CERT
search  


 
CERT Contact Information Meet CERT Employment Opportunities
 

Job # 8978 - Senior Risk and Vulnerability Assessment Security Analyst

SUMMARY

The goal of the Enterprise Threat and Vulnerability Management (ETVM) team is to assist organizations in improving their security posture and incident response capability by researching threat areas; developing information security assessment methods and techniques; and providing information, solutions and training for preventing, detecting, and responding to illicit activity. ETVM team members are domain experts in threat analysis, cyber security assessments and incident response. Team capabilities include threat analysis and modeling; development of security metrics and assessment methodologies; and creation and delivery of training, courses, and workshops. The selected individual will participate in two principal areas of work in ETVM: performing security assessments for U.S. Government agencies and industry representatives, and researching and developing new assessment tools. Security assessments entail conducting on-site technical assessments, pre- and post-assessment analysis, preparation of technical reports and briefings to customers. Research includes development of tools, scripts, methodologies and other assessment products for vulnerability assessment, penetration testing, and assessing operational threats.

ESSENTIAL FUNCTIONS

  1. Perform onsite security assessments. Travel to customer sites is required.
  2. Participate in the development and delivery of security analysis and risk assessment approaches with customers and partners; participate in research, analysis, and documentation of physical/cyber security vulnerabilities at critical infrastructure sites.

MINIMUM QUALIFICATIONS

Education/Training: BS in computer science, software engineering, information systems, or a related technical field with ten (10) years' experience or equivalent.

Licenses/Certifications: N/A

Experience: Experience as a system or network security tester, software engineer, information systems security analyst or similarly technical occupation.

Skills/Abilities: System administration and network administration skills and familiarity with Windows, UNIX, LINUX operating systems; knowledge of TCP/IP networking and standard protocols (FTP, SMTP, HTTP, SNMP, etc.); knowledge of common attack methodologies; common types of security vulnerabilities; proficiency in the use of manual and automated techniques for scanning and enumeration, vulnerability discovery, and penetration testing of networks, applications, operating systems, databases, and email systems; proficiency in the use of spreadsheets and word processing; proficiency in the use of relational databases, web servers, web app platforms and web services; development using Java, Python, Ruby, Perl, SQL (MySQL, Oracle), XML, C/C++, Javascript and/or other scripting languages; working knowledge of network security and survivability/resiliency issues; ability to conduct analytical studies on large amounts of data; outstanding written and oral communication skills; demonstrated ability to prepare papers and presentations for technical and non-technical audiences; reasoning and problem-solving skills; ability to work independently with limited supervision; ability to recognize and deal appropriately with confidential and sensitive information; participate in conferences and meetings; contribute to customer presentations and technology transfer activities; strong interest in vulnerability assessment R&D; ability to create instructional materials and conduct training.

OTHER

Physical/Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites and various critical infrastructure sites.

Environmental Conditions: Close contact with CRT for long periods of time.

Mental: Ability and interest in addressing security issues in a holistic manner, addressing both organizational and technical policies and practices; as well as behavioral and organizational issues; ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; ability to understand information security risks associated with vulnerability and penetration testing; ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff.

Other: Candidate must have the ability to pass a background investigation, obtain a Top Secret security clearance, and be a U.S. citizen.

 

Résumés from recruiting firms will not be accepted.
To apply please go to
Careers@CarnegieMellon
Carnegie Mellon is an Affirmative Action/Equal Opportunity Employer.

The Software Engineering Institute (SEI) is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University.

CERT® and CERT Coordination Center® are registered in the U.S. Patent and Trademark Office.

This page was last updated Monday, 19-Mar-2012 14:03:33 EDT