CERT-SEI

Careers

Working at the CERT Division provides opportunities to have an impact on cybersecurity. At the CERT Division, you will have the chance to research security vulnerabilities in software products, contribute to long-term changes in networked systems, and develop cutting-edge information and training to help improve security.

The dynamic work environment at the CERT Division comes from our operating principles. At the CERT Division, we

  • advocate an entrepreneurial responsibility to develop new products and services, serve new customers, and increase our impact across the community
  • take informed risks, support each other in taking risks, and then celebrate our successes or learn from our mistakes
  • recognize the value of professional growth and take advantage of opportunities to increase subject matter knowledge and leadership capabilities

We work to ensure that systems management practices and technology, survivability engineering methods, network attack detection tools, and skilled staff are used to resist, recognize, and recover from attacks on networked computer systems. Our work environment is collaborative in nature as staff members work on cross-functional teams within the CERT Division, the Software Engineering Institute, other Carnegie Mellon departments, and across the global community.

Staff members say that one of the most satisfying aspects of working in the CERT Division "is being able to contribute to a global community that can impact the state of internet security."

To learn more about the program's technical areas of work, please see About Us. To learn more about working at the CERT Division, see Our Place at Carnegie Mellon University and Living in Pittsburgh.

Current Job Listings

The position you are looking for is not available. Please take a look at our current open positions listed below.

Select Job Location

Sort by Date Posted Title Location

21 Aug
2014
Capability Development Analyst - 101023
Pittsburgh, PA

Position Summary:  The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Program engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.  The CERT Coordination Center (CERT/CC) supports government customers by developing and transitioning cutting-edge analysis techniques and tools, providing strategic advisement, and supporting tactical operations.

The Capability Development Team Analyst is a member of the CERT/CC technical staff and based in the SEI Office in Pittsburgh, Pennsylvania. The candidate selected to fulfil this role will provide technical subject matter expertise to CERT/CC support of Computer Security Incident Response Team (CSIRT) and associated capability and capacity development efforts. This support will include assisting with the development and pursuit of CERT/CC strategic drivers for engaging in these initiatives and vision for CSIRT community interaction, regularly interacting with sponsors and stakeholders of these efforts, and execution of efforts as directed by the Capability Development Team Lead to ensure that the work being performed drives toward sponsor goals and CERT/CC strategic drivers.

Minimum Qualifications and Requirements:

Education/Training:  Bachelor’s Degree in Computer Science or scientific/technical field with three (3) years of experience.  MS/MA in a scientific or technical field with one (1) years of experience, or equivalent.

Experience:  Professional experience should include one (1) or more years of experience supporting CSIRT capabilities to include incident response, incident analysis, and development and implementation of mitigation actions and proactive security measures. This should include experience:

  • in creating, assessing, and improving these types of teams, as well as a working knowledge of existing global capabilities, advanced technology solutions and initiatives
  • as an operational CSIRT security analyst, incident handler, or operations specialist
  • working with and engaging people in diverse cultural environments, and
  • fostering interaction and collaboration amongst peer organizations

Skills/Abilities:

  • Knowledge of current and effective CSIRT organizational and functional structures and the technical operations performed by these teams
  • Ability to work independently or within a team with members of varying skill sets and levels
  • Broad understanding of enterprise technology security issues
  • Broad working knowledge of commonly deployed computer network defense tools and processes to include leading vendor solutions
  • Ability to brief strategic and technical topics to technical and non-technical audiences
  • Knowledge of current operational challenges and technical threats faced by network security and intelligence organizations
  • Familiarity with project planning and management best practices

Physical Mobility: Primarily sedentary in an office setting with some mobility.  Flexibility to travel monthly to sites in the Washington metropolitan area and international locations.

Environmental Conditions: Normal office conditions; close contact with computer display for extended periods of time

Mental: The ability to:

  • work meticulously with careful attention to detail;
  • meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities;
  • deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort;
  • develop and communicate innovative ideas;
  • take leadership role in technical projects; and
  • quickly learn new procedures, techniques, and approaches.

Other: U.S. Citizenship is required.  Applicants will be subject to a security investigation and must meet eligibility requirements for access to classified information, and must be able to pass a background investigation.

 

Preferred Qualifications and Requirements:

Education/Training: MS/MA in a scientific, technical, or business field with 2 years of experience, or equivalent; PhD in a technical field.

Licenses: CISSP, CEH, CISM, CompTIA, or similar

Experience:           

  • Participation in broad public forums through activities such as standards, open source development, or publication
  • Experience publishing research and academic papers
  • Experience working with the government, or within a critical infrastructure sector
  • Active in regional or international trade-related organizations such as the Forum of Incident Response and Security Teams (FIRST), North American Network Operators' Group (NANOG), Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), Anti-Phishing Working Group (APWG), etc.
  • Demonstrable experience effectively deliver training to technical and management level audiences on subject matter related to CSIRT development, incident response operations

 

Accountability:  This position is accountable for ensuring that the CSIRT Operations team delivers on the execution of the statement of work for customers sponsoring capability building efforts.  The individual is accountable for aligning CSIRT Operations projects with customer needs and re-prioritizing efforts as appropriate, in close coordination with the Capability Development Team Lead.

Direction:  The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual is expected to participate in the decision-making and problem-solving processes of defining, designing, implementing, and sustaining national-level CSIRT and related operations; suggesting and implementing policies and procedures to support these activities; and creating and sharing information regarding the state of the practice for broad dissemination.

Supervisory Responsibilities:  This position will not formally supervise any personnel. 

 

Job Functions or Responsibilities:

65%   Create framework and methodology documents, both general and specific to individual stakeholder groups, intended to facilitate the organizational and technical capacity development of large CSIRTs.

30%   Support planning, development, and execution of customer led and/or supported development activities, planning discussions, and awareness raising exercises. Through partnership, awareness, and action evaluate the need for, develop blueprints for, and assist with the implementation of national-level CSIRT capabilities

5%   Capture knowledge from the engagements undertaken, integrate it with lessons learned from other similar work, and help transfer that knowledge for the betterment of the global CSIRT community.

100% TOTAL EFFORT

 

Organizational Chart:  Program Director, CERT < Technical Director, CERT/CC < CSIRT Operations Technical Manager, CERT/CC < Capability Development Team Lead < Capability Development Analyst

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

21 Aug
2014
Capability Development Team Lead - 101025
Pittsburgh, PA

Position Summary:  The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Program engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.  The CERT Coordination Center (CERT/CC) supports government customers by developing and transitioning cutting-edge analysis techniques and tools, providing strategic advisement, and supporting tactical operations.

