Job # 8978 - Senior Risk and Vulnerability Assessment Security Analyst
The goal of the Enterprise Threat and Vulnerability Management (ETVM) team is to assist organizations in improving their security posture and incident response capability by researching threat areas; developing information security assessment methods and techniques; and providing information, solutions and training for preventing, detecting, and responding to illicit activity. ETVM team members are domain experts in threat analysis, cyber security assessments and incident response. Team capabilities include threat analysis and modeling; development of security metrics and assessment methodologies; and creation and delivery of training, courses, and workshops. The selected individual will participate in two principal areas of work in ETVM: performing security assessments for U.S. Government agencies and industry representatives, and researching and developing new assessment tools. Security assessments entail conducting on-site technical assessments, pre- and post-assessment analysis, preparation of technical reports and briefings to customers. Research includes development of tools, scripts, methodologies and other assessment products for vulnerability assessment, penetration testing, and assessing operational threats.
Education/Training: BS in computer science, software engineering, information systems, or a related technical field with ten (10) years' experience or equivalent.
Experience: Experience as a system or network security tester, software engineer, information systems security analyst or similarly technical occupation.
Physical/Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites and various critical infrastructure sites.
Environmental Conditions: Close contact with CRT for long periods of time.
Mental: Ability and interest in addressing security issues in a holistic manner, addressing both organizational and technical policies and practices; as well as behavioral and organizational issues; ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; ability to understand information security risks associated with vulnerability and penetration testing; ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff.
Other: Candidate must have the ability to pass a background investigation, obtain a Top Secret security clearance, and be a U.S. citizen.
Résumés from recruiting firms will not be accepted.
To apply please go to
Carnegie Mellon is an Affirmative Action/Equal Opportunity Employer.
The Software Engineering Institute (SEI) is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University.
CERT® and CERT Coordination Center® are registered in the U.S. Patent and Trademark Office.
This page was last updated Monday, 19-Mar-2012 14:03:33 EDT