CERT
 
CERT Contact Information CERT Statistics Meet CERT Publications by CERT Staff Presentations by CERT Staff Employment Opportunities
 

Job #5807 - Information and Infrastructure Security Analyst

SUMMARY

The CERTŪ Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERTŪ Program engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.

The individual in this position will work as a member of the Resiliency Enterprise Management team within the CERT Program. The REM team develops solutions (in the form of frameworks, models, tools, policy, practices, technical guidance, etc.) that allow organizations to identify, analyze, and manage organizational, operational, and technical risks to mission-critical assets, processes, systems, and infrastructures. The candidate will conduct applied research in assessments, diagnostics, and analysis techniques to better understand and mitigate risks to critical business processes, systems, and infrastructures. Activities will include close work with customers from a variety of organizations, including government agencies and commercial organizations.

ESSENTIAL FUNCTIONS

  1. Analyze malicious code
  2. Develop packaging, documentation, and training
  3. Provide outreach and direct customer support
  4. Applied research and development
  5. Improve systems and tools

MINIMUM QUALIFICATIONS

Education/Training: BS in computer science, software engineering, information systems, or a related technical field with eight (8) years experience or equivalent; MS in computer science or scientific/technical field with five (5) years experience; Ph.D with three (3) years experience. We will consider other educational backgrounds of a technical nature with experience as described.

Experience: Professional experience listed above as a system or network administrator, software engineer, information systems analyst, database administrator or similarly technical occupation.

Skills/Abilities:

Must have the following abilities and skills

  • understanding of information technology and telecommunications systems
  • working knowledge of network interoperability, security, and survivability issues
  • working knowledge of DHS critical infrastructure sectors and related security and resiliency issues
  • knowledge of and experience with engineering and best practices for information security
  • experience in the development and delivery of information and infrastructure security risk and vulnerability evaluations
  • ability to conduct analytical studies and investigations
  • understanding of statistical analysis uses
  • written and oral communication skills
  • ability to prepare papers and presentations for technical and non-technical audiences
  • reasoning and problem-solving skills
  • ability to work independently with limited supervision
  • ability to recognize and deal appropriately with confidential and sensitive information
  • project management or project team experience
  • leadership and mentoring skills
  • contribute to conferences and meetings
  • contribute to customer presentations and technology transfer activities
  • participate in professional society activities

OTHER

Physical/Mobility: Primarily sedentary in an office setting with some mobility. Ability to travel to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings with some frequency.

Environmental Conditions: close contact with computer for extended periods of time

Mental: strong interest in the human, managerial, and technical aspects of networked information security is critical for this position; ability to take or share leadership role in technical projects; ability to identify and assess potential threats and vulnerabilities and formulate risk; work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks - sometimes under pressure and with shifting priorities; ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort, ability to develop and communicate innovative ideas; ability to demonstrate initiative and to quickly learn new procedures, techniques, approaches, etc.

Strong interest in security and critical infrastructure analysis R&D; Candidate must have the ability to pass a background investigation, obtain a security clearance, and be a US citizen.

PREFERRED QUALIFICATIONS

Education/Training: MS in computer science or scientific/technical field with five (5) years experience; Ph.D with three (3) years experience.

Licenses: CISSP, CISM, GIAC, or similar

Experience:

  • experience in both physical and cyber aspects of security; familiarity with resiliency concepts
  • familiarity with process improvement models such as CMMI or SixSigma, TQM, ISO9000
  • working in a team environment on collaborative projects in critical infrastructure sectors involving network, system or data security
  • experience employing software engineering techniques in designing and developing distributed, secure software, and experience with / knowledge of any of the following
    • system administration
    • networking
    • firewalls, intrusion detection systems, and other security technologies
    • application development/programming
    • relational databases

Skills/Abilities

  • leadership and mentoring skills
  • information security standards (federal, industrial, and international)
  • knowledge of information security/survivability analysis techniques
  • working knowledge of systems dynamic modeling techniques and modeling applications and tools
  • experience with statistics
  • project management experience


Resumes from recruiting firms will not be accepted.

To apply please go to
Careers@CarnegieMellon

Carnegie Mellon is an Affirmative Action/Equal Opportunity Employer.

The Software Engineering Institute (SEI) is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University.

CERT® and CERT Coordination Center® are registered in the U.S. Patent and Trademark Office.

This page was last updated July 02, 2009