The Capability Development Team Lead is a member of the CERT/CC technical staff and based in the SEI Office in Pittsburgh, Pennsylvania. The candidate selected to fulfil this role will provide technical leadership to CERT/CC support of Computer Security Incident Response Team (CSIRT) and associated capability and capacity development efforts. This support will include assisting with the development and pursuit of CERT/CC strategic drivers for engaging in these initiatives and vision for CSIRT community interaction, regularly interacting with sponsors and stakeholders of these efforts, assisting with requirement definition and project planning, and leading execution of efforts in coordination with the Senior Capability Solutions Engineer to ensure that the work being performed drives toward sponsor goals and CERT/CC strategic drivers. Additionally, the candidate will work with the CSIRT Operations technical manager and peer team leads to ensure resources are properly aligned and prioritized with the needs of sponsors and against apropos project timelines.

 

Minimum Qualifications and Requirements:

Education/Training:  Bachelor’s Degree in Computer Science or scientific/technical field with eight (8) years of ; MS in a scientific or technical field with five (5) years of experience’ PhD in a scientific or technical field with two (2) years of experience; or equivalent combination of training and experience.

Experience:  Professional experience should include five (5) or more years of experience supporting or managing large organizational or national-level CSIRT capabilities to include incident response, incident analysis, and development and implementation of mitigation actions and proactive security measures. This should include experience:

  • in creating, assessing, and improving these types of teams, as well as a working knowledge of existing global capabilities, advanced technology solutions and initiatives
  • as an operational CSIRT security analyst, incident handler, or operations specialist
  • working with and engaging people in diverse cultural environments
  • fostering interaction and collaboration amongst peer organizations
  • leading and managing a small team
  • working with customers and technical staff for defining work and constructing appropriate project planning materials

Skills/Abilities:

  • Knowledge of current and effective CSIRT organizational and functional structures and the technical operations performed by these teams
  • Ability to work independently or within a team with members of varying skill sets and levels
  • Broad understanding of enterprise technology security issues
  • Broad working knowledge of commonly deployed computer network defense tools and processes to include leading vendor solutions
  • Ability to brief strategic and technical topics to senior management, technical and non-technical audiences
  • Knowledge of current operational challenges and technical threats faced by network security and intelligence organizations
  • Familiarity with project planning and management best practices
  • Ability to set goals for team members and managing tasking to reach those goals

Physical Mobility: Primarily sedentary in an office setting with some mobility.  Flexibility to travel monthly to sites in the Washington metropolitan area and international locations.

Environmental Conditions: Normal office conditions; close contact with computer display for extended periods of time

Mental: The ability to:

  • work meticulously with careful attention to detail;
  • meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities;
  • deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort;
  • develop and communicate innovative ideas;
  • take leadership role in technical projects; and
  • quickly learn new procedures, techniques, and approaches.

 

Other: U.S. Citizenship is required.  Applicants will be subject to a security investigation and must meet eligibility requirements for access to classified information, and must be able to pass a background investigation.

 

Preferred Qualifications and Requirements:

Education/Training: MS/MA in a scientific, technical, or business field with five (5) years of experience, or equivalent;  PhD in a technical field with two (2) years of experience.

Licenses:  CISSP, CEH, CISM, CompTIA, or similar.

 

Experience:        

  • Prior responsibility in managing a body of work consisting of numerous large scale projects and multiple customers/external sponsors
  • Experience publishing research and academic papers
  • Experience working with the government, or within a critical infrastructure sector
  • Active in regional or international trade-related organizations such as the Forum of Incident Response and Security Teams (FIRST), North American Network Operators' Group (NANOG), Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), Anti-Phishing Working Group (APWG), etc.
  • Demonstrable experience effectively deliver training to technical and management level audiences on subject matter related to CSIRT development, incident response operations

 

Accountability:  This position is accountable for ensuring that the CSIRT Operations team delivers on the execution of the statement of work for customers sponsoring capability building efforts.  The individual is accountable for aligning CSIRT Operations projects with customer needs and re-prioritizing efforts as appropriate, in close coordination with the Senior Capability Solutions Engineer.

Direction: The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual is expected to participate in the decision-making and problem-solving processes of defining, designing, implementing, and sustaining national-level CSIRT and related operations; suggesting and implementing policies and procedures to support these activities; and creating and sharing information regarding the state of the practice for broad dissemination.

Supervisory Responsibilities: This position will formally supervise a team of 3 – 6 people, steering and leading team efforts to align with and deliver on project goals as coordinated with other CERT/CC, sponsor, and stakeholder personnel.

 

Job Functions or Responsibilities:

50%      Supervise a team, coordinating and prioritizing efforts based on project plans and assign tasking and set priorities based on changing needs. Contribute to team work products.

40%      Ensure successful completion of customer tasking by coordinating project management, resource allocation, and task execution with necessary management, Senior Capability Solutions Engineer, and other technical staff.

10%      Capture knowledge from the engagements undertaken, integrate it with lessons learned from other similar work, and help transfer that knowledge for the betterment of the global CSIRT community.

100% TOTAL EFFORT

 

Organizational ChartProgram Director, CERT < Technical Director, CERT/CC < CSIRT Operations Technical Manager, CERT/CC < Capability Development Team Lead

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

 

21 Aug
2014
Capability Team Analyst - 101024
Pittsburgh, PA

Position SummaryThe CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Program engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.  The CERT Coordination Center (CERT/CC) supports government customers by developing and transitioning cutting-edge analysis techniques and tools, providing strategic advisement, and supporting tactical operations.

The Capability Development Team Analyst is a member of the CERT/CC technical staff and based in the SEI Office in Pittsburgh, Pennsylvania. The candidate selected to fulfil this role will provide technical subject matter expertise to CERT/CC support of Computer Security Incident Response Team (CSIRT) and associated capability and capacity development efforts. This support will include assisting with the development and pursuit of CERT/CC strategic drivers for engaging in these initiatives and vision for CSIRT community interaction, regularly interacting with sponsors and stakeholders of these efforts, and execution of efforts as directed by the Capability Development Team Lead to ensure that the work being performed drives toward sponsor goals and CERT/CC strategic drivers.

