing large organizational or national-level CSIRT capabilities to include incident response, incident analysis, and development and implementation of mitigation actions and proactive security measures. This should include experience:
- in creating, assessing, and improving these types of teams, as well as a working knowledge of existing global capabilities, advanced technology solutions and initiatives
- as an operational CSIRT security analyst, incident handler, or operations specialist
- working with and engaging people in diverse cultural environments
- fostering interaction and collaboration amongst peer organizations
- leading and managing a small team
- working with customers and technical staff for defining work and constructing appropriate project planning materials
- Knowledge of current and effective CSIRT organizational and functional structures and the technical operations performed by these teams
- Ability to work independently or within a team with members of varying skill sets and levels
- Broad understanding of enterprise technology security issues
- Broad working knowledge of commonly deployed computer network defense tools and processes to include leading vendor solutions
- Ability to brief strategic and technical topics to senior management, technical and non-technical audiences
- Knowledge of current operational challenges and technical threats faced by network security and intelligence organizations
- Familiarity with project planning and management best practices
- Ability to set goals for team members and managing tasking to reach those goals
Physical Mobility: Primarily sedentary in an office setting with some mobility. Flexibility to travel monthly to sites in the Washington metropolitan area and international locations.
Environmental Conditions: Normal office conditions; close contact with computer display for extended periods of time
Mental: The ability to:
- work meticulously with careful attention to detail;
- meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities;
- deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort;
- develop and communicate innovative ideas;
- take leadership role in technical projects; and
- quickly learn new procedures, techniques, and approaches.
Other: U.S. Citizenship is required. Applicants will be subject to a security investigation and must meet eligibility requirements for access to classified information, and must be able to pass a background investigation.
Preferred Qualifications and Requirements:
Education/Training: MS/MA in a scientific, technical, or business field with five (5) years of experience, or equivalent; PhD in a technical field with two (2) years of experience.
Licenses: CISSP, CEH, CISM, CompTIA, or similar.
- Prior responsibility in managing a body of work consisting of numerous large scale projects and multiple customers/external sponsors
- Experience publishing research and academic papers
- Experience working with the government, or within a critical infrastructure sector
- Active in regional or international trade-related organizations such as the Forum of Incident Response and Security Teams (FIRST), North American Network Operators' Group (NANOG), Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), Anti-Phishing Working Group (APWG), etc.
- Demonstrable experience effectively deliver training to technical and management level audiences on subject matter related to CSIRT development, incident response operations
Accountability: This position is accountable for ensuring that the CSIRT Operations team delivers on the execution of the statement of work for customers sponsoring capability building efforts. The individual is accountable for aligning CSIRT Operations projects with customer needs and re-prioritizing efforts as appropriate, in close coordination with the Senior Capability Solutions Engineer.
Direction: The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work.
Decisions: The individual is expected to participate in the decision-making and problem-solving processes of defining, designing, implementing, and sustaining national-level CSIRT and related operations; suggesting and implementing policies and procedures to support these activities; and creating and sharing information regarding the state of the practice for broad dissemination.
Supervisory Responsibilities: This position will formally supervise a team of 3 – 6 people, steering and leading team efforts to align with and deliver on project goals as coordinated with other CERT/CC, sponsor, and stakeholder personnel.
Job Functions or Responsibilities:
50% Supervise a team, coordinating and prioritizing efforts based on project plans and assign tasking and set priorities based on changing needs. Contribute to team work products.
40% Ensure successful completion of customer tasking by coordinating project management, resource allocation, and task execution with necessary management, Senior Capability Solutions Engineer, and other technical staff.
10% Capture knowledge from the engagements undertaken, integrate it with lessons learned from other similar work, and help transfer that knowledge for the betterment of the global CSIRT community.
100% TOTAL EFFORT
Organizational Chart: Program Director, CERT < Technical Director, CERT/CC < CSIRT Operations Technical Manager, CERT/CC < Capability Development Team Lead
Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran