At the SEI CERT Cyber Risk and Resilience Directorate, we enable organizations to achieve operational resilience by performing research in emerging areas of operational risk, producing measurement and assessment tools that help organizations better understand their current risk and resilience posture, and developing and validating models, frameworks, and controls that improve organizations' risk and resilience posture. Our Cybersecurity Assurance Team focuses on cybersecurity evaluation and assessment. We support infrastructure providers and government organizations to achieve missions dependent on cyber assets and perform applied research designed to yield innovation and advancement in the domains of evaluation and cybersecurity measurement. Are you creative, curious, energetic, collaborative, technology-focused, and hard-working? Are you interested in making a difference by bringing innovative solutions to insider risk problems to government organizations and beyond? Apply to join our team.
As part of the Cyber Risk and Resilience Directorate, you will be part of a team of engineers aimed at applying the latest tools, techniques and methods to resilience challenges. The Senior Cybersecurity Engineer will support the operational capabilities and continued evolution of the Cybersecurity Assurance Team. The CA team develops solutions (in the form of frameworks, models, tools, policies, practices, technical guidance, and training) that allow organizations to assess, analyze, and manage organizational, operational, and technical risks to mission-critical assets, processes, systems, and infrastructures. We support external customers and internal SEI partners enabling growth of knowledge and hands-on skills.
You will primarily be responsible for managing a robust training program focused on enhancing the Nation's cyber risk assessment capability. You will be responsible for planning and overseeing courses to ensure they are completed on schedule and within budget. Time permitting, you will perform cybersecurity assessments, develop and employ security measurement approaches, and transition your knowledge and expertise to the broader community. You will perform research to include development of tools, scripts, methodologies and other assessment products for vulnerability assessment, penetration testing, and assessing operational threats. You will work collaboratively on multidisciplinary teams solving difficult customer challenges in diverse environments. You will serve as a trusted advisor to defense and critical infrastructure customers.
Knowledge, Skills and Abilities:
Candidates should have experience/knowledge in several of the following:
Knowledge of assessment methodologies, tactics, techniques, and procedures
Experience in managing projects
Familiarity with cybersecurity standards (e.g., NIST CSF, NIST SP 800 series, ISO 27000 series, etc.).
Subject matter expertise in the evaluation of cybersecurity controls and practices.
Experience conducting security assessments including conducting on-site technical assessments, pre- and post-assessment analysis, preparation of technical reports and briefings to customers.
Experience with the evaluation of network architectures and defenses.
Knowledge of cloud technologies and architecture.
Knowledge of critical infrastructure protection concepts and standards.
Knowledge of information sharing practices and models.
An understanding of maturity model concepts.
Experience in an operational environment with an understanding of service related processes and technologies.
Ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff.
Ability to communicate with a range of audiences ranging from junior technical individual contributors to senior customer points of contacts.
Education and Experience: BS degree in a relevant discipline with 8 years of applicable experience, or a MS degree in a relevant discipline with 5 years of applicable experience, or a PhD in a relevant discipline with 2 years of applicable experience.
Technical Excellence: You have a track record of successfully leading projects in cybersecurity. You are user-centered and accomplishment-focused, driving projects and the people that work on them to successful, high-impact outcomes.
Leadership: You have the ability to lead diverse teams in analyzing and solving real-world problems by developing engineering guidance as well as applying and tailoring, as appropriate, SEI and non-SEI technologies and resources.
Working in a Creative, Dynamic Environment : You have experience contributing to multiple simultaneous projects and thrive in a creative and high-energy environment. You are willing to experiment with new practices and develop effective processes, practices, and infrastructure to support successful projects.
Mentorship: You have experience mentoring, motivating, and empowering less-experienced team members in ways that promote equity and inclusion.
Communication: You are an outstanding communicator and can interact collaboratively and diplomatically with customers and colleagues at all levels of knowledge and experience. You grasp the big picture, direction, and goals of an effort with ability to dig into the details on problems and technical concepts. You can present complex ideas to people who may not have a deep understanding of the subject area.
Travel: Frequent (15-35%) to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings.
Security Clearance: The role requires the ability to obtain and maintain a United States Department of Defense security clearance.
Project Participation and Customer Engagement (80%) : You will contribute to customer projects designed to advance the state of the art in cybersecurity. You will represent the SEI regularly presenting our mission and our work to our stakeholders.
Community Engagement (15%): You will engage with our communities of interest; this includes presenting our mission and work via publication and presentation. You will build and maintain relationships with the relevant research and technology communities.
Professional Development (5%): You will continue to grow your knowledge and skills in cybersecurity and stay current on emerging trends and topics relevant to the team's portfolio.
Certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Project Management Professional (PMP),or equivalent experience.
CMU's COVID-19 Vaccination Requirements: As a condition of employment, Carnegie Mellon University requires all staff and faculty working in the United States to be fully vaccinated against COVID-19. Prior to commencement of employment, new hires in the United States must provide proof of vaccination or obtain an approved exemption. (Exemptions may be requested for medical reasons or for religious or strong moral or ethical conviction.) Those granted an exemption must comply with all applicable COVID-19 mitigation requirements, including use of facial coverings, daily self-assessment and weekly Tartan Testing.
Arlington, VA, Pittsburgh, PA
Staff - Regular
Full time/Part time
Salary More Information:
Please visit " Why Carnegie Mellon " to learn more about becoming part of an institution inspiring innovations that change the world.
Carnegie Mellon (www.cmu.edu) is a private, internationally ranked research university with programs in areas ranging from science, technology and business, to public policy, the humanities and the arts. More than 12,000 students in the university’s seven schools and colleges benefit from a small student-to-faculty ratio and an education characterized by its focus on creating and implementing solutions for real problems, interdisciplinary collaboration and innovation. A global university, Carnegie Mellon’s main campus in the United States is in Pittsburgh, Pa. It has campuses in California’s Silicon Valley and Qatar, and programs in Africa, Asia, Australia, Europe and Mexico.