 

Minimum Qualifications and Requirements:

Education/Training:  Bachelor’s Degree in Computer Science or scientific/technical field with (8) eight years of experience; MS/MA in a scientific or technical field with five (5) years of experience; PhD in a scientific or technical field with two (2) years of experience; or equivalent combination of training and experience.

Experience: Professional experience should include five (5) or more years of experience supporting or managing large organizational or national-level CSIRT capabilities to include incident response, incident analysis, and development and implementation of mitigation actions and proactive security measures. This should include experience:

  • in creating, assessing, and improving these types of teams, as well as a working knowledge of existing global capabilities, advanced technology solutions and initiatives
  • as an operational CSIRT security analyst, incident handler, or operations specialist
  • working with and engaging people in diverse cultural environments, and
  • fostering interaction and collaboration amongst peer organizations

Skills/Abilities:

  • Knowledge of current and effective CSIRT organizational and functional structures and the technical operations performed by these teams
  • Ability to work independently or within a team with members of varying skill sets and levels
  • Broad understanding of enterprise technology security issues
  • Broad working knowledge of commonly deployed computer network defense tools and processes to include leading vendor solutions
  • Ability to brief strategic and technical topics to senior management, technical and non-technical audiences
  • Knowledge of current operational challenges and technical threats faced by network security and intelligence organizations
  • Familiarity with project planning and management best practices

Physical Mobility: Primarily sedentary in an office setting with some mobility.  Flexibility to travel monthly to sites in the Washington metropolitan area and international locations.

Environmental Conditions: Normal office conditions; close contact with computer display for extended periods of time

Mental: The ability to:

  • work meticulously with careful attention to detail;
  • meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities;
  • deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort;
  • develop and communicate innovative ideas;
  • take leadership role in technical projects; and
  • quickly learn new procedures, techniques, and approaches.

Other: U.S. Citizenship is required.  Applicants will be subject to a security investigation and must meet eligibility requirements for access to classified information, and must be able to pass a background investigation.

 

Preferred Qualifications and Requirements:

Education/Training: MS/MA in a scientific or technical field with five (5) years of experience; PhD in a scientific or technical field with two (2) years of experience; or equivalent combination of training and experience.

Licenses: CISSP, CEH, CISM, CompTIA, or similar.

Experience:          

  • Participation in broad public forums through activities such as standards, open source development, or publication
  • Experience publishing research and academic papers
  • Experience working with the government, or within a critical infrastructure sector
  • Active in regional or international trade-related organizations such as the Forum of Incident Response and Security Teams (FIRST), North American Network Operators' Group (NANOG), Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), Anti-Phishing Working Group (APWG), etc.
  • Demonstrable experience effectively deliver training to technical and management level audiences on subject matter related to CSIRT development, incident response operations

 

Accountability:  This position is accountable for ensuring that the CSIRT Operations team delivers on the execution of the statement of work for customers sponsoring capability building efforts.  The individual is accountable for aligning CSIRT Operations projects with customer needs and re-prioritizing efforts as appropriate, in close coordination with the Capability Development Team Lead.

Direction: The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work.

Decisions : The individual is expected to participate in the decision-making and problem-solving processes of defining, designing, implementing, and sustaining national-level CSIRT and related operations; suggesting and implementing policies and procedures to support these activities; and creating and sharing information regarding the state of the practice for broad dissemination.

Supervisory Responsibilities:  This position will not formally supervise any personnel.

 

Job Functions or Responsibilities:

70%      Create framework and methodology documents, both general and specific to individual stakeholder groups, intended to facilitate the organizational and technical capacity development of large CSIRTs.

20%      Support planning, development, and execution of customer led and/or supported development activities, planning discussions, and awareness raising exercises. Through partnership, awareness, and action evaluate the need for, develop blueprints for, and assist with the implementation of national-level CSIRT capabilities

10%      Capture knowledge from the engagements undertaken, integrate it with lessons learned from other similar work, and help transfer that knowledge for the betterment of the global CSIRT community.

100% TOTAL EFFORT

 

Organizational Chart:  Program Director, CERT < Technical Director, CERT/CC < CSIRT Operations Technical Manager, CERT/CC < Capability Development Team Lead < Capability Development Analyst

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

15 Aug
2014
Cyber Security Engineer- Exercise Developer - 101006
Pittsburgh, PA

Position Summary:  As a member of CERT's Workforce Development program, the candidate will work with other team members in developing cyber-security training exercises and simulations, primarily for US military/government customers. This involves interacting directly with customers, gathering training requirements and objectives, producing and facilitating creative and engaging exercise scenarios, and building supporting physical and virtualized systems and network topologies. As such, the candidate will work regularly with a wide range of software and hardware technologies within CERT labs. The candidate may also assist in developing and teaching cyber security training content to external customers. The candidate will also be involved software and hardware prototype development.  Additionally, the position requires the candidate to have demonstrated and effective leadership/management abilities as he/she may supervise and evaluate full time direct reports as well as the activities of graduate student assistants. The successful candidate must be self-directed, have an interdisciplinary approach to problem solving, and work well communicating technical information to technical and non-technical users. The candidate must also be able to interact with clients and staff of all levels in a highly professional and competent manner.

Minimum Qualifications and Requirements:

Education/Training:  Bachelor’s degree in Computer Science, Information Science, or related discipline with eight (8) years applicable working experience in information technology, Master’s degree in Computer Science, Information Science, or related discipline with five (5) years applicable working experience in information technology, PhD Computer Science, Information Science, or related discipline with two (2) years applicable working experience in information technology, or equivalent combination of training or experience.

Experience: Successful candidates must possess "hands-on" experience with Computer/Network Security and I.T. system and network administration. Additionally, he/she must have practical experience with Windows server and desktop platforms and Linux/Unix operating systems. The candidate must have experience in network design and troubleshooting and implementing standard networking protocols. Additionally, demonstrated practical experience working with common commercial and open-source cyber security tools is required. The candidate should have some experience teaching technical content to students, peers, and non-technical individuals and must enjoy doing so.

Skills/Abilities: Candidate must be able to prioritize workload and complete deliverables on time, have good technical problem-solving skills, strong analytical and information organization skills, excellent oral and written communication skills, and strong technical teaching skills. Candidate must be able to multitask and work effectively with multiple project teams and sponsors/customers. Experience with virtualization technologies, particularly VMWare ESX server is highly desired. Programming experience in C, C++, C#, Python, and Java is also highly desirable.

Physical Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites.

Environmental Conditions: Close contact with computer for long periods of time.

Mental: Ability to pay close attention to detail, meet deadlines, work under pressure, and communicate effectively.

