What We Do: Our team provides technical guidance in the areas of capability and capacity development to Security Operations Centers (SOCs) and incident management teams (Computer Security Incident Response). Our partners include Federal agencies, academic institutions, foreign governments, private industry, and non-profit organizations. We develop and implement strategic and operational procedures for the cybersecurity community and regularly interact with sponsors and partners. Our team participates in and leads technical efforts by developing and prototyping new methods of evaluating and measuring operational and mission success. We implement and lead training and engagement efforts across various organizational components such as National Incident Response Teams, Product Security Teams, Security Operation Centers, and general incident management programs. The CERT Security Operations team seeks to develop cutting edge solutions to address critical and emerging challenges encountered by the DoD, DHS, DoS and the International Community. Key to our success is a diverse team of analysts, researchers, and engineers with a passion for understanding the implications of emerging technologies and best practices on US Government defensive missions.
A strong technical leader with a solid background in Security Operations and Incident Management. Responsible for the development and execution of strategic and operational procedures for the cybersecurity community, and research that advances the state of the art and practice of cyber operations and a member of a diverse team working across the following areas:
Capable of conducting and supporting analytical studies and investigations of risk, threat, and security data.
Operational knowledge and significant understanding of methods for evaluating mission operations and success.
Familiarity with machine learning and natural language processing concepts and activities.
Deep understanding of enterprise technology security issues.
Broad knowledge of commonly deployed computer network defense tools and processes to include leading vendor solutions.
Experience with current operational challenges and technical threats faced by network security and intelligence organizations.
Familiarity with project planning and management standard methodologies.
BS in in Computer Science or scientific/technical field, or related discipline with ten (10) years of experience; MS is the same fields with eight (8) years of experience; PhD in the same fields with five (5) years of experience or equivalent combination of training or experience.
Willingness to travel to various locations to support the SEI's overall mission. Travel is both foreign and domestic. This includes travel to sponsor sites, conferences, and offsite meetings. Moderate travel (25%)
You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance.
Knowledge, Skills, and Abilities:
Experience working with the government, or within a critical infrastructure sector such as the Financial Sector.
Background in international capacity and community building.
Experience working within or in collaboration with a national Incident Response or Security Operations organization.
Knowledge of current and effective Incident Response and Security Operations organizational and functional structures and the technical operations performed by these teams.
Experience effectively developing and delivering training to technical and management level audiences on subject matter related to computer incident response team (CSIRT) development, incident response operations, Security Operations Centers (SOCs), and National Cyber Centers.
Ability to work independently or within a team with members of varying skill sets and levels.
Ability to brief strategic and technical topics to senior management, technical and non- technical audiences.
Ability to write / craft clear, understandable documentation that translates complicated technical processes to a target audience (A writing sample may be requested). Team deliverables include technical publications; industry and government conference presentations; course development and delivery; direct customer engagement; and prototype tools and techniques.
Familiarity with metrics and measurement and assessment concepts and practices.
Active in regional or international trade-related organizations such as the Forum of Incident Response and Security Teams (FIRST), North American Network Operators' Group (NANOG), Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), Anti-Phishing Working Group (APWG), etc.
Participation in broad public forums through activities such as standards, open source development, or publication.
Licenses: industry recognized certifications preferred such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) Certified SOC Analyst (CSA), Certified Incident Handler (GCIH).
Experience publishing research and academic papers.
Experience with big data analytics and data science concepts.
Job Function Breakdown:
45% Create framework and methodology documents, both general and specific, intended to facilitate the organizational and technical capacity development of international partners.
25% Create and deliver training and education materials, exercises, and workshops; along with performing assessments or outreach activities such as developing blogs, podcasts or presentations.
20% Support planning, development, and execution of customer led and/or supported development activities, planning discussions, and awareness raising exercises. Through partnership, awareness, and action evaluate the need for, develop blueprints for, and assist with the implementation of national-level Cybersecurity capabilities.
10% Capture knowledge from engagements, integrate
CMU's COVID-19 Vaccination Requirements: As a condition of employment, Carnegie Mellon University requires all staff and faculty working in the United States to be fully vaccinated, including a booster when eligible, against COVID-19. Prior to commencement of employment, new hires in the United States must provide proof of vaccination or obtain an approved exemption. (Exemptions may be requested for medical reasons or for religious or strong moral or ethical conviction.) Those granted an exemption must comply with all applicable COVID-19 mitigation requirements, including use of facial coverings, daily self-assessment and weekly Tartan Testing.
Arlington, VA, Pittsburgh, PA, Remote
Staff - Regular
Full time/Part time
Salary More Information:
Please visit " Why Carnegie Mellon " to learn more about becoming part of an institution inspiring innovations that change the world.
Carnegie Mellon (www.cmu.edu) is a private, internationally ranked research university with programs in areas ranging from science, technology and business, to public policy, the humanities and the arts. More than 12,000 students in the university’s seven schools and colleges benefit from a small student-to-faculty ratio and an education characterized by its focus on creating and implementing solutions for real problems, interdisciplinary collaboration and innovation. A global university, Carnegie Mellon’s main campus in the United States is in Pittsburgh, Pa. It has campuses in California’s Silicon Valley and Qatar, and programs in Africa, Asia, Australia, Europe and Mexico.