CERT
 
CERT Contact Information CERT Statistics Meet CERT Publications by CERT Staff Presentations by CERT Staff Employment Opportunities
 

Job #5718 - Computer Security Information Analyst

CERT Coordination Center

SUMMARY

The successful candidate will be responsible for performing tasks related to analyzing computer security incident information from a wide variety of sources, conducting technical analysis of incidents and other security threats, coordinating response actions, and disseminating technical information as appropriate in support of the protection of national and economic security, the defense industrial base, and our critical infrastructure assets.

ESSENTIAL FUNCTIONS

Conducting technical investigation of computer security incidents, including forensic analysis and coordinating incident response activities. Review threat data from various sources, including appropriate Intelligence databases, to establish identity modus operandi, and credible threat picture of hackers active in DoD and defense industrial base networks. Correlate data into standardized reports. Develop cyber threat profiles. Produce cyber threat assessments based on entity threat analysis. Coordinate cyber threat tracking with partner and counterpart organizations. Recommend courses of action based on analysis of both general and specific threats. Deliver reports, briefings, and assessments to leadership, facilitating understanding of cyber threat entities and environments. Support information assurance and cyber threat mitigation decision-making.

Working on site with sponsors, collaborators, and customers to help them with incident analysis, improving their incident analysis processes and capabilities, and facilitating collaboration amongst the various stakeholders.

QUALIFICATIONS

Education/Training: BS in Computer Science Information Science, Information Systems Management with eight years applicable experience or MS in Computer Science, Information Technology with five years applicable experience

Experience: Candidate should have strong technical, communication, and problem solving skills. Candidate should have advanced computer security incident handling and analysis in Windows and Unix/Linux environments, including hands-on incident analysis experience. The candidate must have hands-on incident analysis experience beyond interpreting the results and alerts from an intrusion detection system, and routing those alerts to technical staff for investigation.

Should be able to demonstrate knowledge in the following areas:

  • core Internet protocols (e.g., IP, TCP, UDP, BGP, DNS, HTTP, SMTP)
  • common attack methodologies
  • common types of security vulnerabilities
  • basic computer security forensics
  • administering and maintaining a small network
  • theoretical underpinnings of computer security

as well as experience with

  • matching incident activity with known threats, vulnerabilities and malicious code
  • communicating complex technical issues to non-technical audiences
  • understanding and managing risk in large enterprise infrastructures.
  • developing strategies to defend systems and networks from attacks

 

Skills/Abilities: Successful candidates will

  • possess excellent analytical and technical problem-solving skills
  • have a strong interest in and possess basic knowledge of network and computer security issues
  • be able to make decisions independently and in a self-directed manner in support of the goals of the team and organization
  • be motivated to tackle challenging problems
  • have excellent organizational skills
  • be able to work meticulously with careful attention to detail
  • strong customer service skills
  • ability to work in a team environment with other team members with variety of skills
  • ability to work remotely at a customer site with minimal direct supervision
  • recognize and deal appropriately with confidential and sensitive information
  • interact effectively with technical and non-technical audiences via both verbal and written communications (e.g., technical writing, user guide development, requirements analysis)
  • be able to quickly learn new procedures, techniques, and approaches

OTHER

Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings with some frequency

Environmental Conditions: Normal office conditions; however close contact with computer for prolonged periods of time

Mental: Ability to work under pressure; pay attention to detail; meet inflexible deadlines; deal with difficult individuals while maintaining composure

Other: Candidate must be able to pass a background investigation, obtain a TS/SCI security clearance, and be a US citizen. Candidate will be required to travel on overnight assignments.

PREFERRED QUALIFICATIONS

Education/Training: MS in Computer Science Information Science, Information Systems Management with five years applicable experience

Licenses: Certified Information Systems Security Professional (CISSP) or similar certification is desired

Experience: Ideal candidates will have experience or substantial knowledge in many of the following areas:

Candidates should have 3-5 of experience in security aspects of system and/or network administration in a U.S. government agency or U.S. Defense Contractor environment and/or 5 years of experience as a cyber (technical) analyst in an intelligence, counterintelligence or law enforcement role.

Experience drafting and formatting technical threat intelligence reports and conduct correlating research using multiple formatted and unformatted data sources.

Experience developing materials for senior leadership in government or industry.

Experience developing and implementing information security policies and standard operating procedures.

Advanced understanding of security vulnerabilities.

Advanced understanding of network traffic/flow analysis.

Practical network security training (e.g. SANS GIAC Level 2 courses, CCNP, CCIE Security)

Advanced forensic or digital media analysis experience.

Skills/Abilities: Preferred candidates will

  • have the ability to adjust quickly to shifting priorities and make quick decisions with limited information

Languages: Preferred candidates will be fluent in a foreign language.

  • Chinese
  • Arabic
  • Japanese
  • Spanish

Resumes from recruiting firms will not be accepted.

To apply please go to
Careers@CarnegieMellon

Carnegie Mellon is an Affirmative Action/Equal Opportunity Employer.

The Software Engineering Institute (SEI) is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University.

CERT® and CERT Coordination Center® are registered in the U.S. Patent and Trademark Office.

This page was last updated April 06, 2009