Other:  U.S. Citizenship is required.  Applicants will be subject to a security investigation and must meet eligibility requirements for access to classified information, and must be able to pass a background investigation.

 

Preferred Qualifications and Requirements:

Education/Training: BS and MS in Computer Science; training in enterprise security tools (i.e. McAfee ePO/HIPS, ArcSight, etc.)

Licenses: CISSP, Network+, Security+ and/or other industry standard certifications

Experience: US military service in a series of positions involving information technology, cyber security, and management of large scale government networks.

Skills/Abilities: Strong presentation/platform skills and excellent writing skills.

 

Accountability:  The incumbent is accountable for the definition, creation, and maintenance of final deliverables and products and may manage unclassified/classified DoD projects in excess of $3M annually.

Direction:  The incumbent is expected to act independently using CMU and SEI defined policies, practices, and procedures.

Decisions: The incumbent must use good judgment to solve customer and personnel problems and is required to envision, design, develop, pilot, and deliver new capabilities, products, and services.  Candidate will also be required to accurately represent SEI/CERT and its technical work in interactions with customers, sponsors, and the public.

Supervisory Responsibilities:  The incumbent may have at least 2 direct reports as well as up to 15 secondary reports and will be required to provide performance management, career guidance, and take personnel corrective actions as required.

 

Job Functions or Responsibilities:

10%      Design and develop technical documents and instructional materials.

10%      Research, evaluate, develop, install/configure hardware and software including promising new technologies that require examination for cyber security research and development.

10%      Deliver technical and management training to customers.

55%      Mentor, guide and interact with team and other staff.

15%      Contribute to transition planning and strategy.

100% TOTAL EFFORT

 

Organizational Chart: Director, CERT Division < Technical Director, Cyber Security Solutions Directorate < Technical Manager, Cyber Workforce Development Initiative < Cyber Workforce Development Team Lead < Cyber Security Engineer - Exercise Developer

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

25 Aug
2014
Cyber Security Engineer- Exercise Developer - 101030
Pittsburgh, PA

Position Summary:  As a member of CERT's Workforce Development program, the candidate will work with other team members in developing cyber-security training exercises and simulations, primarily for US military/government customers. This involves interacting directly with customers, gathering training requirements and objectives, producing and facilitating creative and engaging exercise scenarios, and building supporting physical and virtualized systems and network topologies. As such, the candidate will work regularly with a wide range of software and hardware technologies within CERT labs. The candidate may also assist in developing and teaching cyber security training content to external customers. The candidate will also be involved software and hardware prototype development.  Additionally, the position requires the candidate to have demonstrated and effective leadership/management abilities as he/she may supervise and evaluate full time direct reports as well as the activities of graduate student assistants. The successful candidate must be self-directed, have an interdisciplinary approach to problem solving, and work well communicating technical information to technical and non-technical users. The candidate must also be able to interact with clients and staff of all levels in a highly professional and competent manner.

Minimum Qualifications and Requirements:

Education/Training:  Bachelor’s degree in Computer Science, Information Science, or related discipline with eight (8) years applicable working experience in information technology, Master’s degree in Computer Science, Information Science, or related discipline with five (5) years applicable working experience in information technology, PhD Computer Science, Information Science, or related discipline with two (2) years applicable working experience in information technology, or equivalent combination of training and experience.

Experience: Successful candidates must possess "hands-on" experience with Computer/Network Security and I.T. system and network administration. Additionally, he/she must have practical experience with Windows server and desktop platforms and Linux/Unix operating systems. The candidate must have experience in network design and troubleshooting and implementing standard networking protocols. Additionally, demonstrated practical experience working with common commercial and open-source cyber security tools is required. The candidate should have some experience teaching technical content to students, peers, and non-technical individuals and must enjoy doing so.

Skills/Abilities: Candidate must be able to prioritize workload and complete deliverables on time, have good technical problem-solving skills, strong analytical and information organization skills, excellent oral and written communication skills, and strong technical teaching skills. Candidate must be able to multitask and work effectively with multiple project teams and sponsors/customers. Experience with virtualization technologies, particularly VMWare ESX server is highly desired. Programming experience in C, C++, C#, Python, and Java is also highly desirable.

Physical Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites.

Environmental Conditions: Close contact with computer for long periods of time.

Mental: Ability to pay close attention to detail, meet deadlines, work under pressure, and communicate effectively.

Other:  U.S. Citizenship is required.  Applicants will be subject to a security investigation and must meet eligibility requirements for access to classified information, and must be able to pass a background investigation.

 

Preferred Qualifications and Requirements:

Education/Training: BS and MS in Computer Science; training in enterprise security tools (i.e. McAfee ePO/HIPS, ArcSight, etc.).

Licenses: CISSP, Network+, Security+ and/or other industry standard certifications.

Experience: US military service in a series of positions involving information technology, cyber security, and management of large scale government networks.

Skills/Abilities: Strong presentation/platform skills and excellent writing skills.

 

Accountability:  The incumbent is accountable for the definition, creation, and maintenance of final deliverables and products and may manage unclassified/classified DoD projects in excess of $3M annually.

Direction:  The incumbent is expected to act independently using CMU and SEI defined policies, practices, and procedures.

Decisions: The incumbent must use good judgment to solve customer and personnel problems and is required to envision, design, develop, pilot, and deliver new capabilities, products, and services.  Candidate will also be required to accurately represent SEI/CERT and its technical work in interactions with customers, sponsors, and the public.

Supervisory Responsibilities:  The incumbent may have at least 2 direct reports as well as up to 15 secondary reports and will be required to provide performance management, career guidance, and take personnel corrective actions as required.

 

Job Functions or Responsibilities:

10%      Design and develop technical documents and instructional materials.

10%      Research, evaluate, develop, install/configure hardware and software including promising new technologies that require examination for cyber security research and development.

10%      Deliver technical and management training to customers.

55%      Mentor, guide and interact with team and other staff.

15%      Contribute to transition planning and strategy.

100% TOTAL EFFORT

 

Organizational Chart: Director, CERT Division < Technical Director, Cyber Security Solutions Directorate < Technical Manager, Cyber Workforce Development Initiative < Cyber Workforce Development Team Lead < Cyber Security Engineer - Exercise Developer

 

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

21 Aug
2014
Senior Capability Solutions Engineer - 101022
Pittsburgh, PA

Position Summary:  The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Program engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.  The CERT Coordination Center (CERT/CC) supports government customers by developing and transitioning cutting-edge analysis techniques and tools, providing strategic advisement, and supporting tactical operations.

