What We Do: The SEI CERT Cyber Risk and Resilience Directorate, enables organizations to achieve operational resilience by performing research in emerging areas of operational risk, producing measurement and assessment tools that help organizations better understand their current risk and resilience posture, and developing and validating models, frameworks, and controls that improve organizations' risk and resilience posture. Our Cybersecurity Assurance Team focuses on cybersecurity evaluation and measurement. We support the Department of Defense, critical infrastructure providers and government organizations to achieve missions dependent on cyber assets. We perform applied research designed to yield innovation and advancement in the domains of evaluation and cybersecurity measurement. Are you creative, curious, energetic, collaborative, technology-focused, and hard-working? Are you interested in making a difference by bringing innovative solutions to the Nation's key cybersecurity challenge. Apply to join our team.
As part of the Cyber Risk and Resilience Directorate, you will be part of a team of engineers applying the latest tools, techniques and methods to resilience challenges. The Cybersecurity Assurance (CA) team develops capabilities (in the form of frameworks, models, tools, policies, practices, technical guidance, and training) that allow organizations to assess, analyze, and manage organizational, operational, and risks to mission-critical assets, processes, systems, and infrastructures. The Cybersecurity Engineer will support the operational capabilities and continued evolution of the CA Team's capabilities.
You will perform cybersecurity assessments, develop and employ security measurement approaches, and transition your knowledge and expertise to the broader community. You will perform research to include development of tools, methodologies and other artifacts for cybersecurity assessments and measuring operational resilience. You will assist with the development and delivery of training material for cybersecurity assurance capabilities. You will work collaboratively on multidisciplinary teams, both in leadership and contributor roles, solving difficult customer challenges in diverse environments. You will represent the SEI to community practitioners and/or researchers.
Knowledge, Skills and Abilities:
Candidates should have experience/knowledge in several of the following:
Familiarity with cybersecurity standards (e.g., NIST CSF, NIST SP 800 series, ISO 27000 series, etc.).
Knowledge of maturity model and capability measurement concepts.
Subject matter expertise in the evaluation of cybersecurity controls and practices.
Experience conducting security assessments including conducting on-site technical assessments, pre- and post-assessment analysis, preparation of technical reports and briefings to customers.
Experience with the evaluation of network architectures and defenses.
Knowledge of cloud technologies and architecture.
Knowledge of critical infrastructure protection concepts and standards.
Knowledge of information sharing practices and models.
Experience in information technology operations.
Ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff.
Ability to communicate with a range of audiences ranging from junior technical individual contributors to senior leadership
Education and Experience: BS degree in a relevant discipline with 8 years of applicable experience, or a MS degree in a relevant discipline with 5 years of applicable experience, or a PhD in a relevant discipline with 2 years of applicable experience.
Technical Excellence: You have a track record of successfully contributing to projects in cybersecurity. You are user-centered and accomplishment-focused, driving projects to successful, high-impact outcomes.
Working in a Creative, Dynamic Environment : You have experience contributing to multiple simultaneous projects and thrive in a creative and high-energy environment. You are willing to experiment with new practices and develop effective processes, practices, and infrastructure to support successful projects.
Mentorship: You have experience mentoring, motivating, and empowering less-experienced team members in ways that promote equity and inclusion.
Communication: You are an outstanding communicator and can interact collaboratively and diplomatically with customers and colleagues at all levels of knowledge and experience.
Travel: Frequent travel (15-35%) to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings.
Security Clearance: You will be subject to a background investigation and you must have the ability to obtain and maintain a Department of Defense security clearance..
Project Participation and Customer Engagement (85%) : You will contribute to customer projects designed to advance the state of the art in cybersecurity. When applicable, you will represent the SEI by presenting our mission and our work to stakeholders.
Community Engagement (10%): You will engage with our communities of interest; this includes presenting our mission and work via publication and presentation. You will build and maintain relationships with the relevant research and technology communities.
Professional Development (5%): You will continue to grow your knowledge and skills in cybersecurity and stay current on emerging trends and topics relevant to the team's portfolio.
Certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or equivalent experience.
CMU's COVID-19 Vaccination Requirements: As a condition of employment, Carnegie Mellon University requires all staff and faculty working in the United States to be fully vaccinated against COVID-19. Prior to commencement of employment, new hires in the United States must provide proof of vaccination or obtain an approved exemption. (Exemptions may be requested for medical reasons or for religious or strong moral or ethical conviction.) Those granted an exemption must comply with all applicable COVID-19 mitigation requirements, including use of facial coverings, daily self-assessment and weekly Tartan Testing.
Arlington, VA, Pittsburgh, PA
Staff - Regular
Full Time/Part time
Please visit " Why Carnegie Mellon " to learn more about becoming part of an institution inspiring innovations that change the world.
Carnegie Mellon (www.cmu.edu) is a private, internationally ranked research university with programs in areas ranging from science, technology and business, to public policy, the humanities and the arts. More than 12,000 students in the university’s seven schools and colleges benefit from a small student-to-faculty ratio and an education characterized by its focus on creating and implementing solutions for real problems, interdisciplinary collaboration and innovation. A global university, Carnegie Mellon’s main campus in the United States is in Pittsburgh, Pa. It has campuses in California’s Silicon Valley and Qatar, and programs in Africa, Asia, Australia, Europe and Mexico.