The Senior Capability Solutions Engineer is a member of the CERT/CC technical staff and based in the SEI Office in Pittsburgh, Pennsylvania. The candidate selected to fulfil this role will guide CERT/CC capability and capacity development of Computer Security Incident Response Teams (CSIRT). This support will include defining and effectuating a vision for CSIRT community interaction to include identifying initiatives to achieve this vision; acting as the primary point of contact to sponsors and stakeholders of these efforts; assisting with requirement definition and project planning; and overseeing and contributing to these projects.

Minimum Qualifications and Requirements:

Education/Training: BS in Computer Science, Mathematics, Information Systems, Information Systems Management or related field with ten (10) years’ experience; MS in Computer Science, Mathematics, Information Systems, Information Systems Management or related field with eight (8) years’ experience; PhD in Computer Science, Mathematics, Information Systems, Information Systems Management or related field with five (5) years’ experience; or equivalent combination of training and experience.

Experience: Professional experience should include five (5) or more years of experience supporting the development and sustainment of large organizational or national-level CSIRT capabilities. Experience in creating, assessing, and improving these types of teams, as well as a working knowledge of existing global capabilities and initiatives is desired.

Skills/Abilities:

  • Ability to function in the role of an advisor and project leader
  • Strong problem solving, organizational, and oral and written communication skills
  • Ability to work both independently and with teams with members of varying skill sets and levels
  • Proven ability to define requirements for, seek support of, and initiate the development and sustainment of large strategic CSIRT operations
  • Broad understanding of network, host, and application technology and security issues
  • Experience working and engaging people in varying cultural environments, and fostering community interaction and collaboration
  • Ability to brief strategic and technical topics to senior management, technical and non-technical audiences
  • Knowledge of current challenges and threats faced by network security and intelligence organizations
  • Knowledge of existing global CSIRT and related capabilities, services that they provide, constituents, and challenges faced by these teams
  • Experience in overseeing work of a team, and proven success in executing projects leveraging personnel from across teams
  • Ability to create strategic direction for a technical group
  • Experience in working with customers and technical staff for defining work and project planning materials
  • Ability to define and deliver technical subject matter in a way that allows it to be easily transitioned for operational implementation, such as course materials
  • Vision for organization of knowledge and documentation using varying technical toolsets
  • The ability to work with and engage people in diverse cultural environments

Physical Mobility: Primarily sedentary in an office setting with some mobility.  Flexibility to travel to sites in the Washington metropolitan area and varying international locations.

Environmental Conditions:  Normal office conditions; close contact with computer display for extended periods of time

Mental:  The ability to:

  • work meticulously with careful attention to detail;
  • meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities;
  • deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort;
  • develop and communicate innovative ideas;
  • take leadership role in technical projects; and
  • quickly learn new procedures, techniques, and approaches

Other:  U.S. Citizenship is required.  Applicants will be subject to a security investigation and must meet eligibility requirements for access to classified information, and must be able to pass a background investigation.

                                    

Preferred Qualifications and Requirements:

Education/Training:  PhD in Computer Science, Mathematics, Information Systems, Information Systems Management or related field with five (5) years’ experience; or equivalent combination of training and experience. Practical security training (e.g. SANS GIAC Level 2 courses, CCNP, CCIE Security)

Skills/Abilities:

  • Experience working with the government, or within a critical infrastructure sector
  • Experience developing briefing materials for senior leadership within government and for international audiences
  • History of contributions to the broader computer security industry, research, or operational communities
  • Experience deploying, supporting, or otherwise contributing to large-scale CSIRT or related operations
  • Experience in a variety of computer security topical areas
  • Prior responsibility in managing a body of work consisting of numerous large projects with multiple customers/external sponsors and stakeholders

 

Accountability: The individual is accountable for:

  • Capturing the requirements of and managing relationships with customers and stakeholders
  • Setting expectations for the effort and impact based on availability of resources
  • Coordinating organizational support of successful completion of tasking
  • Creation of papers defining technical and non-technical topic matter for customers and stakeholders

Direction: The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual is expected to participate in the decision-making and problem-solving processes of defining, designing, implementing, and sustaining national-level CSIRT and related operations; suggesting and implementing policies and procedures to support these activities; and creating and sharing information regarding the state of the practice for broad dissemination.

Supervisory Responsibilities:  This position does not formally supervise others. However, the individual may will act in a technical leadership (non-supervisory) role in regard to specific work products, projects, and activities.                                                                                                 

 

Job Functions or Responsibilities:

70%   Lead support to diverse customer and stakeholder base in the areas of strategy; process/policies; requirements definition; definition and design of teams and programs; operations implementation and sustainment; communication and collaboration; outreach; and training.

20%   Ensure successful completion of customer tasking by coordinating project management, resource allocation, and task execution with necessary management and technical staff.

10%   Capture knowledge from the engagements undertaken, integrate it with lessons learned from other similar work, and help transfer that knowledge through relevant artifacts.

100% TOTAL EFFORT

 

Organization Chart:  Program Director, CERT < Technical Director, CERT/CC < Deputy Technical Director, CERT/CC < Senior Capability Solutions Engineer

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

30 Jul
2014
Senior Cyber Security Engineer - 100973
Pittsburgh, PA

Position Summary:  The CMU/SEI Cyber Security Solutions (CS2) directorate is a leading edge analytical resource focusing on critical U.S. Government (USG) needs.  For the past 8 years, the CS2 Forensic Operations and Investigations group has provided analytical and operational support to high-profile investigations including numerous activities of national or international significance. Through this work the CS2/FOI can see the current limitations of digital analysis and incident response in the field first hand. Combining applied research with the unique talents, operational experience, research capabilities, and the vast knowledge base of Carnegie Mellon University, DIID is unmatched in its ability to develop new tools and methods to address cyber security limitations and critical gap areas.

The individual in this position will work as a member of the CERT Program’s Cyber Security Solutions (CS2) directorate as a member of the Forensic Operations and Investigations (FOI) group. The candidate will be expected to perform a variety of roles. Primary to this position is the management of an existing portfolio of operational clientele as well as the expansion of the FOI portfolio of work within the Defense and Intelligence communities. To achieve this, the candidate will be expected to understand the unique needs of these communities in order to develop a strategic program of research, development and analysis to support current and future gaps in key areas of need. This position will be directly responsible for developing new and maintaining existing customer relationships through ongoing interaction with customers.

Minimum Qualifications and Requirements:

Education/Training:  Bachelors of Science in Computer Science, Intelligence or Intelligence Analysis, Network Security, or related field with more than ten (10) years’ experience, Masters of Science in same fields with more than eight (8) years’ experience, Doctorate in same fields with more than five (5) years’ experience or equivalent.

Experience:  Professional experience listed above to include the following areas: Cyber and Intelligence analysis, preferably within company security teams, network operations centers, counter terrorism centers, or within the government in counter cyber threat environments; intelligence community knowledge and experience; awareness of sourcing, intelligence analysis methodologies, intelligence needs, cyber capabilities, and intelligence tools; leader of teams of analysts, operators, and technologist, preferably in the areas of security or intelligence; experience with and oversight of intelligence analysis and reporting operations; experience using and awareness of data analytics.

Skills/Abilities: Knowledge of and experience in: Familiarity with mission needs and challenges in “cyber”; awareness of intelligence capabilities in support of US Government (Department of Defense and the Intelligence Community) cyber missions, including gaps and capability needs; experience and knowledge of cyber threats and cyber threat analytics; intimate knowledge of key government stakeholders in cyber and knowledge of relevant industry organizations and activities related to cyber; information assurance/survivability; data analytics; effective leadership skills to create informal but effective teams in partnerships across the U.S.; team leadership; leadership of skill-diverse, multidisciplinary teams; strong written and verbal communications skills and the ability to present to small and large audiences; intelligence community and service cyber commands domain knowledge a plus.

Physical Mobility: Primarily sedentary in an office setting with some mobility. Flexible to travel to various locations within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion. Travel outside of Pittsburgh limited to one-two weeks a month.

Environmental Conditions: Normal office conditions; close contact with computer screen for extended periods of time.

Mental: The ability to The ability to: Oversee and direct the design and development of detailed analysis methodologies and processes based on requirements elicitation from internal and external stakeholders; lead the interaction and clearly communicate with cyber intelligence and security staff across government and industry, software developers, IT infrastructure owners and architects, analyst, and non-technical experts; work meticulously with attention to detail; lead multiple projects and project teams at once; delegation; lead and manage under uncertainty; gradual structure projects and programs based on dynamic requirements and incremental input and evaluation; flexibility; drive teams to effectively meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; deal collaboratively, diplomatically, and successfully with customers, co-workers, and other professional colleagues, managers, and staff; grasp and shape the big picture, direction, and goals of an effort while focusing on the meaning of details and how they are to be achieved; interface with world-class researchers across government, industry, and academia; develop and communicate innovative ideas; quickly learn and develop new procedures, techniques, and approaches.

Other:  U.S. Citizenship is required.  Applicants will be subject to a security investigation and must meet eligibility requirements for access to classified information, and must be able to pass a background investigation.

 

Accountability:  This position will be responsible for leading technical teams, developing approaches and solutions to digital intelligence problems for and with government, industry, and academic partners.

Direction: This position is expected to act with limited supervision in accordance with SEI procedures and policies, such as those involving technical leadership, analysis, report production, and confidentiality. This position requires close collaboration and teaming with the CS2/FOI Technical Management teams and program staff.

Decisions:  This position will be in a decision-making capacity for technical aspects of FOI projects and programs. Close coordination with the FOI technical manager will be required.

Supervisory Responsibilities:  This position will likely hold supervisory responsibilities for small (2) to medium (10) sized teams.

 

Job Functions or Responsibilities:

55%     Serve as a technical leader for CS2/FOI projects and programs, including the development of capabilities. Lead technology demonstration and intelligence activities across the Forensic Operations and Investigations (FOI) portfolio. Oversee and direct the aggregation and analysis of industry and contextual data to understand, capture, and report on events related to global, national, and local threat intelligence and network intelligence. Collaborate with, direct, and mentor other SEI staff, including analysts, technologist, researchers, and others.

25%     Explore, design, identify, document, guide the development of, and evaluate solutions to critical government and industry cyber intelligence issues.  Interface and collaborate with government and industry experts, the research community, and academics to identify needs, capabilities, objectives, and possible solutions to key digital intelligence challenges.

15%     Work with and advise the CS2/FOI management, and other senior leaders at the SEI on strategy, business development, direction, planning, and execution.

SECONDARY FUNCTIONS

5%    Participate in the broader SEI software research community through collaboration, papers, and presentations.

100% TOTAL EFFORT

 

Organizational Chart:  CERT Director > CS2 Technical Director > CS2 Deputy Director > Forensic Operations and Intelligence Technical Manager > Senior Engineer – Defense and Intelligence

14 Aug
2014
Vulnerability Analyst - 101004
Pittsburgh, PA

Position Summary:  This is an entry level position that is responsible for acting as the primary coordinator for all software vulnerabilities reported to the CERT Vulnerability Analysis team. CERT receives vulnerability reports through a variety of sources, mainly from the Vulnerability Reporting Form (VRF) on the cert.org website and direct correspondence from researchers, usually through the cert@cert.org email address. The individual will lead customer, vendor, and reporter coordination, and will write vulnerability reports to be published in the CERT website. These vulnerability notes will include detailed technical descriptions of a given vulnerability in addition to any mitigation recommendations. This individual will also be responsible for software vulnerability analysis including black box testing, source code examination, and attack reproduction. The individual in this position must be self-motivated and will have the opportunity to serve as a strong contributor in the analysis, coordination, and remediation of software vulnerabilities.  

 

Minimum Qualifications and Requirements:

Education/Training: Bachelor’s degree in Computer Science or related field, or equivalent in education and Minimum of three (3) years’ experience' or Master's degree in Computer Science or related field with one (1) year experience or combination of experience and training.

Experience: This is an entry level position that provides an opportunity for an individual with the educational background and interest to gain experience in the field of computer security.  The individual in this position should have the interest or classroom experience studying system or network administration, software development, database administration, or similarly technical areas. Candidates should have experience in a Windows and Unix/Linux environment and be able to demonstrate substantial knowledge of at least four of the following: various internet protocols (e.g., TCP/IP, DNS, BGP, SMTP, HTTP); computer system and Internet security issues; various security technologies (e.g., encryption, firewalls, and anti-virus products); software runtime analysis, debugging, and security testing techniques; security auditing practices; underlying software defects that routinely result in security vulnerabilities (e.g., input validation errors); understanding of intruder techniques and software exploitation methods; system, database, and/or network administration; operational details of multiple operating systems; cryptographic principles and common cryptographic protocols; one or more programming languages (e.g., C/C++, Perl, or Java); vulnerability management concepts and tools.

Skills/Abilities: Successful candidates will: have an interest in and have extensive knowledge of network and computer security issues; have the ability to analyze software to discover vulnerabilities; be able to develop and explain technical decisions; be able to separate fact from opinion and speculation; have excellent work prioritization, planning, and organizational skills; interact effectively with vulnerability reporters, system and network administrators, vendors, experts, Internet users, sponsors, policy makers, news reporters, managers and staff (i.e., stakeholders in the vulnerability disclosure process); be able to work with closely coordinated team during emergencies; excellent analytical, reasoning, and creative problem solving skills; excellent written, oral communication skills; recognize and deal appropriately with confidential and sensitive information; be able to work meticulously with careful attention to detail; be able to collaborate effectively and work closely within a coordinated team environment; be able to quickly learn new procedures, techniques, and approaches; maintain composure while dealing with difficult people; communicate and work effectively under normal and stressful situations; meet inflexible deadlines; possess strong leadership and mentoring abilities; be motivated to tackle challenging problems.

Physical Mobility: Sedentary.

Environmental Conditions: Close contact with computer displays for prolonged periods.

Mental: Ability to work under pressure; work concurrently on multiple programs in different stages, pay attention to detail; meet inflexible deadlines; deal with difficult individuals while maintaining composure.

Other: U.S. Citizenship is required.  Applicants will be subject to a security investigation and must meet eligibility requirements for access to classified information, and must be able to pass a background investigation.

 

Preferred Qualifications and Requirements:

Experience:  Ideal candidates will have substantial experience in two or more of the following areas: industrial/process control systems; web application development; computer and network architecture; reverse engineering; software development; computer and network architecture; network security and survivability issues, to include knowledge of and experience with information security concepts, information security best practices and bodies of knowledge, computer security incident response management.


Accountability: This position is accountable for:  Coordinating all software vulnerabilities reported to the CERT Vulnerability Analysis team; leading customer, vendor, and reporter coordination; producing vulnerability reports to be published.

Direction: Expected to perform under general supervision. Most normal duties and responsibilities are handled independently with the use of established research protocol and departmental and university procedures and policies. Difficult or unique situations are referred to the supervisor.

Decisions: Suggests possible solutions to colleagues and users.

Supervisory Responsibilities: This position does not supervise others.


JOB FUNCTIONS OR RESPONSIBILITIES:

40% Analyzes incoming vulnerability reports to determine technical validity and merit. Coordinates response strategy with affected vendors. Publishes corresponding vulnerability notes.

40% Performs vulnerability discovery and validation using in-house CERT fuzzing tools.

10% Attends required meetings and participates in various seminars and training classes to maintain or update skills needed.

5% Submits regular work progress reports to supervisor.

5%Performs related duties as assigned.

100% TOTAL EFFORT


ORGANIZATIONAL CHART:  CERT Director->CERT/CC Technical Director->Vulnerability Analysis Technical Manager->Vulnerability Analysis Team Lead->Vulnerability Analyst

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

 

27 Jun
2014
Project Manager - 100880
Pittsburgh, PA

This position is located in Pittsburgh, PA

Position Summary:  The CERT Division is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Division engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems. 

A CERT/CC Project Manager is a member of the CERT/CC Project Office that guides the development and execution of technical projects throughout the lifecycle.  The successful candidate will work closely with PMO Manager to plan and establish organizational project management processes to achieve needs of different departments within the CERT/CC.  The candidate will: develop project management processes and create improvement plans to meet business and project needs, perform administrative and PM duties in the Microsoft Project Server and related Project Site SharePoint environments, and be responsible for the management and completion of projects.  Activities will include oversight of all aspects of projects, setting deadlines, assigning responsibilities, monitoring progress, and producing reports for management.

Responsibilities:

  • CERT/CC Project Office
    • Develop systematic management of projects in alignment with the organization’s strategic business goals
    • Define and implement organizational project management processes and mature existing processes
    • Perform maturity assessments and create improvement plans
    • Develop project management tracking systems
  • Project Management
    • Define and control scope
    • Develop WBS, produce and manage schedule
    • Work with Technical Leads to produce cost estimates, schedules and financial reporting artifacts
    • Assist in managing the activities of non-organic employees and subcontractors who serve on the project team to ensure completion and acceptance of deliverables
    • Coordinate and perform resource allocation and leveling among competing priorities across the organization.
    • Assemble project plans and, in conjunction with the technical lead, direct and monitor the work
    • Resolve or escalate risks related to cost, quality, and schedule
    • Responsible for reporting progress, status, and issues to CERT/CC and government program managers.
  • Project Tools Administrator
    • Support users unfamiliar with tools
    • Perform troubleshooting
    • Backup and restore
    • Manage MSP PWA and Project Site security
    • Perform Time and Task Management
    • Develop custom Business Intelligence reports (SQL)
    • Manage internal project information maintained in Atlassian Confluence, JIRA, and RMsis.

Minimum Qualifications and Requirements:

Education/Training:   MBA or MS in Computer Science, Software Engineering, Information Systems or related field or combination of training and experience.

Licenses:   Project Management Professional (PMP).

Experience:  Designing, developing, or implementing information technology projects for government clients; exceptional interpersonal and technical writing skills; developing organizational project management processes and tools infrastructure. Candidate should have five to seven (5-7) years of project management experience with customer-focused technology projects such as product or service development, research and development or technical transition.

Skills/Abilities:   Working knowledge of Microsoft Project Server; analytical and technical problem-solving skills; possess strong customer service skills; motivated to tackle challenging problems; excellent organizational skills; communicate effectively within a team environment.

Physical Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI and Carnegie Mellon community, customer sites, conferences, and offsite meetings with some frequency.

Environmental Conditions:  Normal office conditions, close contact with computer for prolonged periods of time.

Mental: Ability to work under pressure and changing priorities; pay attention to detail; meet inflexible deadlines; deal with difficult individuals while maintaining composure.

Other:  U.S. Citizenship is required.  Applicants will be subject to a security investigation and must meet eligibility requirements for access to classified information, and must be able to pass a background investigation.  Apllicants must be willing to travel to a customer site in the Washington D.C. / Northern Virginia metro area. Candidate will be required to travel on overnight assignments.

 

Accountability: The Individual is accountable for:  accurately capturing project requirements and managing projects through the lifecycle; working closely with technical project leads and CERT/SEI financial managers to ensure projects are accurately represented, managed and controlled.

Direction:  Performs under minimal supervision, independent judgment is encouraged.  Most normal duties and responsibilities are handled independently with the use of established procedures and policies.  Difficult or unique situations are referred to the supervisor.

Decisions:  Accurately represents the program and individual projects in interactions with internal branches, customers and sponsors.  The individual is expected to participate in the decision-making and problem-solving processes surrounding building accurate project plans, understanding the SEI financial system and making CERT/CC decisions regarding effort allocations, sub-contract negotiations and purchasing.

Supervisory Responsibilities:  This position may include supervision of one of more Project Administrators.

 

Job Functions and Responsibilities:

30%     Initiating, planning, executing, monitoring/controlling, and coordinating major technical projects and their related activities.

30%     Administer and support users of MS Project and other project management tools.

30%     Develop, implement, and manage organizational project management initiatives.

5%       Contributing to and participating in business development, CERT management, and sponsor meetings.

5%       Develop knowledge and understanding of SEI capabilities; learning how SEI capabilities can be applied to customer problems.

100%      TOTAL EFFORT

 

Organizational Chart:  CERT Division Director < CERT/CC Technical Director < CERT/CC Deputy Technical Director < CERT/CC Project Office Director < CERT/CC Project Manager

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

30 Jul
2014
Project Manager - 100977
Arlington, VA

This position is located in Arlington, VA

Position Summary:  The CERT Division is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Division engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems. 

A CERT/CC Project Manager is a member of the CERT/CC Project Office that guides the development and execution of technical projects throughout the lifecycle.  The successful candidate will work closely with PMO Manager to plan and establish organizational project management processes to achieve needs of different departments within the CERT/CC.  The candidate will: develop project management processes and create improvement plans to meet business and project needs, perform administrative and PM duties in the Microsoft Project Server and related Project Site SharePoint environments, and be responsible for the management and completion of projects.  Activities will include oversight of all aspects of projects, setting deadlines, assigning responsibilities, monitoring progress, and producing reports for management.

Responsibilities:

  • CERT/CC Project Office
    • Develop systematic management of projects in alignment with the organization’s strategic business goals
    • Define and implement organizational project management processes and mature existing processes
    • Perform maturity assessments and create improvement plans
    • Develop project management tracking systems
  • Project Management
    • Define and control scope
    • Develop WBS, produce and manage schedule
    • Work with Technical Leads to produce cost estimates, schedules and financial reporting artifacts
    • Assist in managing the activities of non-organic employees and subcontractors who serve on the project team to ensure completion and acceptance of deliverables
    • Coordinate and perform resource allocation and leveling among competing priorities across the organization.
    • Assemble project plans and, in conjunction with the technical lead, direct and monitor the work
    • Resolve or escalate risks related to cost, quality, and schedule
    • Responsible for reporting progress, status, and issues to CERT/CC and government program managers.
  • Project Tools Administrator
    • Support users unfamiliar with tools
    • Perform troubleshooting
    • Backup and restore
    • Manage MSP PWA and Project Site security
    • Perform Time and Task Management
    • Develop custom Business Intelligence reports (SQL)
    • Manage internal project information maintained in Atlassian Confluence, JIRA, and RMsis.

Minimum Qualifications and Requirements:

Education/Training:   MBA or MS in Computer Science, Software Engineering, Information Systems or related field or combination of training and experience.

Licenses:   Project Management Professional (PMP).

Experience:  Designing, developing, or implementing information technology projects for government clients; exceptional interpersonal and technical writing skills; developing organizational project management processes and tools infrastructure. Candidate should have five to seven (5-7) years of project management experience with customer-focused technology projects such as product or service development, research and development or technical transition.

Skills/Abilities:   Working knowledge of Microsoft Project Server; analytical and technical problem-solving skills; possess strong customer service skills; motivated to tackle challenging problems; excellent organizational skills; communicate effectively within a team environment.

Physical Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI and Carnegie Mellon community, customer sites, conferences, and offsite meetings with some frequency.

Environmental Conditions:  Normal office conditions, close contact with computer for prolonged periods of time.

Mental: Ability to work under pressure and changing priorities; pay attention to detail; meet inflexible deadlines; deal with difficult individuals while maintaining composure.

Other:  U.S. Citizenship is required.  Applicants will be subject to a security investigation and must meet eligibility requirements for access to classified information, and must be able to pass a background investigation.  Apllicants must be willing to travel to a customer site in the Washington D.C. / Northern Virginia metro area. Candidate will be required to travel on overnight assignments.

 

Accountability: The Individual is accountable for:  accurately capturing project requirements and managing projects through the lifecycle; working closely with technical project leads and CERT/SEI financial managers to ensure projects are accurately represented, managed and controlled.

Direction:  Performs under minimal supervision, independent judgment is encouraged.  Most normal duties and responsibilities are handled independently with the use of established procedures and policies.  Difficult or unique situations are referred to the supervisor.

Decisions:  Accurately represents the program and individual projects in interactions with internal branches, customers and sponsors.  The individual is expected to participate in the decision-making and problem-solving processes surrounding building accurate project plans, understanding the SEI financial system and making CERT/CC decisions regarding effort allocations, sub-contract negotiations and purchasing.

Supervisory Responsibilities:  This position may include supervision of one of more Project Administrators.

 

Job Functions and Responsibilities:

30%     Initiating, planning, executing, monitoring/controlling, and coordinating major technical projects and their related activities.

30%     Administer and support users of MS Project and other project management tools.

30%     Develop, implement, and manage organizational project management initiatives.

5%       Contributing to and participating in business development, CERT management, and sponsor meetings.

5%       Develop knowledge and understanding of SEI capabilities; learning how SEI capabilities can be applied to customer problems.

100%      TOTAL EFFORT

 

Organizational Chart:  CERT Division Director < CERT/CC Technical Director < CERT/CC Deputy Technical Director < CERT/CC Project Office Director < CERT/CC Project Manager

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

Apply for Positions

To apply for open positions visit Careers at the Software Engineering Institute.

Accessibility Needs for Applicants, Students and Visitors

Carnegie Mellon University makes every effort to provide physical and programmatic access individuals with disabilities. If you require an accommodation to participate in any part of the employment process, please contact Disability Resources by emailing access@andrew.cmu.edu or calling 412-268-3930.

Carnegie Mellon University considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.